Sensor Defense In-Software (SDI): Practical software based detection of spoofing attacks on position sensors

https://doi.org/10.1016/j.engappai.2020.103904Get rights and content

Abstract

Position sensors, such as the gyroscope, the magnetometer and the accelerometer, are found in a staggering variety of devices, from smartphones and UAVs to autonomous robots. Several works have shown how adversaries can mount spoofing attacks to remotely corrupt or even completely control the outputs of these sensors. With more and more critical applications relying on sensor readings to make important decisions, defending sensors from these attacks is of prime importance.

In this work we present practical software based defenses against attacks on two common types of position sensors, specifically the gyroscope and the magnetometer. We first characterize the sensitivity of these sensors to acoustic and magnetic adversaries. Next, we present two software-only defenses: a machine learning-based single sensor defense, and a sensor fusion defense which makes use of the mathematical relationship between the two sensors. We performed a detailed theoretical analysis of our defenses, and implemented them on a variety of smartphones, as well as on a resource-constrained IoT sensor node. Our defenses do not require any hardware or OS-level modifications, making it possible to use them with existing hardware. Moreover, they provide a high detection accuracy, a short detection time and a reasonable power consumption.

Introduction

Many electronic devices, such as smartphones and sensor nodes, are equipped with position sensors. These sensors are capable of measuring the position, orientation and motion of the device in three-dimensional space. We rely on these sensors for increasingly sensitive tasks including authentication (Conti et al., 2011, Lee and Lee, 2016), navigation (Li et al., 2012), and health monitoring (Ellis et al., 2015). This paper focuses on two widely used sensors: the gyroscope, which measures a device’s angular momentum, or rate of rotation, and the magnetometer, which measures a device’s orientation with respect to the magnetic field of the Earth.

Several recent works have shown how the readings of these sensors can be spoofed by applying an external acoustic stimulus to the device or its surroundings (Trippel et al., 2017, Tu et al., 2018). The spoofed output of a sensor does not reflect the device’s actual rotation or orientation; instead, the output is overwritten by artificial values which are either randomly corrupted or completely controlled by the attacker. Sensor spoofing attacks on smartphones are already being used for malicious purposes. For example, the online publication Sixth Tone reported on June 2018 that Chinese university students, who are required to reach at least 10,000 steps per day as part of their fitness requirement, use a variety of devices called “WeRun Boosters” to spoof the motion sensors on their smartphones, generating 6000 to 7000 steps on a smartphone per hour (Yujie, 2018). The risks associated with sensor spoofing will only grow as the amount of sensitive applications relying on these sensors increases. For example,  Wang et al. (2016) and  Reinertsen et al. (2017) proposed to use sensor measurements to assess the severity of illness of patients with schizophrenia. Sensor spoofing attacks, when applied to this scenario, may erroneously cause a person to be hospitalized in a psychiatric ward.

While several papers have discussed sensor spoofing, few of them have discussed the prevention of these attacks, a gap we wish to address in this work. One of the main limitations of many defenses against sensor spoofing is that they either require changes to the sensor hardware or to the low-level firmware used to interface it to the phone’s CPU. Since position sensors are typically highly integrated low cost devices with a relatively long development cycles, such modifications are difficult to apply to hardware already deployed in the field, and are hard to justify from a system integration standpoint. While software-based anomaly detection mechanisms have been proposed for other types of sensor systems, such as wireless sensor networks (de Lima Pinto et al., 2018), they typically did not consider a malicious adversary but only a random fault model.

Our Contribution:In this paper we propose two software-based defense methods against acoustic and magnetic attacks on a device’s gyroscope and magnetometer. Our first defense method, SDI-1, uses machine learning to detect anomalies in the output of a single sensor. This defense method can detect sensor corruption attacks, but cannot detect cases where a more powerful adversary can force the sensor to output a spoofed but valid reading. Our second defense method, SDI-2, applies sensor fusion to compare the readings of multiple sensors measuring a similar type of motion. This method can potentially protect against a more powerful sensor spoofing adversary, as long as this adversary cannot control the entire set of sensors available on the device. Specifically, in this paper we present single-sensor defenses for acoustic attacks on the gyroscope and for magnetic attacks on the magnetometer. We also present a sensor fusion based defense combining the gyroscope and the magnetometer, as shown in Fig. 1. We describe the physical and mathematical relationship between expected sensor readings, and show how the defender can measure deviations between the two sensors to detect an attack. We implemented our defenses on multiple smartphones from different vendors, as well as on a resource-constrained IoT node, in each case measuring the accuracy, detection time and power usage of our defenses. The main advantage of these defenses are that they are purely software based, and can therefore be deployed on many types of devices without any hardware modification.

Document Structure: We begin by describing the spoofing attacks on the MEMS gyroscope and magnetometer. In Section 2 we describe SDI-1, a machine learning-based single sensor defense, and SDI-2, a sensor fusion-based single sensor defense, and show how they can protect against acoustic and magnetic attacks on the gyroscope and on the magnetometer respectively. In Section 3 we perform a practical evaluation of our defense methods. Finally, in Section 4 we discuss defenses for another type of sensor, the accelerometer, and conclude by discussing further applications of sensor fusion and its improvements.

A smartphone’s various position sensors are used to measure the phone’s position and motion in space along the six axes of motion (or six degrees of freedom). The measurements of the device’s sensors are generally provided in the device’s frame of reference: a Cartesian coordinate system with coordinates attached to the device. This coordinate system is rotated with respect to the world’s frame of reference, which is a standard static coordinate system. Of the six degrees of freedom, three coordinates (X, Y, and Z) are used to describe the phone’s position and linear motion in space, while the three other coordinates (ρ, ϕ and θ, or pitch, roll and yaw) are used to describe the phone’s Cartesian axes orientation with respect to the world’s frame of reference and its rotational motion.

The gyroscope is a MEMS-based sensor which measures the device’s angular velocity in units of radian per second. As described in Son et al. (2015), microelectromechanical systems (MEMS) gyroscopes typically contain a small mass moving back and forth at a constant frequency. As the phone is rotated, the Coriolis effect acts on this moving mass and causes it to vibrate with an amplitude that is directly related to the angular rotation rate. The modulated vibration amplitude is then converted to voltage, typically by a capacitive or piezo-electric sensor.

The magnetometer, or compass, measures the direction and magnitude of the ambient magnetic field around the device, in units of microtesla. As described in Jiang et al. (2014), virtually all smartphones use a Hall effect magnetometer, which works by detecting the voltage differential induced by the Hall effect across a thin metallic surface in response to a magnetic field perpendicular to the surface. The magnetic field measured by the phone field is typically a combination of the Earth’s magnetic field, which points more or less to the north, and additional magnetic sources in the vicinity of the phone, such as iron beams, electric motors or induction coils. As long as the phone stays in the same place and the additional magnetic sources stay constant over time, the magnetometer’s reading will point to the same direction in the world’s reference frame, even when the phone is rotated. Other common position sensors include the accelerometer, which measures the linear acceleration of the device, and the GPS sensor, which measures the location of the device on Earth.

As mentioned in the previous section, MEMS gyroscopes contain a small moving mass. As shown in Tu et al. (2018) and Son et al. (2015), they are vulnerable to acoustic attacks, in which the sensor is subjected to external vibrations with the sensor’s mechanical resonant frequency. When the moving mass inside the sensor is stimulated by this acoustic signal, it begins vibrating with a high amplitude. This prevents the sensor from interacting with the environment, allowing its reading to be controlled by the attacker. In other words, a high-frequency audio signal at a specific frequency can bring these sensors into a state of resonance, corrupting their outputs. The source of the disruptive signal can be an external device situated next to the phone, or even the phone’s own speaker (Block et al., 2017).

Acoustic attacks on MEMS-based gyroscopes and accelerometers were first presented by Son et al. (2015) in the context of drones, and later shown by Trippel et al., 2017, Farshteindiker et al., 2016 to be applicable to smartphone sensors as well. Tu et al. (2018) performed a comprehensive evaluation of out-of-band signal injection methods to deliver adversarial control of embedded MEMS inertial sensors on a wide variety of devices including self balancing scooters, stabilizers, smartphones, VR headsets and other similar devices. Similarly, an adversary equipped with a magnetic coil is able to spoof the outputs of the magnetometer, an effect put to productive use in Jiang et al. (2014). Recognizing the increasing risk caused by current and emerging sensor spoofing attacks, the Industrial Control Systems Cyber Emergency Response Team of the U.S. Department of Homeland Security (ICS-CERT) stated recently that it considers position sensor attacks as a “threat to critical infrastructure” (U. CERT, 2017).

Generally speaking, there are two types of spoofing attacks: corruption attacks, which we refer to as sensor rocking attacks (following the nomenclature of Son et al. (2015)) and rewriting attacks, which we refer to as sensor rolling attacks (for reasons of symmetry). Sensor rocking attacks replace the sensor readings with arbitrary corrupted values which are unrelated to the external environment. For example, the attacker can replace the sensor signal with a high frequency sine wave or random noise. While the attacker cannot control the shape of this corrupted signal, the attacker can turn the disruptive signal on and off at will. In fact, Farshteindiker et al. (2016) and Jiang et al. (2014) used this ability as a data transmission mechanism. Sensor rolling attacks are a stronger class of attack, in which the attacker completely replaces the sensor readings with values of their choosing. Since the attacker can create any sensor readings including replaying previous readings, defense methods that detect anomalies will not be effective against rolling attacks.

In this work, we replicate two types of acoustic attacks on the gyroscope, as shown in Farshteindiker et al. (2016) and Tu et al. (2018), to collect data and test our defense methods. While Farshteindiker et al. (2016) used a piezoelectric speaker kept in close proximity to the phone, Tu et al. (2018) used regular speakers connected to an amplifier to attack the gyroscope from a distance. Both attacks work by using the sensor’s mechanical resonant frequency. To spoof the magnetometer, we used a solenoid connected to a waveform generator as magnetic field source, similar to the methods of Shoukry et al. (2013). The high sensitivity of the magnetometer makes it extremely vulnerable to the presence of any external magnetic field, sometimes even to the magnet in the phone’s own speaker (W3C, 2018).

Section snippets

Defense methods

In this work we implement and evaluate two purely software-based approaches for sensor spoofing detection. The first approach, SDI-1, uses machine learning techniques applied to sensor output to detect anomalies. The second approach, SDI-2, is a novel fusion-based detector which works by examining multiple sensor outputs. Since these defenses apply signal processing and machine learning, it is important to examine the resource consumption of the defense methods, both in terms of processing time

Evaluation

We evaluated the defenses for the gyroscope by first reproducing the two acoustic attacks on the gyroscope as mentioned in Farshteindiker et al. (2016) and Tu et al. (2018). To reproduce the attack of Farshteindiker et al. (2016), we used a PUI Audio APS2509S-T-R piezoelectric transducer connected to a Picoscope 2206BMSO supported by Picoscope software v6.13.7.707 used as a waveform generator. To reproduce the attack in Tu et al. (2018), we used a 4 × 2 dual channel PUI Audio AS06608PS-2-R

Discussion

We presented two effective software-only methods for detecting acoustic and magnetic attacks on the gyroscope and the magnetometer. We developed and implemented our defenses, and performed detailed analysis on various devices under various circumstances. One of the major advantages of our defense methods is that they can be used for all kinds of devices. Although the machine learning models require data collection and training, this can be done externally, irrespective of the device, and only

CRediT authorship contribution statement

Kevin Sam Tharayil: Investigation, Formal analysis, Software, Data curation, Writing - original draft. Benyamin Farshteindiker: Conceptualization. Shaked Eyal: Software, Validation. Nir Hasidim: Methodology. Roy Hershkovitz: Software, Validation, Data Curation. Shani Houri: Software, Validation. Ilia Yoffe: Methodology, Writing - original draft. Michal Oren: Methodology, Writing - original draft. Yossi Oren: Supervision, Resources, Project administration, Funding acquisition, Writing - review &

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References (39)

  • ChenQ. et al.

    Activity recognition based on micro-doppler signature with in-home wi-fi

  • HillD.J. et al.

    Anomaly detection in streaming environmental sensor data: A data-driven modeling approach

    Environ. Model. Softw.

    (2010)
  • BlockK. et al.

    An autonomic and permissionless android covert channel

  • CaiL. et al.

    Touchlogger: inferring keystrokes on touch screen from smartphone motion

  • ChewP. et al.

    Masking failures of multidimensional sensors

  • ContiM. et al.

    Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call

  • DasA. et al.

    Tracking mobile web users through motion sensors: Attacks and defenses

  • DasA. et al.

    Smartphone fingerprinting via motion sensors: Analyzing feasiblity at large-scale and studing real usage patterns

    (2016)
  • DelporteB. et al.

    Accelerometer and magnetometer based gyroscope emulation on smart sensor for a virtual reality application

    Sensors Transducers

    (2012)
  • EllisR.J. et al.

    A validated smartphone-based assessment of gait and gait variability in parkinson’s disease

    PLoS One

    (2015)
  • FanB. et al.

    How magnetic disturbance influences the attitude and heading in magnetic and inertial sensor-based orientation estimation

    Sensors

    (2018)
  • Farshteindiker, B., Hasidim, N., Grosz, A., Oren, Y., How to phone home with someone else’s phone: Information...
  • Goldstein JrH. et al.

    Classical Mechanics

    (2001)
  • GunduzS. et al.

    A review of machine learning solutions to denial-of-services attacks in wireless sensor networks

  • IvanovR. et al.

    Attack-resilient sensor fusion for safety-critical cyber-physical systems

    ACM Trans. Embedded Comput. Syst.

    (2016)
  • JiangW. et al.

    Pulse: low bitrate wireless magnetic communication for smartphones

  • KononenkoI. et al.

    Overcoming the myopia of inductive learning algorithms with RELIEFF

    Appl. Intell.

    (1997)
  • KuneD.F. et al.

    Ghost talk: Mitigating EMI signal injection attacks against analog sensors

  • LeeW. et al.

    Implicit sensor-based authentication of smartphone users with smartwatch

  • Cited by (12)

    • Secure distributed estimation under Byzantine attack and manipulation attack

      2022, Engineering Applications of Artificial Intelligence
    • Learning-based airborne sensor task assignment in unknown dynamic environments

      2022, Engineering Applications of Artificial Intelligence
      Citation Excerpt :

      Sensor management has been widely used in many fields, such as target tracking (Hoang and Vo, 2014; Katsilieris et al., 2015), strategic location defense (Anderson and Hong, 2008; Tharayil et al., 2020), wireless sensor network (Higher, 2004; Chu et al., 2015; Shen et al., 2019; Leong et al., 2020) etc.

    • ADC-Bank: Detecting Acoustic Out-of-Band Signal Injection on Inertial Sensors

      2024, Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
    • Towards Adversarial Process Control on Inertial Sensor Systems with Physical Feedback Side Channels

      2023, CPSIoTSec 2023 - Proceedings of the 5th Workshop on CPS and IoT Security and Privacy
    • Practical Software Defense for GPS Spoofing on a Hobby UAV

      2023, Sensors S and P 2023 - Proceedings of the 1st International Workshop on Security and Privacy of Sensing Systems, Part of: SenSys 2023
    View all citing articles on Scopus
    View full text