Acoustic Attacks in IOT Era: Risks and Mitigations
Pages 13 - 19
Abstract
Usage of Internet of Things (IoT) devices became ubiquitous. IoT is expected to be of more spread, as new ideas emerge on the level of devices and applications. Such ---Things- are smart in a manner that they are in connection with each other. Things form some sort of a collaborative network, where they communicate and share data with each other; as well, they are possibly remotely controlled. One possible way of remote control is the use of voice in the control of such devices, known as Voice Controlled Systems (VCS). Whether the IoT device is controlled by voice, or not controlled by voice, in both cases and with proven results, adversaries can perform attacks on such devices using acoustics. We address the use of acoustics in gaining control over such devices. We also address the exposed risks on victim devices, as well as the provided mitigations under the umbrella of Information Technology Infrastructure Library (ITIL) as a framework for security service management. In this paper, we propose a holistic and novel framework based on ITIL that addresses -to the best of our knowledge- the possible risks of acoustic attacks and the possible mitigation techniques.
References
[1]
(2018). The basics about distortion in Mics. Available: https://www.dpamicrophones.com/mic-university/the-basics-about-distortion-in-mics
[2]
A. A. K. Hamed, Ahmed, 'Acoustic Attacks in the era of IoT - A survey," presented at the AICAI'19 - Amity International Conference on Artificial Intelligence, Amity Campus-Dubai 2019, DOI= https://doi.org/10.1109/AICAI.2019.8701340.
[3]
Y. Gong and C. Poellabauer, "An Overview of Vulnerabilities of Voice Controlled Systems," arXiv preprint arXiv: 1803.09156, 2018.
[4]
(2019). Importance of Hearing. Available: http://hearingmatters.com.au/about-hearing/importance-of-hearing
[5]
J. Valente and A. A. Cardenas, "Security & Privacy in Smart Toys," in Proceedings of the 2017 Workshop on Internet of Things Security and Privacy, 2017, pp. 19--24, DOI= https://doi.org/10.1145/3139937.3139947.
[6]
C.-C. Wu, P.-C. Yeh, K.-C. Huang, and P.-J. Lee, "Effects of frequency and duration of sound stimuli on hearing threshold increments among hearing-impaired individuals in Taiwan," Applied Acoustics, vol. 159, p. 107098, 2020/02/01 2020.
[7]
T. H. Brown, "Childhood hearing impairment," Paediatrics and Child Health, 2019/11/20 2019.
[8]
K. Mealings, S. Harkus, J. Hwang, J. Fragoso, K. Chung, and H. Dillon, "Hearing loss and speech understanding in noise in Aboriginal and Torres Strait Islander children from locations varying in remoteness and socio-educational advantage," Internationaljournal of Pediatric Otorhinolaryngology, vol. 129, p. 109--741, 2020/02/01/2020.
[9]
T. Sugawara, B. Cyr, S. Rampazzi, D. Genkin, and K. Fu, "Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems," ed, 2019, https://lightcommands.com/.
[10]
M. J. Crocker, Handbook of Noise and Vibration Control: John Wiley & Sons, Inc., 2007.
[11]
D. Genkin, A. Shamir, and E. Tromer, "RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis," Berlin, Heidelberg, 2014, pp. 444--461, DOI= https://doi.org/10.1007/978-3-662-44371-2_25.
[12]
"Ear disease," in Britannica, ed: Britannica Academic, Encyclopædia Britannica, 2016, https://academic.eb.com/levels/collegiate/article/ear-disease/109530?opensearch=Effects%20of%20Noise%20on%20Hearing.
[13]
"Occupational disease," in Britannica, ed: Britannica Academic, Encyclopædia Britannica, 2011, https://academic.eb.com/levels/collegiate/article/occupational-disease/108516?opensearch=Effects%20of%20impact%20noise%20on%20the%20hearing%20of%20military%20personnel.
[14]
T. Trippel, O. Weisse, W. Xu, P. Honeyman, and K. Fu, "WALNUT: Waging doubt on the integrity of mems accelerometers with acoustic injection attacks," in Security and Privacy (EuroS&P), 2017 IEEE European Symposium on, 2017, pp. 3--18, DOI= https://doi.org/10.1109/EuroSP.2017.42.
[15]
W. W. Clark and B. A. Bohne, "Effects of noise on hearing," JAMA, vol. 281, pp. 1658--1659, 1999.
[16]
Y. Son, H. Shin, D. Kim, Y.-S. Park, J. Noh, K. Choi, et al., "Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors," 2015, https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/son.
[17]
A. K. Sikder, G. Petracca, H. Aksu, T. Jaeger, and A. S. Uluagac, "A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications," arXiv preprint arXiv.1802.02041, 2018.
[18]
A. B. Heupa, C. G. O. Gonçalves, and H. Coifman, "Effects of impact noise on the hearing of military personnel," Brazilian Journal of Otorhinolaryngology, vol. 77, pp. 747--753, 2011.
[19]
Y. R. Maimun, "The microphone array sensor attack on keyboard acoustic emanations: Side-channel attack," in 2017 International Conference on Information Technology Systems and Innovation (ICITSI), 2017, pp. 261--266, DOI= https://doi.org/10.1109/ICITSI.2017.8267954.
[20]
M. Shahrad, A. Mosenia, L. Song, M. Chiang, D. Wentzlaff, and P. Mittal, "Acoustic Denial of Service Attacks on HDDs," arXiv preprint arXiv: 1712.07816, 2017.
[21]
A. Faruque, M. Abdullah, S. R. Chhetri, A. Canedo, and J. Wan, "Acoustic side-channel attacks on additive manufacturing systems," in Proceedings of the 7th International Conference on Cyber-Physical Systems, 2016, p. 19, DOI= https://doi.org/10.1109/ICCPS.2016.7479068.
[22]
D. Howell. (2016). How voice recognition can be a major asset for your business. Available: https://www.techradar.com/news/software/applications/how-voice-recognition-can-be-a-major-asset-for-your-business-1321534
[23]
(2018). Why Hearing is Important. Available: https://androsaudiology.com/why-hearing-is-important/
[24]
B. de Mayo, "The ear," in The Everyday Physics of Hearing and Vision, ed: Morgan & Claypool Publishers, 2015, pp. 2-1-2-13, DOI= https://doi.org/10.1088/978-1-6270-5675-5ch2.
[25]
D. Fink, "85 dB is Not a Safe Noise Level to Prevent Hearing Loss," The Hearing Journal, vol. 72, pp. 26--27, 2019.
[26]
"Human ear," in Encyclopædia Britannica, ed: Britannica Academic, Encyclopædia Britannica, 2017, https://academic.eb.com/levels/collegiate/article/humanear/109529.
[27]
S. Dora, F. Sandra, and B. Belem, "An Overview on IoT and Its Impact on Marketing," in Smart Marketing With the Internet of Things, S. Dora, B. Belem, and F. Sandra, Eds., ed Hershey, PA, USA: IGI Global, 2019, pp. 1--20.
[28]
S. Fukuda, "IoT Creates an Integrated World of Physical and Life Science," in Emotional Engineering, Vol.7: The Age of Communication, S. Fukuda, Ed., ed Cham: Springer International Publishing, 2019, pp. 1--14.
[29]
(2015). Define IoT. Available: https://iot.ieee.org/definition.html
[30]
A. Rayes and S. Salam, "IoT Services Platform: Functions and Requirements," in Internet of Things From Hype to Reality: The Road to Digitization, ed Cham: Springer International Publishing, 2019, pp. 181--209.
[31]
J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, "A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications," IEEE Internet of Things Journal, vol. 4, pp. 1125--1142, 2017.
[32]
A. H. Ngu, M. Gutierrez, V. Metsis, S. Nepal, and Q. Z. Sheng, "IoT Middleware: A Survey on Issues and Enabling Technologies," IEEE Internet of Things Journal, vol. 4, pp. 1--20, 2017.
[33]
J. Rowley, "The wisdom hierarchy: representations of the DIKW hierarchy," Journal of information science, vol. 33, pp. 163--180, 2007.
[34]
P. P. Ray, "A survey on Internet of Things architectures," Journal of King Saud University - Computer and Information Sciences, vol. 30, pp. 291--319, 2018/07/01 2018.
[35]
J. Bardzell, S. Bardzell, and S.-Y. Liu, "Beautifying IoT: The Internet of Things as a Cultural Agenda," in Social Internet of Things, A. Soro, M. Brereton, and P. Roe, Eds., ed Cham: Springer International Publishing, 2019, pp. 3--21.
[36]
(2019). What is ITIL? Your guide to the IT Infrastructure Library. Available: https://www.cio.com/article/2439501/infrastructure-it-infrastructure-library-itil-definition-and-solutions.html
[37]
R. Jašek, L. Králík, and M. Popelka, "ITIL® and information security," in AIP Conference Proceedings, 2015, p. 550020, DOI= https://doi.org/10.1063/L4912775.
[38]
E. Vinietta, I. Y. M. Edward, and W. Shalannanda, "Secured communication service strategic planning using itil v3 framework case study: X service," in 2016 2nd International Conference on Wireless and Telematics (ICWT), 2016, pp. 47--50, DOI= https://doi.org/10.1109/ICWT.2016.7870850.
[39]
I. K. Raharjana, S. Susmiandri, and A. Justitia, "Applying IT Services Business Relationship Management on Security Outsource Company," in 2018 5th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), 2018, pp. 426--431, DOI= https://doi.org/10.1109/EECSI.2018.8752668.
[40]
Y. Wu, K. Guo, P. Xu, and Z. Li, "Equipment Acquisition Information Service Management," Berlin, Heidelberg, 2011, pp. 951--956, DOI= https://doi.org/10.1007/978-3-642-21747-0_123.
[41]
Y. Bounagui, A. Mezrioui, and H. Hafiddi, "Toward a unified framework for Cloud Computing governance: An approach for evaluating and integrating IT management and governance models," Computer Standards & Interfaces, vol. 62, pp. 98--118, 2019.
[42]
F. Bustamante, W. Fuertes, P. Díaz, and T. Toulkeridis, "Integration of IT frameworks for the management of information security within industrial control systems providing metrics and indicators," in 2017 IEEE XXIV International Conference on Electronics, Electrical Engineering and Computing (INTERCON), 2017, pp. 1--4, DOI= https://doi.org/10.1109/INTERCON.2017.8079672.
[43]
P. Radanliev, R. M. Montalvo, S. Cannady, R. Nicolescu, D. De Roure, J. R. Nurse, et al., "Cyber Security Framework for the Internet-of-Things in Industry 4.0," 2019.
Index Terms
- Acoustic Attacks in IOT Era: Risks and Mitigations
Recommendations
Distributed denial of service attacks and its defenses in IoT: a survey
AbstractA distributed denial of service (DDoS) attack is an attempt to partially or completely shut down the targeted server with a flood of internet traffic. The primary aim of this attack is to disrupt regular traffic flow to the victim’s server or ...
DDoS attacks in Industrial IoT: A survey
AbstractAs the IoT expands its influence, its effect is becoming macroscopic and pervasive. One of the most discernible effects is in the industries where it is known as Industrial IoT (IIoT). IIoT provides automated, comprehensive, regressive and easy-...
Comments
Information & Contributors
Information
Published In
September 2020
93 pages
ISBN:9781450375276
DOI:10.1145/3429523
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 November 2020
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
CCIOT 2020
CCIOT 2020: 2020 5th International Conference on Cloud Computing and Internet of Things
September 22 - 24, 2020
Okinawa, Japan
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 103Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)1
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in