We study how ambient energy harvesting may be used as an attack vector in the battery-less Internet of Things (IoT). Battery-less IoT devices are employed in a multitude of application scenarios, including safety-critical ones such as biomedical implants and space systems, while relying on ambient energy harvesting to power their operation. Due to extreme scarcity of energy intakes and limited energy buffers, their executions become intermittent, alternating periods of active operation with periods of recharging their energy buffer while the device is off. We demonstrate that by exerting a limited control on the ambient supply of energy to the system, one can create situations of livelock, denial of service, and priority inversion, without requiring physical access to a device. Using machine learning and concepts of approximate computing, we design a technique that can detect energy attacks with 92%+ accuracy, corresponding to a 73+% improvement in accuracy over the baselines we consider, and run on extremely resource-constrained devices by imposing a limited overhead.
翻译:我们研究了环境能量收集如何被用作无电池物联网(IoT)中的攻击向量。无电池物联网设备被应用于多种场景,包括生物医学植入物和太空系统等安全关键领域,同时依赖环境能量收集为其运行供电。由于能量采集极度稀缺且能量缓冲器容量有限,其执行过程变得间歇性,在主动运行时段与设备关闭时给能量缓冲器充电的时段之间交替。我们证明,通过将环境能量供给系统施加有限控制,可在无需物理接触设备的情况下,造成活锁、拒绝服务和优先级反转等状况。利用机器学习与近似计算概念,我们设计了一种技术,能够以92%以上的准确率检测能量攻击(相比所考虑的基线方法,准确率提升73%以上),并在资源极度受限的设备上运行,仅带来有限的额外开销。