A Comprehensive Survey of Attacks without Physical Access Targeting Hardware Vulnerabilities in IoT/IIoT Devices, and Their Detection Mechanisms

ACM Trans. Design Autom. Electr. Syst. Pub Date : 2022-01-31 DOI:10.1145/3471936

Nikolaos Foivos Polychronou, Pierre-Henri Thevenon, Maxime Puys, V. Beroulle

{"title":"A Comprehensive Survey of Attacks without Physical Access Targeting Hardware Vulnerabilities in IoT/IIoT Devices, and Their Detection Mechanisms","authors":"Nikolaos Foivos Polychronou, Pierre-Henri Thevenon, Maxime Puys, V. Beroulle","doi":"10.1145/3471936","DOIUrl":null,"url":null,"abstract":"With the advances in the field of the Internet of Things (IoT) and Industrial IoT (IIoT), these devices are increasingly used in daily life or industry. To reduce costs related to the time required to develop these devices, security features are usually not considered. This situation creates a major security concern. Many solutions have been proposed to protect IoT/IIoT against various attacks, most of which are based on attacks involving physical access. However, a new class of attacks has emerged targeting hardware vulnerabilities in the micro-architecture that do not require physical access. We present attacks based on micro-architectural hardware vulnerabilities and the side effects they produce in the system. In addition, we present security mechanisms that can be implemented to address some of these attacks. Most of the security mechanisms target a small set of attack vectors or a single specific attack vector. As many attack vectors exist, solutions must be found to protect against a wide variety of threats. This survey aims to inform designers about the side effects related to attacks and detection mechanisms that have been described in the literature. For this purpose, we present two tables listing and classifying the side effects and detection mechanisms based on the given criteria.","PeriodicalId":7063,"journal":{"name":"ACM Trans. Design Autom. Electr. Syst.","volume":"11 1","pages":"1:1-1:35"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Trans. Design Autom. Electr. Syst.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3471936","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

With the advances in the field of the Internet of Things (IoT) and Industrial IoT (IIoT), these devices are increasingly used in daily life or industry. To reduce costs related to the time required to develop these devices, security features are usually not considered. This situation creates a major security concern. Many solutions have been proposed to protect IoT/IIoT against various attacks, most of which are based on attacks involving physical access. However, a new class of attacks has emerged targeting hardware vulnerabilities in the micro-architecture that do not require physical access. We present attacks based on micro-architectural hardware vulnerabilities and the side effects they produce in the system. In addition, we present security mechanisms that can be implemented to address some of these attacks. Most of the security mechanisms target a small set of attack vectors or a single specific attack vector. As many attack vectors exist, solutions must be found to protect against a wide variety of threats. This survey aims to inform designers about the side effects related to attacks and detection mechanisms that have been described in the literature. For this purpose, we present two tables listing and classifying the side effects and detection mechanisms based on the given criteria.

查看原文本刊更多论文

针对物联网/工业物联网设备硬件漏洞的无物理访问攻击及其检测机制的综合调查

随着物联网(IoT)和工业物联网(IIoT)领域的进步，这些设备越来越多地用于日常生活或工业。为了减少与开发这些设备所需的时间相关的成本，通常不考虑安全特性。这种情况造成了严重的安全问题。已经提出了许多解决方案来保护物联网/工业物联网免受各种攻击，其中大多数是基于涉及物理访问的攻击。然而，针对微架构中不需要物理访问的硬件漏洞的新一类攻击已经出现。我们提出了基于微架构硬件漏洞及其在系统中产生的副作用的攻击。此外，我们还提出了可以实现的安全机制，以解决其中一些攻击。大多数安全机制针对的是一小部分攻击向量或单个特定的攻击向量。由于存在许多攻击媒介，因此必须找到解决方案来防范各种各样的威胁。这项调查的目的是告知设计师有关的副作用的攻击和检测机制，已在文献中描述。为此，我们提出了两个表，列出并分类基于给定标准的副作用和检测机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Trans. Design Autom. Electr. Syst.

自引率

0.00%

发文量