More Web Proxy on the site http://driver.im/

research-article

Open access

Everything has its Bad Side and Good Side: Turning Processors to Low Overhead Radios Using Side-Channels

Authors:

Timothy Jacques,

Nader SehatbakhshAuthors Info & Claims

IPSN '23: Proceedings of the 22nd International Conference on Information Processing in Sensor Networks

Pages 288 - 301

https://doi.org/10.1145/3583120.3586959

Published: 09 May 2023 Publication History

All formats PDF

Abstract

Side-channels have traditionally been exploited as a means of uncovering sensitive information such as cryptographic keys from a computing device. In particular, past work has shown that electromagnetic (EM) radiation from a device’s processor and memory during the execution of code and data can be used by attackers to extract private information. In contrast, instead of considering side-channels and electromagnetic radiation as vulnerabilities, we see them as opportunities for wireless communication on resource-limited IoT devices. We present SideComm, a side-channel-based communication system that leverages processors’ EM side-channels to enable resource-limited IoT devices to wirelessly send their data without having any radios. The main advantage of this approach is completely eliminating the need for a conventional radio and antenna, which offers energy savings, simplicity, and flexibility for IoT devices. Our evaluation demonstrates SideComm’s ability to achieve a communication range of more than 10m (enabling ≥ 3 dB SNR at 15m) and to work in non-line-of-sight scenarios, such as around corners and through walls. We believe SideComm can enable increased connectivity for many resource-constrained IoT devices in smart environments.

References

[1]

Ali Abedi, Omid Abari, and Tim Brecht. 2019. Wi-le: Can wifi replace bluetooth?. In Proceedings of the 18th ACM Workshop on Hot Topics in Networks. 117–124.

Digital Library

[2]

Ali Abedi, Mohammad Hossein Mazaheri, Omid Abari, and Tim Brecht. 2018. Witag: Rethinking backscatter communication for wifi networks. In Proceedings of the 17th ACM Workshop on Hot Topics in Networks. 148–154.

Digital Library

[3]

Orion Afisiadis, Andreas Burg, and Alexios Balatsoukas-Stimming. 2020. Coded LoRa frame error rate analysis. In Icc 2020-2020 Ieee International Conference On Communications (Icc). IEEE, 1–6.

[4]

[4] Indoor TV Antenna. [n. d.]. https://www.amazon.com/dp/B01FUB4ZG8?psc=1&ref=ppx_yo2ov_dt_b_product_details. Accessed: 2022-07.

[5]

[5] USPR B205mini-i. [n. d.]. https://www.ettus.com/all-products/usrp-b205mini-i/. Accessed: 2022-07.

[6]

Dinesh Bharadia, Kiran Raj Joshi, Manikanta Kotaru, and Sachin Katti. 2015. Backfi: High throughput wifi backscatter. ACM SIGCOMM Computer Communication Review 45, 4 (2015), 283–296.

Digital Library

[7]

Robert Callan, Alenka Zajić, and Milos Prvulovic. 2015. FASE: Finding amplitude-modulated side-channel emanations. In 2015 ACM/IEEE 42nd Annual International Symposium on Computer Architecture (ISCA). IEEE, 592–603.

Digital Library

[8]

G. Camurati and A. Francillon. 2022. Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security. In 2022 2022 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, Los Alamitos, CA, USA, 294–311. https://doi.org/10.1109/SP46214.2022.00018

[9]

Giovanni Camurati, Aurélien Francillon, and François-Xavier Standaert. [n. d.]. Understanding screaming channels: From a detailed analysis to improved attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems ([n. d.]).

[10]

[10] TI CC2650 BLE Chip. [n. d.]. https://www.ti.com/product/CC2650/. Accessed: 2022-07.

[11]

Farzan Dehbashi, Ali Abedi, Tim Brecht, and Omid Abari. 2021. Verification: can wifi backscatter replace RFID?. In Proceedings of the 27th Annual International Conference on Mobile Computing and Networking. 97–107.

Digital Library

[12]

Amalinda Gamage, Jansen Christian Liando, Chaojie Gu, Rui Tan, and Mo Li. 2020. Lmac: Efficient carrier-sense multiple access for lora. In Proceedings of the 26th Annual International Conference on Mobile Computing and Networking.

Digital Library

[13]

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer. 2015. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. In International workshop on cryptographic hardware and embedded systems. Springer, 207–228.

Digital Library

[14]

Reza Ghanaatian, Orion Afisiadis, Matthieu Cotting, and Andreas Burg. 2019. LoRa digital receiver analysis and implementation. In IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE.

[15]

Xiuzhen Guo, Longfei Shangguan, Yuan He, Jia Zhang, Haotian Jiang, Awais Ahmad Siddiqi, and Yunhao Liu. 2020. Aloba: rethinking ON-OFF keying modulation for ambient LoRa backscatter. In Proceedings of the 18th Conference on Embedded Networked Sensor Systems. 192–204.

Digital Library

[16]

Mordechai Guri. 2020. AIR-FI: Generating covert wi-fi signals from air-gapped computers. arXiv preprint arXiv:2012.06884 (2020).

[17]

Mordechai Guri, Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirsky, and Yuval Elovici. 2015. { GSMem} : Data Exfiltration from { Air-Gapped} Computers over { GSM} Frequencies. In 24th USENIX Security Symposium. 849–864.

[18]

Mordechai Guri, Gabi Kedma, Assaf Kachlon, and Yuval Elovici. 2014. AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. In 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE). IEEE, 58–67.

[19]

Yi Han, Matthew Chan, Zahra Aref, Nils Ole Tippenhauer, and Saman Zonouz. 2022. Hiding in Plain Sight? On the Efficacy of Power Side Channel-Based Control Flow Monitoring. In Proceedings of the USENIX Security Symposium.

[20]

Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, and Athina Petropulu. 2017. Watch me, but don’t touch me! contactless control flow monitoring via electromagnetic emanations. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. 1095–1108.

Digital Library

[21]

Jiaji He, Yiqiang Zhao, Xiaolong Guo, and Yier Jin. 2017. Hardware trojan detection through chip-free electromagnetic side-channel statistical analysis. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 25, 10 (2017).

Digital Library

[22]

Mehrdad Hessar, Ali Najafi, and Shyamnath Gollakota. 2019. { NetScatter} : Enabling { Large-Scale} Backscatter Networks. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19). 271–284.

[23]

[23] Adafruit INA219. [n. d.]. https://www.adafruit.com/product/904/. Accessed: 2022-07.

[24]

Jinyan Jiang, Zhenqiang Xu, Fan Dang, and Jiliang Wang. 2021. Long-range ambient LoRa backscatter with parallel decoding. In Proceedings of the 27th Annual International Conference on Mobile Computing and Networking. 684–696.

Digital Library

[25]

Bryce Kellogg, Aaron Parks, Shyamnath Gollakota, Joshua R Smith, and David Wetherall. 2014. Wi-Fi backscatter: Internet connectivity for RF-powered devices. In Proceedings of the 2014 ACM Conference on SIGCOMM. 607–618.

Digital Library

[26]

Bryce Kellogg, Vamsi Talla, Shyamnath Gollakota, and Joshua R Smith. 2016. Passive { Wi-Fi} : Bringing Low Power to { Wi-Fi} Transmissions. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16). 151–164.

[27]

Chenning Li and Zhichao Cao. 2022. Lora networking techniques for large-scale and long-term iot: A down-to-top survey. ACM Computing Surveys (CSUR) 55, 3 (2022), 1–36.

Digital Library

[28]

Chenning Li, Hanqing Guo, Shuai Tong, Xiao Zeng, Zhichao Cao, Mi Zhang, Qiben Yan, Li Xiao, Jiliang Wang, and Yunhao Liu. 2021. NELoRa: Towards Ultra-low SNR LoRa Communication with Neural-enhanced Demodulation. In Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems.

Digital Library

[29]

Yinghui Li, Jing Yang, and Jiliang Wang. 2020. Dylora: Towards energy efficient dynamic lora transmission control. In IEEE INFOCOM 2020-IEEE Conference on Computer Communications. IEEE, 2312–2320.

Digital Library

[30]

Zhijun Li and Yongrui Chen. 2020. BLE2LoRa: cross-technology communication from bluetooth to LoRa via chirp emulation. In 2020 17th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON). IEEE.

Digital Library

[31]

Jun Liu, Jiayao Gao, Sanjay Jha, and Wen Hu. 2021. Seirios: leveraging multiple channels for LoRaWAN indoor and outdoor localization. In Proceedings of the 27th Annual International Conference on Mobile Computing and Networking. 656–669.

Digital Library

[32]

Ruizhe Long, Ying-Chang Liang, Huayan Guo, Gang Yang, and Rui Zhang. 2019. Symbiotic radio: A new communication paradigm for passive Internet of Things. IEEE Internet of Things Journal 7, 2 (2019), 1350–1363.

[33]

Alexandre Marquet, Nicolas Montavont, and Georgios Z Papadopoulos. 2020. Towards an SDR implementation of LoRa: Reverse-engineering, demodulation strategies and assessment over Rayleigh channel. Computer Communications 153 (2020), 595–605.

Digital Library

[34]

[34] TI MSP430. [n. d.]. https://www.ti.com/tool/MSP-EXP430G2ET/. Accessed: 2022-07.

[35]

Yao Peng, Longfei Shangguan, Yue Hu, Yujie Qian, Xianshang Lin, Xiaojiang Chen, Dingyi Fang, and Kyle Jamieson. 2018. PLoRa: A passive long-range data network from ambient LoRa transmissions. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. 147–160.

Digital Library

[36]

Yaman Sangar and Bhuvana Krishnaswamy. 2020. WiChronos: energy-efficient modulation for long-range, large-scale wireless networks. In Proceedings of the 26th Annual International Conference on Mobile Computing and Networking. 1–14.

Digital Library

[37]

Seun Sangodoyin, Frank T Werner, Baki B Yilmaz, Chia-Lin Cheng, Elvan M Ugurlu, Nader Sehatbakhsh, Milos Prvulović, and Alenka Zajic. 2020. Side-channel propagation measurements and modeling for hardware security in iot devices. IEEE Transactions on Antennas and Propagation 69, 6 (2020), 3470–3484.

[38]

Nader Sehatbakhsh, Alireza Nazari, Monjur Alam, Frank Werner, Yuanda Zhu, Alenka Zajic, and Milos Prvulovic. 2019. REMOTE: Robust external malware detection framework by using electromagnetic signals. IEEE Trans. Comput. 69, 3 (2019), 312–326.

Digital Library

[39]

Nader Sehatbakhsh, Alireza Nazari, Alenka Zajic, and Milos Prvulovic. 2016. Spectral profiling: Observer-effect-free profiling by monitoring EM emanations. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 1–11.

[40]

Nader Sehatbakhsh, Baki Berkay Yilmaz, Alenka Zajic, and Milos Prvulovic. 2020. A new side-channel vulnerability on modern computers by exploiting electromagnetic emanations from the power management unit. In 2020 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[41]

Cheng Shen, Tian Liu, Jun Huang, and Rui Tan. 2021. When LoRa meets EMR: Electromagnetic covert channels can be super resilient. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 1304–1317.

[42]

Pang Shuai, Zhao Yonghui, and Ouyang Jineng. 2021. An Intelligent Wireless Networking and Application Layer Protocol Design Based on LoRa. In 2021 IEEE 4th International Conference on Electronics Technology (ICET). IEEE, 1099–1104.

[43]

Matti Siekkinen, Markus Hiienkari, Jukka K Nurminen, and Johanna Nieminen. 2012. How low energy is bluetooth low energy? comparative measurements with zigbee/802.15. 4. In 2012 IEEE wireless communications and networking conference workshops (WCNCW). IEEE, 232–237.

[44]

[44] STM32WL55. [n. d.]. https://www.st.com/en/microcontrollers-microprocessors/stm32wl55jc.html. Accessed: 2022-07.

[45]

[45] Semtech SX1262. [n. d.]. https://www.semtech.com/products/wireless-rf/lora-core/sx1262mb2cas/. Accessed: 2022-07.

[46]

Vamsi Talla, Mehrdad Hessar, Bryce Kellogg, Ali Najafi, Joshua R Smith, and Shyamnath Gollakota. 2017. Lora backscatter: Enabling the vision of ubiquitous connectivity. Proceedings of the ACM on interactive, mobile, wearable and ubiquitous technologies 1, 3 (2017), 1–24.

Digital Library

[47]

Joachim Tapparel, Orion Afisiadis, Paul Mayoraz, Alexios Balatsoukas-Stimming, and Andreas Burg. 2020. An open-source LoRa physical layer prototype on GNU radio. In 2020 IEEE 21st International Workshop on Signal Processing Advances in Wireless Communications (SPAWC). IEEE, 1–5.

[48]

Shuai Tong, Zilin Shen, Yunhao Liu, and Jiliang Wang. 2021. Combating link dynamics for reliable lora connection in urban settings. In Proceedings of the 27th Annual International Conference on Mobile Computing and Networking. 642–655.

Digital Library

[49]

Shuai Tong, Jiliang Wang, and Yunhao Liu. 2020. Combating packet collisions using non-stationary signal scaling in LPWANs. In Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services. 234–246.

Digital Library

[50]

[50] Arduino Uno. [n. d.]. https://docs.arduino.cc/hardware/uno-rev3/. Accessed: 2022-07.

[51]

Ambuj Varshney, Oliver Harms, Carlos Pérez-Penichet, Christian Rohner, Frederik Hermans, and Thiemo Voigt. 2017. Lorea: A backscatter architecture that achieves a long communication range. In Proceedings of the 15th ACM Conference on Embedded Network Sensor Systems. 1–14.

Digital Library

[52]

Deepak Vasisht, Guo Zhang, Omid Abari, Hsiao-Ming Lu, Jacob Flanz, and Dina Katabi. 2018. In-body backscatter communication and localization. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication.

Digital Library

[53]

Binbin Xie and Jie Xiong. 2020. Combating interference for long range LoRa sensing. In Proceedings of the 18th Conference on Embedded Networked Sensor Systems. 69–81.

Digital Library

[54]

Yuval Yarom and Katrina Falkner. 2014. { FLUSH+ RELOAD} : A High Resolution, Low Noise, L3 Cache { Side-Channel} Attack. In 23rd USENIX security symposium (USENIX security 14). 719–732.

[55]

Zihao Zhan, Zhenkai Zhang, and Xenofon Koutsoukos. 2020. Bitjabber: The world’s fastest electromagnetic covert channel. In 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, 35–45.

[56]

Zhenkai Zhang, Zihao Zhan, Daniel Balasubramanian, Bo Li, Peter Volgyesi, and Xenofon Koutsoukos. 2020. Leveraging EM side-channel information to detect rowhammer attacks. In 2020 IEEE Symposium on Security and Privacy (SP).

[57]

Mark Zhao and G Edward Suh. 2018. FPGA-based remote power side-channel attacks. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 229–244.

Cited By

He DWang HDeng TLiu JWang J(2025)Improving IIoT security: Unveiling threats through advanced side-channel analysisComputers & Security10.1016/j.cose.2024.104135148(104135)Online publication date: Jan-2025
https://doi.org/10.1016/j.cose.2024.104135
Feng JJacques TAbari OSehatbakhsh N(2023)Demo Abstract: Leveraging Side-Channels to Turn Processors into Low Overhead RadiosProceedings of the 22nd International Conference on Information Processing in Sensor Networks10.1145/3583120.3589813(360-361)Online publication date: 9-May-2023
https://dl.acm.org/doi/10.1145/3583120.3589813

Index Terms

Everything has its Bad Side and Good Side: Turning Processors to Low Overhead Radios Using Side-Channels
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Embedded systems
      1. Embedded hardware
      2. Embedded software
2. Networks
  1. Network protocols
    1. Cross-layer protocols

Recommendations

Demo Abstract: Leveraging Side-Channels to Turn Processors into Low Overhead Radios
IPSN '23: Proceedings of the 22nd International Conference on Information Processing in Sensor Networks

Traditionally, side channels have been exploited to uncover sensitive information such as cryptographic keys from computing devices. An attacker can extract private information from a device’s processor and memory by using electromagnetic (EM) radiation ...
Fingerprinting IoT Devices Using Latent Physical Side-Channels

The proliferation of low-end low-power internet-of-things (IoT) devices in "smart" environments necessitates secure identification and authentication of these devices via low-overhead fingerprinting methods. Previous work typically utilizes ...
To reduce side lobe level of slotted array antennas using nonuniform waveguides

In this article, a method is presented to reduce the side lobe level of slotted waveguide array antennas while the gain to be constant. In this method, the H-plane dimension of the waveguide is considered as the variable rather than constant. The ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

IPSN '23: Proceedings of the 22nd International Conference on Information Processing in Sensor Networks

May 2023

385 pages

ISBN:9798400701184

DOI:10.1145/3583120

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 May 2023

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

IPSN '23

Sponsor:

SIGBED

IPSN '23: The 22nd International Conference on Information Processing in Sensor Networks

May 9 - 12, 2023

TX, San Antonio, USA

Acceptance Rates

Overall Acceptance Rate 143 of 593 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
1,147
Total Downloads

Downloads (Last 12 months)612
Downloads (Last 6 weeks)82

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

He DWang HDeng TLiu JWang J(2025)Improving IIoT security: Unveiling threats through advanced side-channel analysisComputers & Security10.1016/j.cose.2024.104135148(104135)Online publication date: Jan-2025
https://doi.org/10.1016/j.cose.2024.104135
Feng JJacques TAbari OSehatbakhsh N(2023)Demo Abstract: Leveraging Side-Channels to Turn Processors into Low Overhead RadiosProceedings of the 22nd International Conference on Information Processing in Sensor Networks10.1145/3583120.3589813(360-361)Online publication date: 9-May-2023
https://dl.acm.org/doi/10.1145/3583120.3589813

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents