Spoofing attack on medical device using analog sensor = 아날로그 센서 시스템의 취약점에 관한 연구

Sensors are devices that measure physical quantities of the environment for sensing and actuation systems, and are widely used in many commercial embedded systems such as smart devices, drones, and medical devices because they offer convenience and accuracy. As many sensing and actuation systems depend entirely on data from sensors, these systems are naturally vulnerable to sensor spoofing attacks that use fabricated physical stimuli. As a result, the systems would become entirely insecure and unsafe. In this thesis, we propose a new type of sensor spoofing attack based on saturation. A sensor shows a linear characteristic between its input physical stimuli and output sensor values in a typical operating region. However, if the input exceeds the upper bound of the operating region, the output is saturated and does not change as much as the corresponding changes of the input. Using saturation, our attack can make a sensor to ignore legitimate inputs. To demonstrate our sensor spoofing attack, we target two medical infusion pumps which are equipped with infrared (IR) drop sensors to control precisely the amount of medicine injected into a patients' body. Our experiments based on analyses of the drop sensors show that the output of them could be manipulated by saturating the sensors using an additional IR source. In addition, by analyzing the infusion pumps' firmware, we figure out the vulnerability in the mechanism handling the output of the drop sensors, and implement a sensor spoofing attack that can bypass the alarm systems of the targets. As a result, we show that both over-infusion and under-infusion are possible: our spoofing attack can inject up to 3.33 times the intended amount of fluid or 0.65 times of it for a 10 minute period.
Advisors
Kim, Yong Daeresearcher김용대researcher
Publisher
한국과학기술원
Issue Date
2016
Identifier
325007
Language
eng
Description

학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2016.8 ,[vii, 42 p. :]

Keywords

Sensor security; Medical device; Spoofing attack; Embedded security; Firmware reversing; 센서보안; 의료장비; 스푸핑공격; 임베디드보안; 펌웨어 역공학

URI
http://hdl.handle.net/10203/221947
Link
http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=663499&flag=t
Appears in Collection
IS-Theses_Master(석사논문)
Files in This Item
There are no files associated with this item.
  • Hit : 178
  • Download : 0
  • Cited 0 times in thomson ci

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0