Paper ACM

Presentation pdf

The Chatty-Sensor: A Provably-covert Channel in Cyber Physical Systems

Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to trigger a physical process, based on sensor readings. Attackers typically coordinate attack with multiple corrupted devices; defenses often focus on detecting this abnormal communication.

We present the first provably-covert channel from a ‘covertly transmitting sensor’ to a ‘covertly-receiving actuator’, interacting only indirectly, via a benign threshold-based controller. The covert devices cannot be practically distinguished from benign devices. The covert traffic is encoded within the output noise of the covertly transmitting sensor, whose distribution is indistinguishable from that of a benign sensor (with comparable specifications). We evaluated the channel, showing its applicability for signaling and coordinating attacks between the sensor and the actuator. This capability requires to re-evaluate security monitoring and preventing systems in CPS.