Electromagnetic signal injection attacks on differential signaling
Differential signaling is a method of data transmission that uses two complementary electrical signals to encode information. This allows a receiver to reject any noise by looking at the difference between the two signals, assuming the noise affects both signals equally. Many protocols such as USB,...
Main Authors: | , |
---|---|
Format: | Conference item |
Language: | English |
Published: |
Association for Computing Machinery
2023
|
_version_ | 1797110855836368896 |
---|---|
author | Zhang, Y Rasmussen, K |
author_facet | Zhang, Y Rasmussen, K |
author_sort | Zhang, Y |
collection | OXFORD |
description | Differential signaling is a method of data transmission that uses two complementary electrical signals to encode information. This allows a receiver to reject any noise by looking at the difference between the two signals, assuming the noise affects both signals equally. Many protocols such as USB, Ethernet, and HDMI use differential signaling to achieve a robust communication channel in a noisy environment. This generally works well and has led many to believe that it is infeasible to remotely inject attacking signals into such a differential pair. In this paper, we challenge this assumption and show that an adversary can in fact inject malicious signals from a distance, purely using common-mode injection, i.e., injecting into both wires at the same time.
<br>
We explain in detail the principles that an attacker can exploit to achieve a successful injection of an arbitrary bit, and we analyze the success rate of injecting longer arbitrary messages. We demonstrate the attack on a real system and show that the success rate can reach as high as . Finally, we present a case study where we wirelessly inject a message into a Controller Area Network (CAN) bus, which is a differential signaling bus protocol used in many critical applications, including the automotive and aviation sector. |
first_indexed | 2024-03-07T08:00:34Z |
format | Conference item |
id | oxford-uuid:7a716100-cef7-4f5b-8f31-d7aaaa63808e |
institution | University of Oxford |
language | English |
last_indexed | 2024-03-07T08:00:34Z |
publishDate | 2023 |
publisher | Association for Computing Machinery |
record_format | dspace |
spelling | oxford-uuid:7a716100-cef7-4f5b-8f31-d7aaaa63808e2023-09-25T12:52:14ZElectromagnetic signal injection attacks on differential signalingConference itemhttp://purl.org/coar/resource_type/c_5794uuid:7a716100-cef7-4f5b-8f31-d7aaaa63808eEnglishSymplectic ElementsAssociation for Computing Machinery2023Zhang, YRasmussen, KDifferential signaling is a method of data transmission that uses two complementary electrical signals to encode information. This allows a receiver to reject any noise by looking at the difference between the two signals, assuming the noise affects both signals equally. Many protocols such as USB, Ethernet, and HDMI use differential signaling to achieve a robust communication channel in a noisy environment. This generally works well and has led many to believe that it is infeasible to remotely inject attacking signals into such a differential pair. In this paper, we challenge this assumption and show that an adversary can in fact inject malicious signals from a distance, purely using common-mode injection, i.e., injecting into both wires at the same time. <br> We explain in detail the principles that an attacker can exploit to achieve a successful injection of an arbitrary bit, and we analyze the success rate of injecting longer arbitrary messages. We demonstrate the attack on a real system and show that the success rate can reach as high as . Finally, we present a case study where we wirelessly inject a message into a Controller Area Network (CAN) bus, which is a differential signaling bus protocol used in many critical applications, including the automotive and aviation sector. |
spellingShingle | Zhang, Y Rasmussen, K Electromagnetic signal injection attacks on differential signaling |
title | Electromagnetic signal injection attacks on differential signaling |
title_full | Electromagnetic signal injection attacks on differential signaling |
title_fullStr | Electromagnetic signal injection attacks on differential signaling |
title_full_unstemmed | Electromagnetic signal injection attacks on differential signaling |
title_short | Electromagnetic signal injection attacks on differential signaling |
title_sort | electromagnetic signal injection attacks on differential signaling |
work_keys_str_mv | AT zhangy electromagneticsignalinjectionattacksondifferentialsignaling AT rasmussenk electromagneticsignalinjectionattacksondifferentialsignaling |