Collaborative Research: CSR: Small: Caphammer: A New Security Exploit in Energy Harvesting Systems and its Countermeasures

合作研究：CSR：小型：Caphammer：能量收集系统的新安全漏洞及其对策

• 批准号: 2314681
• 负责人: Changhee Jung
• 金额: $ 24万
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-08-15 至 2026-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2314681&HistoricalAwards=false
• 关键词: Collaborative; Research; CSR; Small; Caphammer

An energy harvesting system (EHS) has emerged as an alternative to battery-operated Internet of Things (IoT) devices. Instead of using a battery, EHS self-powers its device by collecting ambient energy from external sources such as radio frequency, WiFi, etc. However, since such ambient energy sources are unreliable, their resulting power is inherently unstable and often goes out. To address the problem, EHS leverages a capacitor as an energy buffer and computes when the capacitor secures a sufficient amount of energy, i.e., capacitors are at the heart of any EHS devices. Unfortunately, capacitors can be unreliable in the presence of frequent power failure across which they continuously charge and discharge, losing their original capacitance over time. More importantly, attackers can exploit the capacitor reliability issue to cause incorrect outputs or degrade the quality of service in targeted EHS devices. To this end, this research project focuses on investigating attack surfaces and designing cost-effective countermeasures. The project outcome will lay the foundation for batteryless Internet of Things services by maintaining their quality of service and security. The project also aims to integrate research findings into undergraduate teaching and promote equitable outcomes for women in computer science through K-12 outreach program.This project involves three major research thrusts. First, it introduces a new security attack called capacitor hammering attack (simply Caphammer), which aims to remotely degrade capacitors in the victim EHS devices. By manipulating power failure frequency, this attack can result in data corruption and denial of service (DoS). Second, the project designs a novel energy storage architecture that can effectively prevent the Caphammer attack and restore the original capacitance. This design leverages the unique characteristics of capacitors and EHS to achieve resilience against Caphammer attacks. Third, the project develops a lightweight countermeasure based on intelligent compiler/runtime co-design to prevent data corruption and mitigate the risks of DoS problems by constructing self-recoverable programs. Consequently, these research goals collectively aim to enhance the security and reliability of EHS devices, safeguarding them against other potential attacks that can be launched through Caphammer.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

能源收集系统（EHS）已成为电池经营的物联网（IoT）设备的替代品。 EHS不用使用电池，而是通过从射频，wifi等外部来源收集环境能量来自给自足。但是，由于这种环境能源不可靠，它们的产生功率本质上是不稳定的，并且常常消失。为了解决该问题，EHS利用电容器作为能量缓冲区，并在电容器确保足够量的能量时计算，即电容器是任何EHS设备的核心。 不幸的是，在存在频繁的功率故障的情况下，电容器可能不可靠，它们不断充电和放电，随着时间的推移失去了原始电容。更重要的是，攻击者可以利用电容器可靠性问题引起不正确的产出或降低目标EHS设备中的服务质量。为此，该研究项目着重于研究攻击表面并设计具有成本效益的对策。该项目结果将通过维护其服务质量和安全性来为无电互联网服务奠定基础。 该项目还旨在通过K-12外展计划将研究结果纳入本科教学，并为计算机科学领域的女性提供公平的成果。该项目涉及三个主要的研究推力。首先，它引入了一种称为电容器锤击攻击（简单的Caphammer）的新安全攻击，该攻击旨在远程降低受害者EHS设备中的电容器。通过操纵功率故障频率，此攻击可以导致数据损坏和拒绝服务（DOS）。其次，该项目设计了一种新颖的储能架构，可以有效防止Caphammer攻击并恢复原始电容。该设计利用了电容器和EHS的独特特征，以实现针对Caphammer攻击的弹性。第三，该项目基于智能编译器/运行时共同设计开发轻巧的对策，以防止数据损坏并通过构建自我恢复的程序来减轻DOS问题的风险。因此，这些研究目标集体旨在提高EHS设备的安全性和可靠性，保护它们免受可以通过Caphammer发起的其他潜在攻击。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛影响的审查标准来通过评估来获得支持的。