Collaborative Research: CSR: Small: Caphammer: A New Security Exploit in Energy Harvesting Systems and its Countermeasures

合作研究：CSR：小型：Caphammer：能量收集系统的新安全漏洞及其对策

• 批准号: 2314680
• 负责人: Jongouk Choi
• 金额: $ 36万
• 依托单位: The University of Central Florida Board of Trustees
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-08-15 至 2026-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2314680&HistoricalAwards=false
• 关键词: Collaborative; Research; CSR; Small; Caphammer

An energy harvesting system (EHS) has emerged as an alternative to battery-operated Internet of Things (IoT) devices. Instead of using a battery, EHS self-powers its device by collecting ambient energy from external sources such as radio frequency, WiFi, etc. However, since such ambient energy sources are unreliable, their resulting power is inherently unstable and often goes out. To address the problem, EHS leverages a capacitor as an energy buffer and computes when the capacitor secures a sufficient amount of energy, i.e., capacitors are at the heart of any EHS devices. Unfortunately, capacitors can be unreliable in the presence of frequent power failure across which they continuously charge and discharge, losing their original capacitance over time. More importantly, attackers can exploit the capacitor reliability issue to cause incorrect outputs or degrade the quality of service in targeted EHS devices. To this end, this research project focuses on investigating attack surfaces and designing cost-effective countermeasures. The project outcome will lay the foundation for batteryless Internet of Things services by maintaining their quality of service and security. The project also aims to integrate research findings into undergraduate teaching and promote equitable outcomes for women in computer science through K-12 outreach program.This project involves three major research thrusts. First, it introduces a new security attack called capacitor hammering attack (simply Caphammer), which aims to remotely degrade capacitors in the victim EHS devices. By manipulating power failure frequency, this attack can result in data corruption and denial of service (DoS). Second, the project designs a novel energy storage architecture that can effectively prevent the Caphammer attack and restore the original capacitance. This design leverages the unique characteristics of capacitors and EHS to achieve resilience against Caphammer attacks. Third, the project develops a lightweight countermeasure based on intelligent compiler/runtime co-design to prevent data corruption and mitigate the risks of DoS problems by constructing self-recoverable programs. Consequently, these research goals collectively aim to enhance the security and reliability of EHS devices, safeguarding them against other potential attacks that can be launched through Caphammer.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

能量收集系统 (EHS) 已成为电池供电的物联网 (IoT) 设备的替代品。 EHS 不使用电池，而是通过从射频、WiFi 等外部源收集环境能量来为其设备自行供电。然而，由于此类环境能源不可靠，因此产生的电力本质上不稳定并且经常会断电。为了解决这个问题，EHS 利用电容器作为能量缓冲器，并计算电容器何时获得足够的能量，即电容器是任何 EHS 设备的核心。 不幸的是，电容器在频繁断电的情况下可能不可靠，它们会不断充电和放电，随着时间的推移会失去其原始电容。更重要的是，攻击者可以利用电容器可靠性问题导致错误输出或降低目标 EHS 设备的服务质量。为此，该研究项目侧重于调查攻击面并设计具有成本效益的对策。该项目成果将为无电池物联网服务保持服务质量和安全性奠定基础。 该项目还旨在将研究成果纳入本科教学，并通过 K-12 推广计划促进计算机科学领域女性的公平成果。该项目涉及三个主要研究方向。首先，它引入了一种称为电容器锤击攻击（简称 Caphammer）的新安全攻击，旨在远程降低受害 EHS 设备中的电容器性能。通过操纵电源故障频率，这种攻击可能会导致数据损坏和拒绝服务 (DoS)。其次，该项目设计了一种新颖的储能架构，可以有效防止Caphammer攻击并恢复原始电容。该设计利用电容器和 EHS 的独特特性来实现抵御 Caphammer 攻击的能力。第三，该项目开发了一种基于智能编译器/运行时协同设计的轻量级对策，通过构建可自我恢复的程序来防止数据损坏并减轻 DoS 问题的风险。因此，这些研究目标共同旨在增强 EHS 设备的安全性和可靠性，保护它们免受通过 Caphammer 发起的其他潜在攻击。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值进行评估，被认为值得支持以及更广泛的影响审查标准。