Collaborative Research: CSR: Small: Caphammer: A New Security Exploit in Energy Harvesting Systems and its Countermeasures

合作研究：CSR：小型：Caphammer：能量收集系统的新安全漏洞及其对策

• 批准号: 2314680
• 负责人: Jongouk Choi
• 金额: $ 36万
• 依托单位: The University of Central Florida Board of Trustees
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-08-15 至 2026-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2314680&HistoricalAwards=false
• 关键词: Collaborative; Research; CSR; Small; Caphammer

An energy harvesting system (EHS) has emerged as an alternative to battery-operated Internet of Things (IoT) devices. Instead of using a battery, EHS self-powers its device by collecting ambient energy from external sources such as radio frequency, WiFi, etc. However, since such ambient energy sources are unreliable, their resulting power is inherently unstable and often goes out. To address the problem, EHS leverages a capacitor as an energy buffer and computes when the capacitor secures a sufficient amount of energy, i.e., capacitors are at the heart of any EHS devices. Unfortunately, capacitors can be unreliable in the presence of frequent power failure across which they continuously charge and discharge, losing their original capacitance over time. More importantly, attackers can exploit the capacitor reliability issue to cause incorrect outputs or degrade the quality of service in targeted EHS devices. To this end, this research project focuses on investigating attack surfaces and designing cost-effective countermeasures. The project outcome will lay the foundation for batteryless Internet of Things services by maintaining their quality of service and security. The project also aims to integrate research findings into undergraduate teaching and promote equitable outcomes for women in computer science through K-12 outreach program.This project involves three major research thrusts. First, it introduces a new security attack called capacitor hammering attack (simply Caphammer), which aims to remotely degrade capacitors in the victim EHS devices. By manipulating power failure frequency, this attack can result in data corruption and denial of service (DoS). Second, the project designs a novel energy storage architecture that can effectively prevent the Caphammer attack and restore the original capacitance. This design leverages the unique characteristics of capacitors and EHS to achieve resilience against Caphammer attacks. Third, the project develops a lightweight countermeasure based on intelligent compiler/runtime co-design to prevent data corruption and mitigate the risks of DoS problems by constructing self-recoverable programs. Consequently, these research goals collectively aim to enhance the security and reliability of EHS devices, safeguarding them against other potential attacks that can be launched through Caphammer.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

能量收集系统（EHS）已经成为电池供电的物联网（IoT）设备的替代品。EHS不使用电池，而是通过从射频、WiFi等外部来源收集环境能量来为其设备自供电。然而，由于这些环境能量来源不可靠，因此其产生的电力本质上不稳定，并且经常熄灭。为了解决这个问题，EHS利用电容器作为能量缓冲器，并计算电容器何时获得足够的能量，即，电容器是任何EHS设备的核心。 不幸的是，电容器在频繁的电源故障的情况下可能是不可靠的，在电源故障的情况下，电容器连续地充电和放电，随着时间的推移而失去其原始电容。更重要的是，攻击者可以利用电容器的可靠性问题，在目标EHS设备中造成不正确的输出或降低服务质量。为此，该研究项目的重点是调查攻击面和设计具有成本效益的对策。该项目的成果将通过保持服务质量和安全性为无电池物联网服务奠定基础。 该项目还旨在将研究成果融入本科教学，并通过K-12外展计划促进妇女在计算机科学领域的平等成果。首先，它引入了一种名为电容器锤击攻击（简称Caphammer）的新安全攻击，旨在远程降低受害者EHS设备中的电容器。通过操纵电源故障频率，此攻击可导致数据损坏和拒绝服务（DoS）。其次，该项目设计了一种新型的储能架构，可以有效地防止Caphammer攻击并恢复原始电容。该设计利用电容器和EHS的独特特性，实现对Caphammer攻击的恢复能力。第三，该项目开发了一个轻量级的对策，基于智能编译器/运行时协同设计，以防止数据损坏，并通过构建自恢复程序降低拒绝服务问题的风险。因此，这些研究目标共同致力于提高EHS设备的安全性和可靠性，保护它们免受可能通过Caphammer发起的其他潜在攻击。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。