Amplitude-Modulating Analog/RF Hardware Trojans in Wireless Networks: Risks and Remedies
We investigate the risk posed by amplitude-modulating analog/RF hardware Trojans in wireless networks and propose a defense mechanism to mitigate the threat. First, we introduce the operating principles of amplitude-modulating analog/RF hardware Trojan circuits and we theoretically analyze their per...
Saved in:
| Published in | IEEE transactions on information forensics and security Vol. 15; pp. 3497 - 3510 |
|---|---|
| Main Authors | , , , , |
| Format | Journal Article |
| Language | English |
| Published |
New York
IEEE
2020
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
| ISSN | 1556-6013 1556-6021 |
| DOI | 10.1109/TIFS.2020.2990792 |
Cover
| Abstract | We investigate the risk posed by amplitude-modulating analog/RF hardware Trojans in wireless networks and propose a defense mechanism to mitigate the threat. First, we introduce the operating principles of amplitude-modulating analog/RF hardware Trojan circuits and we theoretically analyze their performance characteristics. Subject to channel conditions and hardware Trojan design restrictions, this analysis seeks to determine the impact of these malicious circuits on the legitimate communication and to understand the capabilities of the covert channel that they establish in practical wireless networks, by characterizing its error probability. Next, we present the implementation of two hardware Trojan examples on a Wireless Open-Access Research Platform (WARP)-based experimental setup. These examples reside in the analog and the RF circuitry of an 802.11a/g transmitter, respectively, where they manipulate the transmitted signal characteristics to leak their payload bits. Using these examples, we demonstrate (i) attack robustness, i.e., ability of the rogue receiver to successfully retrieve the leaked data, and (ii) attack inconspicuousness, i.e., ability of the hardware Trojan circuits to evade detection by existing defense methods. Lastly, we propose a defense mechanism that is capable of detecting analog/RF hardware Trojans in WiFi transceivers. The proposed defense, termed Adaptive Channel Estimation (ACE), leverages channel estimation capabilities of Orthogonal Frequency Division Multiplexing (OFDM) systems to robustly expose the Trojan activity in the presence of channel fading and device noise. Effectiveness of the ACE defense has been verified through experiments conducted in actual channel conditions, namely over-the-air and in the presence of interference. |
|---|---|
| AbstractList | We investigate the risk posed by amplitude-modulating analog/RF hardware Trojans in wireless networks and propose a defense mechanism to mitigate the threat. First, we introduce the operating principles of amplitude-modulating analog/RF hardware Trojan circuits and we theoretically analyze their performance characteristics. Subject to channel conditions and hardware Trojan design restrictions, this analysis seeks to determine the impact of these malicious circuits on the legitimate communication and to understand the capabilities of the covert channel that they establish in practical wireless networks, by characterizing its error probability. Next, we present the implementation of two hardware Trojan examples on a Wireless Open-Access Research Platform (WARP)-based experimental setup. These examples reside in the analog and the RF circuitry of an 802.11a/g transmitter, respectively, where they manipulate the transmitted signal characteristics to leak their payload bits. Using these examples, we demonstrate (i) attack robustness, i.e., ability of the rogue receiver to successfully retrieve the leaked data, and (ii) attack inconspicuousness, i.e., ability of the hardware Trojan circuits to evade detection by existing defense methods. Lastly, we propose a defense mechanism that is capable of detecting analog/RF hardware Trojans in WiFi transceivers. The proposed defense, termed Adaptive Channel Estimation (ACE), leverages channel estimation capabilities of Orthogonal Frequency Division Multiplexing (OFDM) systems to robustly expose the Trojan activity in the presence of channel fading and device noise. Effectiveness of the ACE defense has been verified through experiments conducted in actual channel conditions, namely over-the-air and in the presence of interference. |
| Author | Antonopoulos, Angelos Helal, Noha Subramani, Kiruba Sankaran Nosratinia, Aria Makris, Yiorgos |
| Author_xml | – sequence: 1 givenname: Kiruba Sankaran surname: Subramani fullname: Subramani, Kiruba Sankaran email: kiruba.subramani@utdallas.edu organization: Department of Electrical and Computer Engineering, The University of Texas at Dallas, Richardson, TX, USA – sequence: 2 givenname: Noha surname: Helal fullname: Helal, Noha email: noha.helal@utdallas.edu organization: Department of Electrical and Computer Engineering, The University of Texas at Dallas, Richardson, TX, USA – sequence: 3 givenname: Angelos surname: Antonopoulos fullname: Antonopoulos, Angelos email: aanton@utdallas.edu organization: u-blox Athens S.A., Maroussi, Greece – sequence: 4 givenname: Aria surname: Nosratinia fullname: Nosratinia, Aria email: aria@utdallas.edu organization: Department of Electrical and Computer Engineering, The University of Texas at Dallas, Richardson, TX, USA – sequence: 5 givenname: Yiorgos surname: Makris fullname: Makris, Yiorgos email: yiorgos.makris@utdallas.edu organization: Department of Electrical and Computer Engineering, The University of Texas at Dallas, Richardson, TX, USA |
| BookMark | eNp9kE1LAzEQhoMoWKs_QLwEPG_N5Gt3vZViVfADakVvS0ymJe12U5Ndiv_elooHD55mYN5nmHlOyGETGiTkHNgAgJVX0_vxy4Azzga8LFle8gPSA6V0phmHw98exDE5SWnBmJSgix55H67WtW87h9ljcF1tWt_M6bAxdZhfTcb0zkS3MRHpNIaFaRL1DX3zEWtMiT5huwlxma7pxKdloqZxdIIrdB7TKTmamTrh2U_tk9fxzXR0lz08396Phg-Z5aVoM82R68LCh5JguFTghEFX6A_lmNA5lKIAZUEZ43LtoLSisHomLRbg0Fgp-uRyv3cdw2eHqa0WoYvb-1PFJUglhBL5NpXvUzaGlCLOKuvb7a-haaPxdQWs2mmsdhqrncbqR-OWhD_kOvqViV__Mhd7xiPib343UyDFN2qif24 |
| CODEN | ITIFA6 |
| CitedBy_id | crossref_primary_10_3390_s21248288 crossref_primary_10_1109_ACCESS_2022_3201648 crossref_primary_10_1109_TCSI_2021_3116806 crossref_primary_10_1109_ACCESS_2020_3040395 crossref_primary_10_1109_TDSC_2022_3218507 crossref_primary_10_3390_s22083082 crossref_primary_10_1109_ACCESS_2024_3470216 crossref_primary_10_1109_MMM_2023_3303591 crossref_primary_10_1109_TNNLS_2022_3168540 |
| Cites_doi | 10.1145/1687399.1687425 10.1109/TVLSI.2016.2633348 10.1109/WCNC.2007.126 10.1109/ISCAS.2015.7169323 10.1109/TEST.2015.7342386 10.1109/ICCAD.2017.8203848 10.1109/JPROC.2014.2334493 10.1109/NAECON.2015.7443059 10.1109/TIFS.2013.2238930 10.1109/TIFS.2019.2900906 10.1109/MDT.2010.7 10.1007/978-3-319-21476-4_17 10.1109/ISQED.2016.7479197 10.1145/3243734.3243802 10.1109/ICCAD.2013.6691149 10.1145/2906147 10.1109/MDT.2010.21 10.1109/CNS.2015.7346830 10.23919/DATE.2017.7927268 10.1007/978-3-319-68511-3_5 10.1109/JPROC.2014.2335155 10.1109/SP.2007.36 10.1109/COMST.2014.2320074 10.1109/VTS.2015.7116257 10.1109/MWSCAS.2015.7282131 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020 |
| DBID | 97E RIA RIE AAYXX CITATION 7SC 7SP 7TB 8FD FR3 JQ2 KR7 L7M L~C L~D |
| DOI | 10.1109/TIFS.2020.2990792 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Mechanical & Transportation Engineering Abstracts Technology Research Database Engineering Research Database ProQuest Computer Science Collection Civil Engineering Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Civil Engineering Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Mechanical & Transportation Engineering Abstracts Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Engineering Research Database Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Civil Engineering Abstracts |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Computer Science |
| EISSN | 1556-6021 |
| EndPage | 3510 |
| ExternalDocumentID | 10_1109_TIFS_2020_2990792 9079514 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Science Foundation grantid: 1514050 funderid: 10.13039/501100008982 |
| GroupedDBID | 0R~ 29I 4.4 5GY 5VS 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABQJQ ABVLG ACGFS ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AKJIK AKQYR ALMA_UNASSIGNED_HOLDINGS ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 EBS EJD HZ~ IFIPE IPLJI JAVBF LAI M43 O9- OCL P2P PQQKQ RIA RIE RNS AAYXX CITATION RIG 7SC 7SP 7TB 8FD FR3 JQ2 KR7 L7M L~C L~D |
| ID | FETCH-LOGICAL-c293t-62e268c1b541a2451d3aed86b5d0367193815c15aad76d19c38c6f4ce81deac43 |
| IEDL.DBID | RIE |
| ISSN | 1556-6013 |
| IngestDate | Mon Jun 30 06:31:55 EDT 2025 Tue Jul 01 02:34:15 EDT 2025 Thu Apr 24 22:54:14 EDT 2025 Wed Aug 27 02:38:07 EDT 2025 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html https://doi.org/10.15223/policy-029 https://doi.org/10.15223/policy-037 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c293t-62e268c1b541a2451d3aed86b5d0367193815c15aad76d19c38c6f4ce81deac43 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| PQID | 2414533537 |
| PQPubID | 85506 |
| PageCount | 14 |
| ParticipantIDs | crossref_primary_10_1109_TIFS_2020_2990792 crossref_citationtrail_10_1109_TIFS_2020_2990792 proquest_journals_2414533537 ieee_primary_9079514 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 20200000 2020-00-00 20200101 |
| PublicationDateYYYYMMDD | 2020-01-01 |
| PublicationDate_xml | – year: 2020 text: 20200000 |
| PublicationDecade | 2020 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York |
| PublicationTitle | IEEE transactions on information forensics and security |
| PublicationTitleAbbrev | TIFS |
| PublicationYear | 2020 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref13 ref12 ref15 ref14 ref31 ref30 ref11 ref10 proakis (ref21) 2001 ref2 ref1 ref17 ref16 ref18 liu (ref5) 2014 manso (ref19) 2003 ref24 ref23 ref25 ref22 ref28 (ref20) 2016 ref29 ref8 dutta (ref27) 2012 ref7 ref9 ref4 ref3 ref6 jin (ref26) 2008 |
| References_xml | – ident: ref6 doi: 10.1145/1687399.1687425 – start-page: 1 year: 2014 ident: ref5 article-title: Hardware trojan detection through golden chip-free statistical side-channel fingerprinting publication-title: Proc 51st ACM/EDAC/IEEE Design Autom Conf (DAC) – ident: ref11 doi: 10.1109/TVLSI.2016.2633348 – ident: ref23 doi: 10.1109/WCNC.2007.126 – ident: ref17 doi: 10.1109/ISCAS.2015.7169323 – ident: ref30 doi: 10.1109/TEST.2015.7342386 – year: 2003 ident: ref19 publication-title: Performance analysis of -QAM with Viterbi soft-decision decoding – ident: ref14 doi: 10.1109/ICCAD.2017.8203848 – ident: ref4 doi: 10.1109/JPROC.2014.2334493 – ident: ref18 doi: 10.1109/NAECON.2015.7443059 – ident: ref9 doi: 10.1109/TIFS.2013.2238930 – ident: ref7 doi: 10.1109/TIFS.2019.2900906 – start-page: 160 year: 2012 ident: ref27 article-title: Secret agent radio: Covert communication through dirty constellations publication-title: Proc Int Workshop Inf Hiding – ident: ref3 doi: 10.1109/MDT.2010.7 – year: 2001 ident: ref21 publication-title: Digital Communications – ident: ref13 doi: 10.1007/978-3-319-21476-4_17 – ident: ref31 doi: 10.1109/ISQED.2016.7479197 – ident: ref12 doi: 10.1145/3243734.3243802 – ident: ref8 doi: 10.1109/ICCAD.2013.6691149 – year: 2016 ident: ref20 publication-title: IEEE 802 11-2012 Standard for Information Technology – ident: ref1 doi: 10.1145/2906147 – ident: ref24 doi: 10.1109/MDT.2010.21 – ident: ref28 doi: 10.1109/CNS.2015.7346830 – ident: ref29 doi: 10.23919/DATE.2017.7927268 – ident: ref15 doi: 10.1007/978-3-319-68511-3_5 – ident: ref2 doi: 10.1109/JPROC.2014.2335155 – ident: ref25 doi: 10.1109/SP.2007.36 – ident: ref22 doi: 10.1109/COMST.2014.2320074 – ident: ref10 doi: 10.1109/VTS.2015.7116257 – ident: ref16 doi: 10.1109/MWSCAS.2015.7282131 – start-page: 51 year: 2008 ident: ref26 article-title: Hardware trojan detection using path delay fingerprint publication-title: Proc IEEE Int Workshop Hardw -Orient Secur Trust |
| SSID | ssj0044168 |
| Score | 2.3275747 |
| Snippet | We investigate the risk posed by amplitude-modulating analog/RF hardware Trojans in wireless networks and propose a defense mechanism to mitigate the threat.... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 3497 |
| SubjectTerms | adaptive channel estimation Amplitudes Analog circuits Circuits Communication system security covert channel Defense mechanisms Hardware Hardware Trojan IEEE 802.11a/g Malware Orthogonal Frequency Division Multiplexing Receivers Transceivers Transmitters Trojan horses Wireless communication Wireless networks Wireless sensor networks |
| Title | Amplitude-Modulating Analog/RF Hardware Trojans in Wireless Networks: Risks and Remedies |
| URI | https://ieeexplore.ieee.org/document/9079514 https://www.proquest.com/docview/2414533537 |
| Volume | 15 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LT-MwEB4BJzgsr0VbXvKBEyJtEj-ScEOICpDgUIrUW-TYDmJBCWpaIfHrmcmjAhatuOVgR5Y--5tvPOMZgCNlDBopHXlGcukJjTyYxVJ6SnKLhCkpTYeyLW7V5b24nsjJEpws3sI45-rkM9enzzqWb0szp6uyATpyKAjEMizjNmveanWsi1a9efYmpfLQyeBtBDPwk8H4aniHnmDo94l7oyT8ZIPqpir_MHFtXobrcNMtrMkqeerPZ1nfvH2p2fjTlW_Ar1ZnsrNmY2zCkiu2YL3r4cDaI70Fax8KEm7D5IwSzKncpXdT2rqzV_HAqHBJ-TAYDRnF-V_11LHxtPyLRo49FozyZ5-RL9ltk1FenbLRY_VUMV1YNnIUvHfVb7gfXozPL72294JnUADMPBW6UMUmyKQIdChkYLl2NlaZJAgjlH1xIE0gtbaRskFieGxULoxD_YtcLvgOrBRl4f4As0mcax7qOENTKLhLkFZyP_dxOOe583vgd2ikpi1MTv0xntPaQfGTlABMCcC0BbAHx4spL01Vjv8N3iZAFgNbLHqw30Getue2SlHPCBTAkke738_ag1X6d3MJsw8rs-ncHaAsmWWH9X58B9Dc3IE |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NT9tAEB1ROLQcoIWihkK7B05VndjeD9vcECIKlOSQBik3a727RhRkozhRpf76zvgjKm2FuPmwK6_0dt-82ZmdAThRxqCR0pFnJJee0MiDWSylpyS3SJiS0nQo22KiRjfiai7nG_B1_RbGOVcnn7k-fdaxfFuaFV2VDdCRQ0EgXsEW2n0hm9daHe-iXW8evkmpPHQzeBvDDPxkMLscfkdfMPT7xL5REj6xQnVblX-4uDYww10Yd0tr8kru-6tl1je__qra-NK1v4WdVmmys2ZrvIMNV-zBbtfFgbWHeg-2_yhJuA_zM0oxp4KX3ri0dW-v4pZR6ZLydjAdMor0_9QLx2aL8geaOXZXMMqgfUDGZJMmp7w6ZdO76r5iurBs6ih876r3cDO8mJ2PvLb7gmdQAiw9FbpQxSbIpAh0KGRguXY2VpkkECMUfnEgTSC1tpGyQWJ4bFQujEMFjGwu-AFsFmXhPgCzSZxrHuo4Q2MouEuQWHI_93E457nze-B3aKSmLU1OHTIe0tpF8ZOUAEwJwLQFsAdf1lMem7oczw3eJ0DWA1ssenDUQZ62J7dKUdEIlMCSR4f_n_UZXo9m4-v0-nLy7SO8of80VzJHsLlcrNwxipRl9qnem78BhZHfzg |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Amplitude-Modulating+Analog%2FRF+Hardware+Trojans+in+Wireless+Networks%3A+Risks+and+Remedies&rft.jtitle=IEEE+transactions+on+information+forensics+and+security&rft.au=Subramani%2C+Kiruba+Sankaran&rft.au=Helal%2C+Noha&rft.au=Antonopoulos%2C+Angelos&rft.au=Nosratinia%2C+Aria&rft.date=2020&rft.issn=1556-6013&rft.eissn=1556-6021&rft.volume=15&rft.spage=3497&rft.epage=3510&rft_id=info:doi/10.1109%2FTIFS.2020.2990792&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TIFS_2020_2990792 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1556-6013&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1556-6013&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1556-6013&client=summon |