Amplitude-Modulating Analog/RF Hardware Trojans in Wireless Networks: Risks and Remedies

We investigate the risk posed by amplitude-modulating analog/RF hardware Trojans in wireless networks and propose a defense mechanism to mitigate the threat. First, we introduce the operating principles of amplitude-modulating analog/RF hardware Trojan circuits and we theoretically analyze their per...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on information forensics and security Vol. 15; pp. 3497 - 3510
Main Authors Subramani, Kiruba Sankaran, Helal, Noha, Antonopoulos, Angelos, Nosratinia, Aria, Makris, Yiorgos
Format Journal Article
LanguageEnglish
Published New York IEEE 2020
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
adaptive channel estimation
Amplitudes
Analog circuits
Circuits
Communication system security
covert channel
Defense mechanisms
Hardware
Hardware Trojan
IEEE 802.11a/g
Malware
Orthogonal Frequency Division Multiplexing
Receivers
Transceivers
Transmitters
Trojan horses
Wireless communication
Wireless networks
Wireless sensor networks
Online AccessGet full text

Cover

More Information
Summary:We investigate the risk posed by amplitude-modulating analog/RF hardware Trojans in wireless networks and propose a defense mechanism to mitigate the threat. First, we introduce the operating principles of amplitude-modulating analog/RF hardware Trojan circuits and we theoretically analyze their performance characteristics. Subject to channel conditions and hardware Trojan design restrictions, this analysis seeks to determine the impact of these malicious circuits on the legitimate communication and to understand the capabilities of the covert channel that they establish in practical wireless networks, by characterizing its error probability. Next, we present the implementation of two hardware Trojan examples on a Wireless Open-Access Research Platform (WARP)-based experimental setup. These examples reside in the analog and the RF circuitry of an 802.11a/g transmitter, respectively, where they manipulate the transmitted signal characteristics to leak their payload bits. Using these examples, we demonstrate (i) attack robustness, i.e., ability of the rogue receiver to successfully retrieve the leaked data, and (ii) attack inconspicuousness, i.e., ability of the hardware Trojan circuits to evade detection by existing defense methods. Lastly, we propose a defense mechanism that is capable of detecting analog/RF hardware Trojans in WiFi transceivers. The proposed defense, termed Adaptive Channel Estimation (ACE), leverages channel estimation capabilities of Orthogonal Frequency Division Multiplexing (OFDM) systems to robustly expose the Trojan activity in the presence of channel fading and device noise. Effectiveness of the ACE defense has been verified through experiments conducted in actual channel conditions, namely over-the-air and in the presence of interference.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2020.2990792