|Thanks to a hacker who started draining Tom Martins notebook battery, department researchers are now working to thwart attackers from draining the batteries of laptops and wireless devices, creating power-based denial of service attacks.
With a $400,000 NSF Information Technology Research (ITR) grant, Martin, Dong Ha, and Michael Hsiao are working to protect devices before power-related security attacks become widespread.
3 Chief Methods of Attack
Martin described three main methods for an attacker to drain the battery: service attacks, where repeated requests are made over a network; benign power viruses, where the victim is made to execute repeatedly a valid, but energy-hungry task; and malignant power viruses, where an attacker modifies a program to make it consume more energy than it would otherwise.
Defense against such attacks involves defining a power-secure architecture for mobile computing devices that guarantees a minimum battery life, and a design flow for identifying power-related security vulnerabilities.
Martin defined a power-secure architecture as one that employs two fundamental security features: multi-layer authentication and an energy-signature monitor. The multi-layer authentication ensures that all untrusted service requests consume less than a certain amount of energy, he explained. Additional resources are committed only to those requesters who have obtained further levels of trust. The energy signature monitor catches those intrusions that have entered the system to execute an energy-hungry application or service.
To help develop power-secure architectures, the ECE team is working to classify services to guarantee minimum mission time and generating, capturing, and validating energy signatures for trusted service requests. The final task validating the architectures will involve implementing actual power-related security attacks.