The number and creativity of side channel attacks have increased dramatically in recent years. Of particular interest are attacks leveraging power line communication to 1) gather information on power consumption from the victim and 2) exfiltrate data from compromised machines. Attack strategies of this nature on the greater power grid and building infrastructure levels have been shown to be a serious threat. This project further explores this concept of a novel attack vector by creating a new type of penetration testing tool: an USB power adapter capable of remote monitoring of device power consumption and communicating through powerline communications.
References
[1]
Horowitz, S.H., Phadke, A.G. and Henville, C.F. (2022) Power System Relaying. John Wiley & Sons.
[2]
Sagar, N. (2011) Powerline Communication Systems: Overview and Analysis. Ph.D. Thesis, Rutgers University.
[3]
Dierks, A. (2023) The Cybersecurity Benefits of Data-over-Power Communication. Smart Industry.
[4]
Yaacoub, J.P.A., Fernandez, J.H., Noura, H.N. and Chehab, A. (2021) Security of Power Line Communication Systems: Issues, Limitations and Existing Solutions. Computer Science Review, 39, Article ID: 100331. https://doi.org/10.1016/j.cosrev.2020.100331
[5]
Zhu, Y., Yan, J., Tang, Y., Sun, Y.L. and He, H. (2014) Coordinated Attacks against Substations and Transmission Lines in Power Grids. 2014 IEEE Global Communications Conference, Austin, 8-12 December 2014, 655-661. https://doi.org/10.1109/glocom.2014.7036882
[6]
Chung, H., Li, W., Yuen, C., Chung, W., Zhang, Y. and Wen, C. (2019) Local Cyber-Physical Attack for Masking Line Outage and Topology Attack in Smart Grid. IEEE Transactions on Smart Grid, 10, 4577-4588. https://doi.org/10.1109/tsg.2018.2865316
[7]
Guri, M., Zadov, B., Bykhovsky, D. and Elovici, Y. (2020) Powerhammer: Exfiltrating Data from Air-Gapped Computers through Power Lines. IEEE Transactions on Information Forensics and Security, 15, 1879-1890. https://doi.org/10.1109/tifs.2019.2952257
[8]
Guri, M. (2022) Covid-Bit: Keep a Distance of (at Least) 2m from My Air-Gap Computer! arXiv: 2212.03520.
[9]
(2024) USB Rubber Ducky. Hak5. https://hak5.org/collections/hotplug-attack-tools/products/usb-rubber-ducky
[10]
Woolley, M. (2024) The Bluetooth Low Energy Primer. https://www.bluetooth.com/wp-content/uploads/2022/05/Bluetooth_LE_Primer_Paper.pdf
[11]
Streubel, R. and Yang, B. (2012) Identification of Electrical Appliances via Analysis of Power Consumption. 2012 47th International Universities Power Engineering Conference (UPEC), Uxbridge, 4-7 September 2012, 1-6. https://doi.org/10.1109/upec.2012.6398559
