Security of Computer Systems with Non-Computational Sensor Side Channels


University of Michigan


Mengjia Yan
Side channels are unintentional information channels caused by shared resources in complex systems, often leading to the security risk of information leakage. While the embedded security community has investigated how to eliminate these channels in the computation space, the increasingly complex sensor hardware employed by emerging cyber-physical systems (CPS) creates new side channels that compromise both the integrity and confidentiality of data generated by sensor hardware. Such sensor side channels are challenging to prevent due to the undefined interactions between physical signals, sensor semiconductors, and downstream software. Using the example of camera sensing, my talk explains how to characterize the causality, limits, and mitigations of sensor side channels through physics modeling and lab experiments. I will first explain how camera images can not only leak sensitive unintended optical information, but also leak unintended room audio modulated in pixels. Then I will demonstrate how the electromagnetic leakage from smart home camera circuits allow eavesdroppers to reconstruct real-time, high-quality camera images even through walls. Besides developing defenses to confine the problems, I will also explain how sensor side channels can be leveraged to defend sensing applications. Finally, I will discuss my research vision for software-defined sensors that leverage signal processing and modeling to guide the synthesis of unintended sensor transduction—effectively creating new sensor modalities with unchanged hardware. This research appears in IEEE Symposium on Security and Privacy 2023 and Network and Distributed System Security Symposium 2024.