Tolga Arul

Markus Heinrich, Arwed Gölz, Tolga Arul et al.

We propose a rule-based anomaly detection system for railway signalling that mitigates attacks by a Dolev-Yao attacker who is able to inject control commands and to perform semantic attacks. The system as well mitigates the effects of a compromised signal box that an attacker uses to issue licit but mistimed control messages. We consider an attacker that could cause train derailments and collisions, if our countermeasure is not employed. We apply safety principles of railway operation to a distributed anomaly detection system that inspects incoming commands on the signals and points. The proposed anomaly detection system detects all attacks of our model without producing false positives, while it requires only a small amount of overhead in terms of network communication and latency compared to normal train operation.

Nikolay Matyunin, Yujue Wang, Tolga Arul et al.

Recent studies have shown that aggregate CPU usage and power consumption traces on smartphones can leak information about applications running on the system or websites visited. In response, access to such data has been blocked for mobile applications starting from Android 8. In this work, we explore a new source of side-channel leakage for this class of attacks. Our method is based on the fact that electromagnetic activity caused by mobile processors leads to noticeable disturbances in magnetic sensor measurements on mobile devices, with the amplitude being proportional to the CPU workload. Therefore, recorded sensor data can be analyzed to reveal information about ongoing activities. The attack works on a number of devices: we evaluated 80 models of modern smartphones and tablets and observed the reaction of the magnetometer to the CPU activity on 56 of them. On selected devices we were able to successfully identify which application has been opened (with up to 90% accuracy) or which web page has been loaded (up to 91% accuracy). The presented side channel poses a significant risk to end users' privacy, as the sensor data can be recorded from native apps or even from web pages without user permissions. Finally, we discuss possible countermeasures to prevent the presented information leakage.