ABSTRACT
Bridging concepts from information security and resonance theory, we propose a novel denial of service attack against hard disk drives (HDDs). In this attack, acoustic signals are used to cause rotational vibrations in HDD platters in an attempt to create failures in read/write operations, ultimately halting the correct operation of HDDs. We perform a comprehensive examination of multiple HDDs to characterize the attack and show the feasibility of the attack in two real-world systems, namely, surveillance devices and personal computers. Our attack highlights an overlooked security vulnerability of HDDs, introducing a new threat that can potentially endanger the security of numerous systems.
- HDDs and SSDs: global shipments 2015--2021. https://www.statista.com/statistics/285474/hdds-and-ssds-in-pcs-global-shipments-2012--2017/. Accessed: 2018--2--6.Google Scholar
- Loud sounds can kill computer hard drives. http://www.abc.net.au/radionational/programs/greatmomentsinscience/loud-sounds-can-kill-computer-hard-drives/7938388 . Accessed: 2017--12--10.Google Scholar
- Resonance attack against HDD. https://www.youtube.com/watch?v=8DdqTz3CW5Y. Accessed: 2017--11--19.Google Scholar
- Shouting in the Datacenter. https://www.youtube.com/watch?v=tDacjrSCeq4. Accessed: 2017--12--10.Google Scholar
- AlShaikh, A., and Sedky, M. Post incident analysis framework for automated video forensic investigation. International Journal of Computer Applications 135, 12 (2016), 1--7.Google ScholarCross Ref
- Backes, M., Dürmuth, M., Gerling, S., Pinkal, M., and Sporleder, C. Acoustic side-channel attacks on printers. In USENIX Security Symp. (2010), pp. 307--322. Google ScholarDigital Library
- Biedermann, S., Katzenbeisser, S., and Szefer, J. Hard drive side-channel attacks using smartphone magnetic field sensors. In International Conference on Financial Cryptography and Data Security (2015), Springer, pp. 489--496.Google ScholarCross Ref
- Bolton, C., Rampazzi, S., Li, C., Kwong, A., Xu, W., and Fu, K. Blue Note: How intentional acoustic interference damages availability and integrity in hard disk drives and operating systems. In 2018 IEEE Symposium on Security and Privacy (SP) (2018), pp. 824--838.Google ScholarCross Ref
- Carlini, N., Mishra, P., Vaidya, T., Zhang, Y., Sherr, M., Shields, C., Wagner, D., and Zhou, W. Hidden voice commands. In USENIX Security Symposium (2016), pp. 513--530. Google ScholarDigital Library
- Chan, C. S., Pan, B., Gross, K., Vaidyanathan, K., and Rosing, T. v. Correcting vibration-induced performance degradation in enterprise servers. SIGMETRICS Perform. Eval. Rev. 41, 3 (Jan. 2014), 83--88. Google ScholarDigital Library
- Dean, R. N., Castro, S. T., Flowers, G. T., Roth, G., Ahmed, A., Hodel, A. S., Grantham, B. E., Bittle, D. A., and Brunsch, J. P. A characterization of the performance of a MEMS gyroscope in acoustically harsh environments. IEEE Transactions on Industrial Electronics 58, 7 (2011), 2591--2596.Google ScholarCross Ref
- Dean, R. N., Flowers, G. T., Hodel, A. S., Roth, G., Castro, S., Zhou, R., Moreira, A., Ahmed, A., Rifki, R., Grantham, B. E., et al. On the degradation of MEMS gyroscope performance in the presence of high power acoustic noise. In Industrial Electronics, 2007. ISIE 2007. IEEE International Symposium on (2007), IEEE, pp. 1435--1440.Google ScholarCross Ref
- Flax, L., Gaunaurd, G. C., and Uberall, H. Theory of resonance scattering. Physical acoustics 15 (1981), 191--294.Google Scholar
- Guri, M., Solewicz, Y., Daidakulov, A., and Elovici, Y. Acoustic data exfiltration from speakerless air-gapped computers via covert hard-drive noise (DiskFiltration). Springer International Publishing, Cham, 2017, pp. 98--115.Google ScholarCross Ref
- Igami, M., and Uetake, K. Mergers, innovation, and entry-exit dynamics: Consolidation of the hard disk drive industry, 1996--2015, 2016.Google Scholar
- Li, J., Ji, X., Jia, Y., Zhu, B., Wang, G., Li, Z., and Liu, X. Hard drive failure prediction using classification and regression trees. In Dependable Systems and Networks (DSN), 44th Annual IEEE/IFIP Int. Conference on (2014), IEEE, pp. 383--394. Google ScholarDigital Library
- Mahdisoltani, F., Stefanovici, I., and Schroeder, B. Proactive error prediction to improve storage system reliability. In 2017 USENIX Annual Technical Conference (USENIX ATC 17) (Santa Clara, CA, 2017), USENIX Association, pp. 391--402. Google ScholarDigital Library
- Manousakis, I., Sankar, S., McKnight, G., Nguyen, T. D., and Bianchini, R. Environmental conditions and disk reliability in free-cooled datacenters. In 14th USENIX Conference on File and Storage Technologies (FAST 16) (Santa Clara, CA, 2016), USENIX Association, pp. 53--65. Google ScholarDigital Library
- Matyunin, N., Szefer, J., Biedermann, S., and Katzenbeisser, S. Covert channels using mobile device's magnetic field sensors. In 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC) (Jan 2016), pp. 525--532.Google ScholarCross Ref
- Mosenia, A., and Jha, N. K. A comprehensive study of security of Internet-of-Things. IEEE Transactions on Emerging Topics in Computing 5, 4 (2017), 586--602.Google ScholarCross Ref
- Nia, A. M., Sur-Kolay, S., Raghunathan, A., and Jha, N. K. Physiological information leakage: A new frontier in health information security. IEEE Transactions on Emerging Topics in Computing 4, 3 (2016), 321--334.Google Scholar
- Parker, J. E. Towards an acoustic jurisprudence: Law and the long range acoustic device. Law, Culture and the Humanities 14, 2 (2018), 202--218.Google Scholar
- Re, M. Hackers can now steal data by listening to the sound of a computer's hard drive. https://www.forbes.com/sites/tomcoughlin/2015/06/28/progress-in-hdd-areal-density/#4f4554a61671. Accessed: 2017--12--10.Google Scholar
- Re, M. Tech talk on HDD areal density. https://www.seagate.com/www-content/investors/_shared/docs/tech-talk-mark-re-20150825.pdf. Accessed: 2017--12--10.Google Scholar
- Schroeder, B., and Gibson, G. A. Disk failures in the real world: What does an MTTF of 1,000,000 hours mean to you? In FAST (2007), vol. 7, pp. 1--16. Google ScholarDigital Library
- Shahrad, M., and Wentzlaff, D. Availability Knob: Flexible user-defined availability in the cloud. In Proceedings of the Seventh ACM Symposium on Cloud Computing (2016), SoCC '16, ACM, pp. 42--56. Google ScholarDigital Library
- Son, Y., Shin, H., Kim, D., Park, Y., Noh, J., Choi, K., Choi, J., and Kim, Y. Rocking drones with intentional sound noise on gyroscopic sensors. In 24th USENIX Security Symposium (2015), USENIX Association, pp. 881--896. Google ScholarDigital Library
- Song, L., and Mittal, P. Inaudible voice commands. arXiv preprint arXiv:1708.07238 (2017).Google Scholar
- Trippel, T., Weisse, O., Xu, W., Honeyman, P., and Fu, K. WALNUT: Waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P 2017).Google ScholarCross Ref
- Überall, H., Moser, P., Murphy, J., Nagl, A., Igiri, G., Subrahmanyam, J., Gaunard, G., Brill, D., Delsanto, P., Alemar, J., et al. Electromagnetic and acoustic resonance scattering theory. Wave Motion 5, 4 (1983), 307--329.Google ScholarCross Ref
- Vaidya, T. Cocaine Noodles: exploiting the gap between human and machine speech recognition. Presented at WOOT 15 (2015), 10--11. Google ScholarDigital Library
- Valentine, T., and Davis, J. P. Forensic facial identification: Theory and practice of identification from eyewitnesses, composites and CCTV. John Wiley & Sons, 2015.Google ScholarCross Ref
- Wang, W., Guo, G., and Chong, T.-C. HDD actuator resonance detection through acoustic signal analysis. IEEE transactions on magnetics 36, 5 (2000), 3585--3587.Google Scholar
- Wang, Y., Miao, Q., Ma, E. W., Tsui, K.-L., and Pecht, M. G. Online anomaly detection for hard disk drives based on mahalanobis distance. IEEE Transactions on Reliability 62, 1 (2013), 136--145.Google ScholarCross Ref
- Xu, X., and Huang, H. H. Exploring data-level error tolerance in high-performance solid-state drives. IEEE Trans. on Reliability 64, 1 (2015), 15--30.Google ScholarCross Ref
- Yamaguchi, T., Hirata, M., and Pang, J. C. K. High-speed precision motion control. CRC press, 2017.Google Scholar
- Zhang, G., Yan, C., Ji, X., Zhang, T., Zhang, T., and Xu, W. DolphinAttack: Inaudible voice commands. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017), CCS '17, ACM, pp. 103--117. Google ScholarDigital Library
Index Terms
Acoustic Denial of Service Attacks on Hard Disk Drives
Recommendations
Surviving Distributed Denial-of-Service Attacks
A series of distributed denial-of-service (DDoS) attacks were launched against computer systems and services in the US and South Korea beginning July 4th. A DDoS attack is an attempt to make a computer service unavailable to its intended users. The ...
A Survey on Denial of Service Attacks and Preclusions
ICIA-16: Proceedings of the International Conference on Informatics and AnalyticsSecurity is concerned with protecting assets. The aspects of security can be applied to any situation- defense, detection and deterrence. Network security plays important role of protecting information, hardware and software on a computer network. ...
Mitigating denial of service attacks: a tutorial
This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...
Comments