Cyber-Security Threats and Side-Channel Attacks for Digital Agriculture
Abstract
:1. Introduction
- We critically evaluated the existing literature on the cyber threats to digital agriculture.
- Details of SCA threats to digital agriculture and their implications are presented.
- We discuss the cyber-threats and related open challenges, both technical and non-technical, concerning digital agriculture.
2. Digital Agriculture
- Layer 1 is a sensing layer with different sensors to monitor the plants or environmental factors ranging from soil to weather conditions. Sensors would vary for different applications and use cases. These sensors are typically inexpensive, have small computation and battery power, are deployed in the field, and are primarily unattended in a hostile environment. The same layer can have actuator functionalities to perform a specific operation, such as water control or spraying via drones.
- Layer 2 is the gateway layer, where gateways provide an interface between the Internet and sensors. Typically, wireless communication is used to connect sensors. Depending on the application requirements, Zigbee, WiFi, Bluetooth, NB-IoT, Sigfox, LoRa, 5G, or satellite communication are used. The forwarding devices such as switches/access points are part of this layer.
- Layer 3 is the storage or processing layer. An in-house data storage or cloud solution could be used.
- Layer 4 is the application layer, where all the users see or control the sensors. Useful analytics are extracted from the data, and based on this, an informed action is performed. The end-user could be a farmer, an agroscientist, a broker, a trader, a government official, or a business.
2.1. Application—Smart Irrigation System
2.2. Application—Intelligent Machinery in Agriculture
3. Threats to Digital Agriculture
3.1. Research and Intellectual Property
3.2. Personally Identifiable Information
3.3. Commercially Sensitive Information
- Competitors use production efficiency statistics in their trading decisions, putting primary producers at a competitive disadvantage. Further, growth statistics lead to targeted research and IP theft attacks.
- Land valuation data, pricing data (logistics, supply chain, invoices, etc.), trading volume, sale trends, and growth statistics provide an insight to competitors for a better bargaining edge.
- Poorly defended small agriculture businesses and farms can be targeted to steal invoice information and banking details. These poorly secured businesses become weak links that enable unauthorised access to a large-scale network.
3.4. Internet of Things, Robotics, and Aerial Systems
3.5. Big Data and Machine Learning Threats
3.6. Supply Chain Threats
4. Side-Channel Attacks
5. Research Challenges and Future Directions
5.1. Intrusion Detection and Prevention System
5.2. DigAg Cyber-Security Framework
5.3. Privacy-Preserving Schemes
5.4. Vulnerability and Threat Analysis
5.5. Cyber Awareness and Incidence Response
6. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Desa, U. United Nations, Department of Economic and Social Affairs, Population Division. In World Population Prospects; United Nations: New York, NY, USA, 2019; Available online: https://population.un.org/wpp/Publications/Files/WPP2019_10KeyFindings.pdf (accessed on 15 January 2022).
- Basso, B.; Antle, J. Digital agriculture to design sustainable agricultural systems. Nat. Sustain. 2020, 3, 254–256. [Google Scholar] [CrossRef]
- Mathews, L. Florida Water Plant Hackers Exploited Old Software and Poor Password Habits. 2021. Available online: https://www.forbes.com/sites/leemathews/2021/02/15/florida-water-plant-hackers-exploited-old-software-and-poor-password-habits/?sh=78dd125c334e (accessed on 19 December 2021).
- Musotto, R.; Naser, M. Ransomware Attack on Sheep Farmers Shows There’s No Room for Woolly Thinking in Cyber Security. 2020. Available online: https://theconversation.com/ransomware-attack-on-sheep-farmers-shows-theres-no-room-for-woolly-thinking-in-cyber-security-132882 (accessed on 19 December 2021).
- Seselja, E. Cyber Attack Shuts Down Global Meat Processing Giant JBS. 2021. Available online: https://www.abc.net.au/news/2021-05-31/cyber-attack-shuts-down-global-meat-processing-giant-jbs/100178310 (accessed on 19 December 2021).
- Nikander, J.; Manninen, O.; Laajalahti, M. Requirements for cyber-security in agricultural communication networks. Comput. Electron. Agric. 2020, 179, 105776. [Google Scholar] [CrossRef]
- Zahidi, S. The Global Risks Report 2022, 17th Edition. 2018. Available online: https://www3.weforum.org/docs/WEFTheGlobalRisksReport2022.pdf (accessed on 19 January 2022).
- Nakhodchi, S.; Dehghantanha, A.; Karimipour, H. Privacy and Security in Smart and Precision Farming: A Bibliometric Analysis. In Handbook of Big Data Privacy; Springer: Cham, Switzerland, 2020. [Google Scholar] [CrossRef]
- Kristen, E.; Kloibhofer, R.; Díaz, V.H.; Castillejo, P. Security Assessment of Agriculture IoT (AIoT) Applications. Appl. Sci. 2021, 11, 5841. [Google Scholar] [CrossRef]
- Haas, R.; Hoffmann, C. Cyber Threats and Cyber Risks in Smart Farming; VDI Verlag: Düsseldorf, Germany, 2020. [Google Scholar] [CrossRef]
- Demestichas, K.; Peppes, N.; Alexakis, T. Survey on Security Threats in Agricultural IoT and Smart Farming. Sensors 2020, 20, 6458. [Google Scholar] [CrossRef]
- Rosline, G.J.; Rani, P.; Rajesh, D.G. Comprehensive Analysis on Security Threats Prevalent in IoT-Based Smart Farming Systems. In Ubiquitous Intelligent Systems; Springer: Singapore, 2022. [Google Scholar] [CrossRef]
- Tudosa, I.; Picariello, F.; Balestrieri, E.; Vito, L.D.; Lamonaca, F. Hardware Security in IoT era: The Role of Measurements and Instrumentation. In Proceedings of the 2nd Workshop on Metrology for Industry 4.0 and IoT MetroInd4.0&IoT 2019, Naples, Italy, 4–6 June 2019; pp. 285–290. [Google Scholar] [CrossRef]
- Randolph, M.; Diehl, W. Power Side-Channel Attack Analysis: A Review of 20 Years of Study for the Layman. Cryptography 2020, 4, 15. [Google Scholar] [CrossRef]
- Devi, M.; Majumder, A. Side-Channel Attack in Internet of Things: A Survey. In Applications of Internet of Things; Springer: Singapore, 2021. [Google Scholar] [CrossRef]
- Schimmelpfennig, D. Farm Profits and Adoption of Precision Agriculture; Technical Report ERR-217; U.S. Department of Agriculture, Economic Research Services: Washington, DC, USA, 2016. [Google Scholar]
- Hedley, C.; Yule, I. A method for spatial prediction of daily soil water status for precise irrigation scheduling. Agric. Water Manag. 2009, 96, 1737–1745. [Google Scholar] [CrossRef]
- Salam, A. A path loss model for through the soil wireless communications in digital agriculture. In Proceedings of the 2019 IEEE International Symposium on Antennas and Propagation (IEEE APS), Atlanta, GA, USA, 7–12 July 2019. [Google Scholar]
- Shamal, S.; Alhwaimel, S.A.; Mouazen, A.M. Application of an on-line sensor to map soil packing density for site specific cultivation. Soil Tillage Res. 2016, 162, 78–86. [Google Scholar] [CrossRef] [Green Version]
- Katta, S.; Ramatenki, S.; Sammeta, H. Smart irrigation and crop security in agriculture using IoT. In AI, Edge and IoT-Based Smart Agriculture; Academic Press: Cambridge, MA, USA, 2022. [Google Scholar] [CrossRef]
- Blender, T.; Buchner, T.; Fernandez, B.; Pichlmaier, B.; Schlegel, C. Managing a mobile agricultural robot swarm for a seeding task. In Proceedings of the IECON 2016-42nd Annual Conference of the IEEE Industrial Electronics Society, Florence, Italy, 24–27 October 2016; pp. 6879–6886. [Google Scholar]
- Weis, S. Protecting data in-use from firmware and physical attacks. Black Hat. 2014. Available online: https://www.blackhat.com/docs/us-14/materials/us-14-Weis-Protecting-Data-In-Use-From-Firmware-And-Physical-Attacks-WP.pdf (accessed on 15 January 2022).
- Ferrag, M.A.; Shu, L.; Yang, X.; Derhab, A.; Maglaras, L. Security and privacy for green IoT-based agriculture: Review, blockchain solutions, and challenges. IEEE Access 2020, 8, 32031–32053. [Google Scholar] [CrossRef]
- Madhurikkha, S.; Sabitha, R. An Efficient Integral Power-Elector Method with Enhanced AODV to Avoid Sleep Deprivation in Manet. Indian J. Sci. Technol. 2016, 9. [Google Scholar] [CrossRef]
- Whalen, S.; Bishop, M.; Engle, S. Protocol Vulnerability Analysis; Technical Report CSE-2005-04; Department of Computer Science, University of California: Berkeley, CA, USA, 2005. [Google Scholar]
- Bettayeb, M.; Nasir, Q.; Talib, M.A. Firmware update attacks and security for IoT devices: Survey. In Proceedings of the ArabWIC 6th Annual International Conference Research Track, Rabat, Morocco, 7–9 March 2019; pp. 1–6. [Google Scholar]
- Osanaiye, O.; Alfa, A.S.; Hancke, G.P. A statistical approach to detect jamming attacks in wireless sensor networks. Sensors 2018, 18, 1691. [Google Scholar] [CrossRef] [Green Version]
- Shaikh, A.A. Attacks on cloud computing and its countermeasures. In Proceedings of the 2016 International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES), Paralakhemundi, India, 3–5 October 2016; pp. 748–752. [Google Scholar]
- Rakotondravony, N.; Taubmann, B.; Mandarawi, W.; Weishäupl, E.; Xu, P.; Kolosnjaji, B.; Protsenko, M.; De Meer, H.; Reiser, H.P. Classifying malware attacks in IaaS cloud environments. J. Cloud Comput. 2017, 6, 1–12. [Google Scholar] [CrossRef] [Green Version]
- Borchi, J.; Woodcock, M.; Redshaw, M.; Raniga, B. Cyber Security Threats—Are We Prepared? A Threat-Based Assessment of the Cyber Resilience of the Australian Agricultural Sector; Technical Report; AgriFutures Australia: Wagga Wagga, NSW, Australia, 2021. [Google Scholar]
- Ryan, M. Ethics of using AI and big data in agriculture: The case of a large agriculture multinational. ORBIT J. 2019, 2, 1–27. [Google Scholar]
- Ronaghi, M.H. A blockchain maturity model in agricultural supply chain. Inf. Process. Agric. 2021, 8, 398–408. [Google Scholar] [CrossRef]
- Verdouw, C.; Beulens, A.J.; Reijers, H.A.; van der Vorst, J.G. A control model for object virtualization in supply chain management. Comput. Ind. 2015, 68, 116–131. [Google Scholar] [CrossRef] [Green Version]
- Mylrea, M.; Gourisetti, S.N.G. Blockchain for supply chain cyber-security, optimization and compliance. In Proceedings of the 2018 Resilience Week (RWS), Denver, CO, USA, 20–23 August 2018; pp. 70–76. [Google Scholar]
- Lou, X.; Zhang, T.; Jiang, J.; Zhang, Y. A survey of microarchitectural side-channel vulnerabilities, attacks and defenses in cryptography. arXiv 2021, arXiv:2103.14244. [Google Scholar] [CrossRef]
- Kocher, P.C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Annual International Cryptology Conference; Springer: Berlin/Heidelberg, Germany, 1996; pp. 104–113. [Google Scholar]
- Johnson, A.; Ward, R. Introducing The ‘Unified Side Channel Attack-Model’(USCA-M). In Proceedings of the 2020 8th International Symposium on Digital Forensics and Security (ISDFS), Beirut, Lebanon, 1–2 June 2020; pp. 1–9. [Google Scholar]
- Liu, H.; Spolaor, R.; Turrin, F.; Bonafede, R.; Conti, M. USB Powered Devices: A Survey of Side-Channel Threats and Countermeasures. High-Confid. Comput. 2021, 1, 100007. [Google Scholar] [CrossRef]
- Sayakkara, A.; Le-Khac, N.A.; Scanlon, M. A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics. Digit. Investig. 2019, 29, 43–54. [Google Scholar] [CrossRef] [Green Version]
- Lyu, Y.; Mishra, P. A survey of side-channel attacks on caches and countermeasures. J. Hardw. Syst. Secur. 2018, 2, 33–50. [Google Scholar] [CrossRef]
- Zhou, Y.; Feng, D. Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing. IACR Cryptol. ePrint Arch. 2005, 2005, 388. [Google Scholar]
- Abarzúa, R.; Valencia, C.; Lopez, J. Survey on performance and security problems of countermeasures for passive side-channel attacks on ECC. J. Cryptogr. Eng. 2021, 11, 71–102. [Google Scholar] [CrossRef]
- Hettwer, B.; Gehrer, S.; Güneysu, T. Applications of machine learning techniques in side-channel attacks: A survey. J. Cryptogr. Eng. 2020, 10, 135–162. [Google Scholar] [CrossRef]
- Tiri, K. Side-channel attack pitfalls. In Proceedings of the 2007 44th ACM/IEEE Design Automation Conference, San Diego, CA, USA, 4–8 June 2007; pp. 15–20. [Google Scholar]
- Suzaki, K.; Iijima, K.; Yagi, T.; Artho, C. Software side-channel attack on memory deduplication. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP 2011), Poster Session, Cascais, Portugal, 23–26 October 2011. [Google Scholar]
- Conti, M.; Mancini, L.V.; Spolaor, R.; Verde, N.V. Can’t you hear me knocking: Identification of user actions on android apps via traffic analysis. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA, 2–4 March 2015; pp. 297–304. [Google Scholar]
- Backes, M.; Dürmuth, M.; Gerling, S.; Pinkal, M.; Sporleder, C. Acoustic Side-Channel Attacks on Printers. USENIX Secur. Symp. 2010, 9, 307–322. [Google Scholar]
- Compagno, A.; Conti, M.; Lain, D.; Tsudik, G. Don’t skype & type! acoustic eavesdropping in voice-over-ip. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates, 2–6 April 2017; pp. 703–715. [Google Scholar]
- Seneviratne, S.; Seneviratne, A.; Mohapatra, P.; Mahanti, A. Predicting user traits from a snapshot of apps installed on a smartphone. ACM Sigmobile Mob. Comput. Commun. Rev. 2014, 18, 1–8. [Google Scholar] [CrossRef] [Green Version]
- Halevi, T.; Saxena, N. Keyboard acoustic side-channel attacks: Exploring realistic and security-sensitive scenarios. Int. J. Inf. Secur. 2015, 14, 443–456. [Google Scholar] [CrossRef]
- Liu, F.; Ren, L.; Bai, H. Mitigating cross-VM side-channel attack on multiple tenants cloud platform. J. Comput. 2014, 9, 1005–1013. [Google Scholar] [CrossRef]
- Islam, M.A.; Ren, S.; Wierman, A. Exploiting a thermal side-channel for power attacks in multi-tenant data centers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA, 30 October–3 November 2017; pp. 1079–1094. [Google Scholar]
- Aljuffri, A.; Zwalua, M.; Reinbrecht, C.R.W.; Hamdioui, S.; Taouil, M. Applying Thermal Side-Channel Attacks on Asymmetric Cryptography. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 2021, 29, 1930–1942. [Google Scholar] [CrossRef]
- Herder, C.; Yu, M.D.; Koushanfar, F.; Devadas, S. Physical unclonable functions and applications: A tutorial. Proc. IEEE 2014, 102, 1126–1141. [Google Scholar] [CrossRef]
- Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B. Towards the development of realistic botnet dataset in the Internet of things for network forensic analytics: Bot-iot dataset. Future Gener. Comput. Syst. 2019, 100, 779–796. [Google Scholar] [CrossRef] [Green Version]
- Khraisat, A.; Gondal, I.; Vamplew, P.; Kamruzzaman, J. Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity 2019, 2, 20. [Google Scholar] [CrossRef]
- Song, J.; Zhong, Q.; Wang, W.; Su, C.; Tan, Z.; Liu, Y. FPDP: Flexible privacy-preserving data publishing scheme for smart agriculture. IEEE Sens. J. 2020, 21, 17430–17438. [Google Scholar] [CrossRef]
Sensing/Actuation | Gateway | Storage | User | |
---|---|---|---|---|
Description | Threats are related to hardware, physical access, damage, firmware/hardware modification, or the wrong actuation to destroy crops. | Threats are related to data in transit and involve network devices and communication protocols. Vulnerabilities can be exploited to sniff out and access data, leading to diverse attacks. | Threats are related to data at rest, either in the cloud or on-premises. The compromise of data could lead to IP theft. | The end-user interface is at Layer 4, and the compromise of credentials through social engineering or malware injection could compromise the whole system. |
Threats | Physical attacks, device/sensor or firmware alteration [22], side-channel attacks, eavesdropping [23], booting, physical damage, malicious code, forgery, sleep deprivation attacks [24] | Protocol vulnerabilities [25], authentication, MIM, interference, firmware [26], routing, jamming [27], DoS/DDoS, sniffing attacks | SQL injection, data privacy, IP theft, encryption, confidentiality and integrity, cloud malware injection [28], misconfiguration, flooding attacks in the cloud [29] | Social engineering, phishing, access control, service interruption, insider attacks |
Countermeasures
|
SCA Threats | Method and Techniques | Explanation | Implication to DigAg |
---|---|---|---|
Microarchitectural (MA) [35] | Speculative execution, branch prediction, data flow analysis, reverse engineering | Malicious user compromises the vulnerability in hardware and software optimisation features of the computer system (CPU, GPU) to reveal secret information. | Most of the equipment is deployed remotely. Therefore, reverse engineering and MA techniques could be used to compromise secret keys. |
Power usage [14] | Simple power analysis, correlation power analysis, differential power analysis, USB power analysis [38] | Electronic components utilise energy to execute different instructions. The analysis of energy consumption to execute different instructions can be used to extract secret information. | Like MA, voltage and current analysis could be easily carried out with physical access to the devices. |
Electromagnetic emission [39] | EM fault induction, EM disturbance, EM correlation analysis | Electromagnetic emission is related to power usage. Frequency and amplitude are additional information revealed in EM. | Both physical and remote attacks are possible with EM emissions’ analysis. |
Clock timing [40] | Timing analysis including differential timing, evict and reload, flush and reload, prime, and count | Clock timing is related to MA side-channel attacks, where internal clock timing analysis could be used to time the execution of an instruction or access the memory. | DigAg applications are deployed in a hostile unmonitored environment. Physically compromising the devices would make it easy to recover secret keys using MA, EM, power usage, and clock timing. |
Cryptographic operation [41] | Crypto algorithm attacks [42], deep learning attacks [43], template attacks | Cryptographic algorithms are implemented in hardware or software. MA, EM, power usage, or machine learning could reveal public or private keys. | A combination of MA, EM, power usage, or machine learning techniques can be used to extract secret keys used in public and private cryptography. |
Memory operations [44] | Memory deduplication [45], memory translation, electromagnetic disturbance | Memory deduplication is a virtualisation technique in which the same contents across the pages are shared between processors. | Recovery of memory traces by physically accessing the devices used in DigAg applications. |
User interaction [46] | Gesture inference, keystroke inference, reflective inference, | User interaction with devices could be used to infer secret information. e.g., how keys are pressed or different gestures while using the device. | These threats are related to users and using the devices to access the DigAg applications. |
Acoustic [47,48] | Noise inference [49,50], radio wave induction, vibration inference | Audio leakage of keystrokes, voice recording for voice authentication are some examples | Hardware bugs to record the acoustic data and exfiltrate for later analysis |
Virtualisation interface [51] | Multi-tenant cross-talk [52], page fault exploit, virtual machine duplication exploit | The same physical resource is shared among different applications, and the attackers could recover memory traces. | These SCA threats are related to applications and data hosted on the cloud and can lead to IP, PII, and commercial data theft. |
Network interface [37] | LED interface, light induction | Physically clamping to the network card or eavesdropping on the wireless communication | Identifying communicating parties—from sending and receiving patterns, behavioural profiling to improve fingerprinting for marketing reasons |
Thermal Dissipation [53] | Thermal pattern correlation | Measuring thermal dissipation and correlating it to the workload in the hardware during the execution of instructions. | Thermal cameras and heat maps can be used alongside other SCA techniques on DigAg devices |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Alahmadi, A.N.; Rehman, S.U.; Alhazmi, H.S.; Glynn, D.G.; Shoaib, H.; Solé, P. Cyber-Security Threats and Side-Channel Attacks for Digital Agriculture. Sensors 2022, 22, 3520. https://doi.org/10.3390/s22093520
Alahmadi AN, Rehman SU, Alhazmi HS, Glynn DG, Shoaib H, Solé P. Cyber-Security Threats and Side-Channel Attacks for Digital Agriculture. Sensors. 2022; 22(9):3520. https://doi.org/10.3390/s22093520
Chicago/Turabian StyleAlahmadi, Adel N., Saeed Ur Rehman, Husain S. Alhazmi, David G. Glynn, Hatoon Shoaib, and Patrick Solé. 2022. "Cyber-Security Threats and Side-Channel Attacks for Digital Agriculture" Sensors 22, no. 9: 3520. https://doi.org/10.3390/s22093520