Advancing Security Red-Teaming in Cyber-Physical Systems via AI-Driven Side-Channel Analysis

Overview

Cyber-physical systems (CPS) such as mobile devices, Internet of Things (IoT), and autonomous vehicles are becoming ubiquitous in public and private spaces. While CPS integrate sensing, computation, control and networking into physical objects, the increasingly complex hardware and the lack of low-level data protection and privacy controls bring new security and privacy challenges resulting from side-channel information leakage and fundamental design flaws. Such side channels are challenging to prevent due to the undefined interactions between physical signals, sensor architectures, and wireless transmissions. In this talk, I will systematically reveal the security and privacy in the key components of CPS in critical infrastructures by characterizing the causality, limits, and mitigations of contactless side channels through physics modelling and computation. Specifically, I will introduce a series of CPS security research using hardware-software co-design and cutting-edge AI-driven techniques to red-teaming side-channel attacks against smartphone-embedded sensors, computation and control units in IoT devices, and metadata in wireless transmission, as well as propose effective defence methods. Beyond highlighting the academic and industrial impact of these studies, I will also demonstrate my future research vision of developing software-defined, model-safe and privacy-preserving mechanisms to protect emerging CPS platforms.