A team of computer scientists is working to prevent new types of denial-of-service attacks aimed at battery-powered mobile devices.
Tom Martin, a professor at Virginia Tech's electrical and computer engineering department, has received a grant for more than $400,000 from the National Science Foundation to devise a way to protect battery-operated computers from security attacks that could drain their batteries.
Although the researchers concede that such kinds of attacks are extremely rare, the proliferation of notebook computers, personal digital assistants, tablet PCs, networked cell phones and other devices could make them alluring targets.
The threat could be even more menacing to businesses that use battery backup systems to protect their databases and storage systems against electrical power outages.
"If a system has a battery backup unit for use during power failures, a power-based attack could cause the backup unit to fail before power is restored," Martin said. "I donít know of any instances of (such attacks) being used in practice, but the point of this project is to stop these attacks before they become common, by showing their potential effects and solutions for mitigating those effects."
Martin and colleagues Dong Ha and Michael Hsiao will focus on countering three potential ways to black out a battery-powered computer.
One method is a service-request attack, in which a hacker could send repeated requests for services over a network. In this case, a victim will expend energy deciding whether or not to honor the request. Another possible attack could involve power viruses, in which a victim is forced to execute a valid but energy-hungry task repeatedly.
Finally, a hacker could use malignant power viruses, in which a program is modified to make it consume more energy than it would otherwise.
The team is exploring ways to create an authentication architecture for mobile computing devices that guarantees a minimum battery life. Another area of focus is to design a method for identifying power-related security vulnerabilities. The authentication process would make all unverified requests consume less energy, while monitoring the energy levels would allow systems to catch commands that execute energy-hungry programs.
"The end result that I expect to see is a set of tools for use by designers of mobile computers to discover what the power-based security holes are in their systems, and a set of guidelines for them to follow to close those holes, or better yet, to not open the holes in the first place," Martin said.