Energy Attacks in the Battery-less Internet of Things

We study how ambient energy harvesting may be used as an attack vector in the battery-less Internet of Things (IoT). Battery-less IoT devices are employed in a multitude of application scenarios, including safety-critical ones such as biomedical implants and space systems, while relying on ambient energy harvesting to power their operation. Due to extreme scarcity of energy intakes and limited energy buffers, their executions become intermittent, alternating periods of active operation with periods of recharging their energy buffer while the device is off. We demonstrate that by exerting a limited control on the ambient supply of energy to the system, one can create situations of livelock, denial of service, and priority inversion, without requiring physical access to a device. Using machine learning and concepts of approximate computing, we design a technique that can detect energy attacks with 92%+ accuracy, corresponding to a 73+% improvement in accuracy over the baselines we consider, and run on extremely resource-constrained devices by imposing a limited overhead.