Skip to main content
SpringerLink
Log in

A Comparison of Backscattering, EM, and Power Side-Channels and Their Performance in Detecting Software and Hardware Intrusions

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Side-channel analysis is a powerful tool from both an attacker’s and defender’s perspective. Understanding similarities and differences among types of side-channels is a necessary step in better utilization of side-channels. This paper addresses this problem by modeling and quantitatively comparing backscattering, electromagnetic (EM), and power side-channels and discusses the performance of these three side-channels for detecting software malware and hardware Trojans (HT). The results show that for larger changes in the signals, such as those caused by malware intrusions, all three side-channels perform similarly. However, when smaller changes need to be observed, such as those caused by HTs, the backscattering side-channel outperforms EM and power side-channels.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26
Fig. 27
Fig. 28
Fig. 29
Fig. 30
Fig. 31
Fig. 32
Fig. 33
Fig. 34
Fig. 35
Fig. 36
Fig. 37
Fig. 38
Fig. 39

Similar content being viewed by others

References

  1. Kocher P, Jaffe J, Jun B (1999) Differential power analysis: leaking secrets. In: Proceedings of CRYPTO’99, Springer, Lecture notes in computer science, pp 388–397

  2. Bayrak AG, Regazzoni F, Brisk P, Standaert F-X, Ienne P (2011) A first step towards automatic application of power analysis countermeasures. In: Proceedings of the 48th Design Automation Conference (DAC)

  3. Rührmair U, Xu X, Sölter J, Mahmoud A, Majzoobi M, Koushanfar F, Burleson W (2014) Efficient power and timing side channels for physical unclonable functions. In: International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp 476–492

  4. Backes M, Durmuth M, Gerling S, Pinkal M, Sporleder C (2010) Acoustic side-channel attacks on printers. In: Proceedings of the USENIX Security Symposium

  5. Chari S, Rao JR, Rohatgi P (2002) Template attacks. In: Proceedings of Cryptographic Hardware and Embedded Systems – CHES 2002, pp 13–28

  6. Agrawal D, Archambeult B, Rao JR, Rohatgi P (2002) The EM side-channel(s). In: Proceedings of Cryptographic Hardware and Embedded Systems – CHES 2002, pp 29–45

  7. Genkin D, Pipman I, Tromer E (2015) Get your hands off my laptop: physical side-channel key-extraction attacks on pcs. J Cryptogr Eng 5(2):95–112

    Article  Google Scholar 

  8. Alam M, Khan HA, Dey M, Sinha N, Callan RL, Zajic AG, Prvulovic M (2018) One&done: a single-decryption EM-based attack on OpenSSL’s constant-time blinded RSA. In: USENIX Security, pp 585–602

  9. Sekiguchi H, Seto S (2013) Study on maximum receivable distance for radiated emission of information technology equipment causing information leakage. IEEE Trans Electromagn Compat 55(3):547–554

    Article  Google Scholar 

  10. Hayashi Y, Homma N, Mizuki T, Shimada H, Aoki T, Sone H, Sauvage L, Danger J-L (2013) Efficient evaluation of em radiation associated with information leakage from cryptographic devices. IEEE Trans Electromagn Compat 55(3):555–563

    Article  Google Scholar 

  11. Gandolfi K, Mourtel C, Olivier F (2001) Electromagnetic analysis: concrete results. In: Proceedings of Cryptographic Hardware and Embedded Systems – CHES 2001, pp 251–261

  12. Vuagnoux M, Pasini S (2010) An improved technique to discover compromising electromagnetic emanations. In: 2010 IEEE International Symposium on Electromagnetic Compatibility, pp 121–126

  13. Hayashi YI, Homma N, Mizuki T, Aoki T, Sone H, Sauvage L, Danger JL (2013) Analysis of electromagnetic information leakage from cryptographic devices with different physical structures. IEEE Trans Electromagn Compat 55(3):571– 580

    Article  Google Scholar 

  14. Callan R, Zajic A, Prvulovic M (2014) A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In: 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), IEEE, pp 242–254

  15. Yilmaz BB, Callan RL, Prvulovic M, Zajić A (2017) Capacity of the em covert/side-channel created by the execution of instructions in a processor. IEEE Trans Inf Foren Sec 13(3):605– 620

    Article  Google Scholar 

  16. Yilmaz BB, Prvulovic M, Zajić A (2019) Electromagnetic side channel information leakage created by execution of series of instructions in a computer processor. IEEE Trans Inf Foren Sec 15:776–789

    Article  Google Scholar 

  17. Yilmaz BB, Sehatbakhsh N, Zajić A, Prvulovic M (2019) Communication model and capacity limits of covert channels created by software activities. IEEE Transactions on Information Forensics and Security

  18. Liu L, Yan G, Zhang X, Chen S (2009) Virusmeter: Preventing your cellphone from spies. In: International Workshop on Recent Advances in Intrusion Detection, Springer, pp 244–264

  19. González CRA, Reed JH (2011) Power fingerprinting in sdr integrity assessment for security and regulatory compliance. Analog Integr Circ Sig Process 69(2-3):307

    Article  Google Scholar 

  20. Clark SS, Ransford B, Rahmati A, Guineau S, Sorber J, Xu W, Fu K (2013) Wattsupdoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. In: HealthTech

  21. Callan R, Behrang F, Zajic A, Prvulovic M, Orso A (2016) Zero-overhead profiling via em emanations. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, ACM, pp 401–412

  22. Nazari A, Sehatbakhsh N, Alam M, Zajic A, Prvulovic M (2017) Eddie: Em-based detection of deviations in program execution. In: Proceedings of the 44th Annual International Symposium on Computer Architecture, ser. ISCA ’17, pp 333–346

  23. Khan HA, Sehatbakhsh N, Nguyen LN, Callan R, Yeredor A, Prvulovic M, Zajić A (2019) Idea: Intrusion detection through electromagnetic-signal analysis for critical embedded and cyber-physical systems. IEEE Transactions on Dependable and Secure Computing (to be published)

  24. Khan HA, Sehatbakhsh N, Nguyen LN, Prvulovic M, Zajić A (2019) Malware detection in embedded systems using neural network model for electromagnetic side-channel signals. Journal of Hardware and Systems Security (to be published)

  25. Callan R, Zajić A, Prvulovic M (2015) Fase: Finding amplitude-modulated side-channel emanations. In: ACM SIGARCH Computer Architecture News, vol 43, no 3. ACM, pp 592–603

  26. Yilmaz BB, Ugurlu EM, Zajic A, Prvulovic M (2019) Instruction level program tracking using electromagnetic emanations. In: Proceedings of the SPIE, vol 11011. International Society for Optics and Photonics

  27. Sehatbakhsh N, Nazari A, Zajic A, Prvulovic M (2016) Spectral profiling: observer-effect-free profiling by monitoring em emanations. In: 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), pp 1–11

  28. Khan HA, Alam M, Zajic A, Prvulovic M (2018) Detailed tracking of program control flow using analog side-channel signals: a promise for iot malware detection and a threat for many cryptographic implementations. In: Cyber Sensing 2018, vol 10630. International Society for Optics and Photonics, p 1063005

  29. Tehranipoor M, Koushanfar F (2010) A survey of hardware trojan taxonomy and detection. IEEE Des Test Comput 27(1)

  30. Sehatbakhsh N, Alam M, Nazari A, Zajic A, Prvulovic M (2018) Syndrome: spectral analysis for anomaly detection on medical iot and embedded devices. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, pp 1–8

  31. Dey M, Nazari A, Zajic A, Prvulovic M (2018) Emprof: Memory profiling via em-emanation in iot and hand-held devices. In: 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), IEEE, pp 881–893

  32. Sehatbakhsh N, Nazari A, Khan H, Zajic A, Prvulovic M (2019) Emma: Hardware/software attestation framework for embedded systems using electromagnetic signals. In: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, pp 983–995

  33. Sehatbakhsh N, Nazari A, Alam M, Werner F, Zhu Y, Zajic A, Prvulovic M (2019) Remote: robust external malware detection framework by using electromagnetic signals. IEEE Transactions on Computers

  34. Agrawal D, Baktir S, Karakoyunlu D, Rohatgi P, Sunar B (2007) Trojan detection using ic fingerprinting. In: IEEE Symposium on Security and Privacy, 2007. SP’07, IEEE, pp 296–310

  35. Banga M, Hsiao MS (2008) A region based approach for the identification of hardware trojans. In: IEEE International Workshop on Hardware-Oriented Security and Trust, 2008. HOST 2008, IEEE, pp 40–47

  36. He C, Hou B, Wang L, En Y, Xie S (2015) A failure physics model for hardware trojan detection based on frequency spectrum analysis. In: 2015 IEEE International Reliability Physics Symposium (IRPS), IEEE, pp PR–1

  37. Banga M, Hsiao MS (2009) Vitamin: voltage inversion technique to ascertain malicious insertions in ics. In: 2009 IEEE International Workshop on Hardware-Oriented Security and Trust, IEEE, pp 104–107

  38. Narasimhan S, Du D, Chakraborty RS, Paul S, Wolff F, Papachristou C, Roy K, Bhunia S (2010) Multiple-parameter side-channel analysis: a non-invasive hardware trojan detection approach. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), IEEE, PP 13–18

  39. Bao C, Forte D, Srivastava A (2015) Temperature tracking: toward robust run-time detection of hardware trojans. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 34(10):1577–1585

    Article  Google Scholar 

  40. Forte D, Bao C, Srivastava A (2013) Temperature tracking: an innovative run-time approach for hardware trojan detection. In: Proceedings of the International Conference on Computer-Aided Design, IEEE Press, pp 532–539

  41. He J, Zhao Y, Guo X, Jin Y (2017) Hardware trojan detection through chip-free electromagnetic side-channel statistical analysis. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 25(10):2939–2948

    Article  Google Scholar 

  42. Balasch J, Gierlichs B, Verbauwhede I (2015) Electromagnetic circuit fingerprints for hardware trojan detection. In: 2015 IEEE International Symposium on Electromagnetic Compatibility (EMC), IEEE, pp 246–251

  43. Ngo XT, Najm Z, Bhasin S, Guilley S, Danger J-L (2016) Method taking into account process dispersion to detect hardware trojan horse by side-channel analysis. J Cryptogr Eng 6(3):239–247

    Article  Google Scholar 

  44. Hu K, Nowroz AN, Reda S, Koushanfar F (2013) High-sensitivity hardware trojan detection using multimodal characterization. In: Proceedings of the Conference on Design, Automation and Test in Europe, EDA Consortium, pp 1271–1276

  45. Nowroz AN, Hu K, Koushanfar F, Reda S (2014) Novel techniques for high-sensitivity hardware trojan detection using thermal and power maps. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 33(12):1792–1805

    Article  Google Scholar 

  46. Nguyen LN, Cheng C, Prvulovic M, Zajic A (2019) Creating a backscattering side channel to enable detection of dormant hardware trojans. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 27(7):1561–1574

    Article  Google Scholar 

  47. Rabaey JM, Chandrakasan AP, Nikolic B (2002) Digital integrated circuits. Prentice hall Englewood Cliffs, vol 2

  48. [Online]. Available: http://www.aaronia.com/products/antennas/Near-Field-Probe-Set-PBS2

  49. Agrawal D, Archambeault B, Rao JR, Rohatgi P (2002) The em side channel (s). In: International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp 29–45

  50. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual International Cryptology Conference, Springer, pp 388–397

  51. [Online]. Available: http://www.keysight.com/en/pd-2471132-pn-N7020A/

  52. [Online]. Available: https://www.com-power.com/ah118_horn_antenna.html

  53. Guthaus MR, Pingenberg JS, Emst D, Austin TM, Mudge T, Brown RB (2001) Mibench: a free, commercially representative embedded benchmark suite. In: Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop, ser WWC ’01

  54. “Trusthub,” http://www.trust-hub.org/benchmarks/trojan

Download references

Acknowledgments

This work has been supported, in part, by NSF grants 156399, 1651273, and 1740962; DARPA LADS contract FA8650-16-C-7620; and ONR grants N00014-17-1-2540 and N00014-19-1-2287.

Author information

Authors and Affiliations

  1. Georgia Institute of Technology, Atlanta, GA, 30332, USA

    Luong N. Nguyen, Chia-Lin Cheng, Frank T. Werner, Milos Prvulovic & Alenka Zajic

Authors
  1. Luong N. Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chia-Lin Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frank T. Werner
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Milos Prvulovic
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Alenka Zajic
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luong N. Nguyen.

Ethics declarations

Disclaimer

The views and findings expressed in this paper are those of the authors and do not necessarily reflect the views of NSF, DARPA, and ONR.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nguyen, L.N., Cheng, CL., Werner, F.T. et al. A Comparison of Backscattering, EM, and Power Side-Channels and Their Performance in Detecting Software and Hardware Intrusions. J Hardw Syst Secur 4, 150–165 (2020). https://doi.org/10.1007/s41635-020-00093-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-020-00093-y

Keywords

Search

Navigation