Abstract
Side-channel analysis is a powerful tool from both an attacker’s and defender’s perspective. Understanding similarities and differences among types of side-channels is a necessary step in better utilization of side-channels. This paper addresses this problem by modeling and quantitatively comparing backscattering, electromagnetic (EM), and power side-channels and discusses the performance of these three side-channels for detecting software malware and hardware Trojans (HT). The results show that for larger changes in the signals, such as those caused by malware intrusions, all three side-channels perform similarly. However, when smaller changes need to be observed, such as those caused by HTs, the backscattering side-channel outperforms EM and power side-channels.
Similar content being viewed by others
References
Kocher P, Jaffe J, Jun B (1999) Differential power analysis: leaking secrets. In: Proceedings of CRYPTO’99, Springer, Lecture notes in computer science, pp 388–397
Bayrak AG, Regazzoni F, Brisk P, Standaert F-X, Ienne P (2011) A first step towards automatic application of power analysis countermeasures. In: Proceedings of the 48th Design Automation Conference (DAC)
Rührmair U, Xu X, Sölter J, Mahmoud A, Majzoobi M, Koushanfar F, Burleson W (2014) Efficient power and timing side channels for physical unclonable functions. In: International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp 476–492
Backes M, Durmuth M, Gerling S, Pinkal M, Sporleder C (2010) Acoustic side-channel attacks on printers. In: Proceedings of the USENIX Security Symposium
Chari S, Rao JR, Rohatgi P (2002) Template attacks. In: Proceedings of Cryptographic Hardware and Embedded Systems – CHES 2002, pp 13–28
Agrawal D, Archambeult B, Rao JR, Rohatgi P (2002) The EM side-channel(s). In: Proceedings of Cryptographic Hardware and Embedded Systems – CHES 2002, pp 29–45
Genkin D, Pipman I, Tromer E (2015) Get your hands off my laptop: physical side-channel key-extraction attacks on pcs. J Cryptogr Eng 5(2):95–112
Alam M, Khan HA, Dey M, Sinha N, Callan RL, Zajic AG, Prvulovic M (2018) One&done: a single-decryption EM-based attack on OpenSSL’s constant-time blinded RSA. In: USENIX Security, pp 585–602
Sekiguchi H, Seto S (2013) Study on maximum receivable distance for radiated emission of information technology equipment causing information leakage. IEEE Trans Electromagn Compat 55(3):547–554
Hayashi Y, Homma N, Mizuki T, Shimada H, Aoki T, Sone H, Sauvage L, Danger J-L (2013) Efficient evaluation of em radiation associated with information leakage from cryptographic devices. IEEE Trans Electromagn Compat 55(3):555–563
Gandolfi K, Mourtel C, Olivier F (2001) Electromagnetic analysis: concrete results. In: Proceedings of Cryptographic Hardware and Embedded Systems – CHES 2001, pp 251–261
Vuagnoux M, Pasini S (2010) An improved technique to discover compromising electromagnetic emanations. In: 2010 IEEE International Symposium on Electromagnetic Compatibility, pp 121–126
Hayashi YI, Homma N, Mizuki T, Aoki T, Sone H, Sauvage L, Danger JL (2013) Analysis of electromagnetic information leakage from cryptographic devices with different physical structures. IEEE Trans Electromagn Compat 55(3):571– 580
Callan R, Zajic A, Prvulovic M (2014) A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In: 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), IEEE, pp 242–254
Yilmaz BB, Callan RL, Prvulovic M, Zajić A (2017) Capacity of the em covert/side-channel created by the execution of instructions in a processor. IEEE Trans Inf Foren Sec 13(3):605– 620
Yilmaz BB, Prvulovic M, Zajić A (2019) Electromagnetic side channel information leakage created by execution of series of instructions in a computer processor. IEEE Trans Inf Foren Sec 15:776–789
Yilmaz BB, Sehatbakhsh N, Zajić A, Prvulovic M (2019) Communication model and capacity limits of covert channels created by software activities. IEEE Transactions on Information Forensics and Security
Liu L, Yan G, Zhang X, Chen S (2009) Virusmeter: Preventing your cellphone from spies. In: International Workshop on Recent Advances in Intrusion Detection, Springer, pp 244–264
González CRA, Reed JH (2011) Power fingerprinting in sdr integrity assessment for security and regulatory compliance. Analog Integr Circ Sig Process 69(2-3):307
Clark SS, Ransford B, Rahmati A, Guineau S, Sorber J, Xu W, Fu K (2013) Wattsupdoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. In: HealthTech
Callan R, Behrang F, Zajic A, Prvulovic M, Orso A (2016) Zero-overhead profiling via em emanations. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, ACM, pp 401–412
Nazari A, Sehatbakhsh N, Alam M, Zajic A, Prvulovic M (2017) Eddie: Em-based detection of deviations in program execution. In: Proceedings of the 44th Annual International Symposium on Computer Architecture, ser. ISCA ’17, pp 333–346
Khan HA, Sehatbakhsh N, Nguyen LN, Callan R, Yeredor A, Prvulovic M, Zajić A (2019) Idea: Intrusion detection through electromagnetic-signal analysis for critical embedded and cyber-physical systems. IEEE Transactions on Dependable and Secure Computing (to be published)
Khan HA, Sehatbakhsh N, Nguyen LN, Prvulovic M, Zajić A (2019) Malware detection in embedded systems using neural network model for electromagnetic side-channel signals. Journal of Hardware and Systems Security (to be published)
Callan R, Zajić A, Prvulovic M (2015) Fase: Finding amplitude-modulated side-channel emanations. In: ACM SIGARCH Computer Architecture News, vol 43, no 3. ACM, pp 592–603
Yilmaz BB, Ugurlu EM, Zajic A, Prvulovic M (2019) Instruction level program tracking using electromagnetic emanations. In: Proceedings of the SPIE, vol 11011. International Society for Optics and Photonics
Sehatbakhsh N, Nazari A, Zajic A, Prvulovic M (2016) Spectral profiling: observer-effect-free profiling by monitoring em emanations. In: 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), pp 1–11
Khan HA, Alam M, Zajic A, Prvulovic M (2018) Detailed tracking of program control flow using analog side-channel signals: a promise for iot malware detection and a threat for many cryptographic implementations. In: Cyber Sensing 2018, vol 10630. International Society for Optics and Photonics, p 1063005
Tehranipoor M, Koushanfar F (2010) A survey of hardware trojan taxonomy and detection. IEEE Des Test Comput 27(1)
Sehatbakhsh N, Alam M, Nazari A, Zajic A, Prvulovic M (2018) Syndrome: spectral analysis for anomaly detection on medical iot and embedded devices. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, pp 1–8
Dey M, Nazari A, Zajic A, Prvulovic M (2018) Emprof: Memory profiling via em-emanation in iot and hand-held devices. In: 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), IEEE, pp 881–893
Sehatbakhsh N, Nazari A, Khan H, Zajic A, Prvulovic M (2019) Emma: Hardware/software attestation framework for embedded systems using electromagnetic signals. In: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, pp 983–995
Sehatbakhsh N, Nazari A, Alam M, Werner F, Zhu Y, Zajic A, Prvulovic M (2019) Remote: robust external malware detection framework by using electromagnetic signals. IEEE Transactions on Computers
Agrawal D, Baktir S, Karakoyunlu D, Rohatgi P, Sunar B (2007) Trojan detection using ic fingerprinting. In: IEEE Symposium on Security and Privacy, 2007. SP’07, IEEE, pp 296–310
Banga M, Hsiao MS (2008) A region based approach for the identification of hardware trojans. In: IEEE International Workshop on Hardware-Oriented Security and Trust, 2008. HOST 2008, IEEE, pp 40–47
He C, Hou B, Wang L, En Y, Xie S (2015) A failure physics model for hardware trojan detection based on frequency spectrum analysis. In: 2015 IEEE International Reliability Physics Symposium (IRPS), IEEE, pp PR–1
Banga M, Hsiao MS (2009) Vitamin: voltage inversion technique to ascertain malicious insertions in ics. In: 2009 IEEE International Workshop on Hardware-Oriented Security and Trust, IEEE, pp 104–107
Narasimhan S, Du D, Chakraborty RS, Paul S, Wolff F, Papachristou C, Roy K, Bhunia S (2010) Multiple-parameter side-channel analysis: a non-invasive hardware trojan detection approach. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), IEEE, PP 13–18
Bao C, Forte D, Srivastava A (2015) Temperature tracking: toward robust run-time detection of hardware trojans. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 34(10):1577–1585
Forte D, Bao C, Srivastava A (2013) Temperature tracking: an innovative run-time approach for hardware trojan detection. In: Proceedings of the International Conference on Computer-Aided Design, IEEE Press, pp 532–539
He J, Zhao Y, Guo X, Jin Y (2017) Hardware trojan detection through chip-free electromagnetic side-channel statistical analysis. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 25(10):2939–2948
Balasch J, Gierlichs B, Verbauwhede I (2015) Electromagnetic circuit fingerprints for hardware trojan detection. In: 2015 IEEE International Symposium on Electromagnetic Compatibility (EMC), IEEE, pp 246–251
Ngo XT, Najm Z, Bhasin S, Guilley S, Danger J-L (2016) Method taking into account process dispersion to detect hardware trojan horse by side-channel analysis. J Cryptogr Eng 6(3):239–247
Hu K, Nowroz AN, Reda S, Koushanfar F (2013) High-sensitivity hardware trojan detection using multimodal characterization. In: Proceedings of the Conference on Design, Automation and Test in Europe, EDA Consortium, pp 1271–1276
Nowroz AN, Hu K, Koushanfar F, Reda S (2014) Novel techniques for high-sensitivity hardware trojan detection using thermal and power maps. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 33(12):1792–1805
Nguyen LN, Cheng C, Prvulovic M, Zajic A (2019) Creating a backscattering side channel to enable detection of dormant hardware trojans. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 27(7):1561–1574
Rabaey JM, Chandrakasan AP, Nikolic B (2002) Digital integrated circuits. Prentice hall Englewood Cliffs, vol 2
[Online]. Available: http://www.aaronia.com/products/antennas/Near-Field-Probe-Set-PBS2
Agrawal D, Archambeault B, Rao JR, Rohatgi P (2002) The em side channel (s). In: International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp 29–45
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual International Cryptology Conference, Springer, pp 388–397
[Online]. Available: http://www.keysight.com/en/pd-2471132-pn-N7020A/
[Online]. Available: https://www.com-power.com/ah118_horn_antenna.html
Guthaus MR, Pingenberg JS, Emst D, Austin TM, Mudge T, Brown RB (2001) Mibench: a free, commercially representative embedded benchmark suite. In: Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop, ser WWC ’01
“Trusthub,” http://www.trust-hub.org/benchmarks/trojan
Acknowledgments
This work has been supported, in part, by NSF grants 156399, 1651273, and 1740962; DARPA LADS contract FA8650-16-C-7620; and ONR grants N00014-17-1-2540 and N00014-19-1-2287.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Disclaimer
The views and findings expressed in this paper are those of the authors and do not necessarily reflect the views of NSF, DARPA, and ONR.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Nguyen, L.N., Cheng, CL., Werner, F.T. et al. A Comparison of Backscattering, EM, and Power Side-Channels and Their Performance in Detecting Software and Hardware Intrusions. J Hardw Syst Secur 4, 150–165 (2020). https://doi.org/10.1007/s41635-020-00093-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-020-00093-y