ABSTRACT
This paper addresses two reliability-based security threats and mitigations for embedded systems namely, aging and thermal side channels. Device aging can be used as a hardware attack vector by using voltage scaling or specially crafted instruction sequences to violate embedded processor guard bands. Short-term aging effects can be utilized to cause transient degradation of the embedded device without leaving any trace of the attack. (Thermal) side channels can be used as an attack vector and as a defense. Specifically, thermal side channels are an effective and secure way to remotely monitor code execution on an embedded processor and/or to possibly leak information. Although various algorithmic means to detect anomaly are available, machine learning tools are effective for anomaly detection. We will show such utilization of deep learning networks in conjunction with thermal side channels to detect code injection/modification representing anomaly.
- 2014. Cyanogenmod forum. http://forum.cyanogenmod.com/ (last accessed 10 Feb., 2014). (2014).Google Scholar
- 2014. ICS-CERT year in review - 2014. [Online]: https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2014_Final.pdf. (2014).Google Scholar
- 2015. NCCIC/ICS-CERT Year in Review - 2015. [Online]: https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2015_Final_S508C.pdf. (2015).Google Scholar
- D. Agrawal, B. Selcuk, K.Deniz, P. Rohatgi, and B. Sunar. 2007. Trojan detection using IC fingerprinting. In IEEE Symposium on Security and Privacy. 296--310. Google ScholarDigital Library
- M. A. Alam, K. Haldun, V. Dhanoop, and M. Souvik. 2007. A comprehensive model for PMOS NBTI degradation: Recent progress. Microelectronics Reliability 47, 6 (June 2007), 853--862. Google ScholarDigital Library
- H. Amrouch and J. Henkel. 2015. Lucid infrared thermography of thermally-constrained processors. In IEEE/ACM Symposium on Low Power Electronics and Design (ISLPED). 347--352. Google ScholarCross Ref
- H. Amrouch, B. Khaleghi, A. Gerstlauer, and J. Henkel. 2016. Reliability-aware Design to Suppress Aging. In IEEE/ACM Design Automation Conference. 1--6. Google ScholarDigital Library
- H. Amrouch, J. Martin-Martinez, V. van Santen, M. Moras, R. Rodriguez, M. Nafria, and J. Henkel. 2015. Connecting the physical and application level towards grasping aging effects. In IEEE Reliability Physics Symposium (IRPS). 3.D.1.1--3.D.1.8. Google ScholarCross Ref
- H. Amrouch, S. Mishra, V. van Santen, S. Mahapatra, and J. Henkel. 2017. Impact of BTI on dynamic and static power: From the physical to circuit level. In IEEE Reliability Physics Symposium (IRPS). CR-3.1--CR-3.6.Google Scholar
- H. Amrouch, V. van Santen, T. Ebi, V. Wenzel, and J. Henkel. 2014. Towards Interdependencies of Aging Mechanisms. In IEEE/ACM Conference on Computer-Aided Design. 478--485. Google ScholarCross Ref
- H. Amrouch, V. M. van Santen, and J. Henkel. 2017. Interdependencies of Degradation Effects and Their Impact on Computing. IEEE Design & Test 34, 3 (June 2017), 59--67. Google ScholarCross Ref
- S. Arasu, M. Nourani, J. M. Carulli, and V. K. Reddy. 2016. Controlling Aging in Timing-Critical Paths. IEEE Design & Test 33, 4 (Aug 2016), 82--91. Google ScholarCross Ref
- J. Balasch, B. Gierlichs, and I. Verbauwhede. 2015. Electromagnetic circuit fingerprints for Hardware Trojan detection. In IEEE International Symposium on Electromagnetic Compatibility. 246--251. Google ScholarCross Ref
- S. Bhardwaj, W. Wang, R. Vattikonda, Y. Cao, and S. Vrudhula. 2006. Predictive modeling of the NBTI effect for reliable design. In IEEE Custom Integrated Circuits Conference. 189--192. Google ScholarCross Ref
- S. Biedermann, S. Katzenbeisser, and J. Szefer. 2015. Hard Drive Side-Channel Attacks using Smartphone Magnetic Field Sensors. In International Conference in Financial Cryptography and Data Security. Springer, 489--496. Google ScholarCross Ref
- C. Blask. 2011. ICS Cybersecurity: Water, water everywhere. [Online]: http://www.infosecisland.com/blogview/18281-ICS-Cybersecurity-Water-Water-Everywhere.html. (Nov 2011).Google Scholar
- E. Burton, G. Schrom, F. Paillet, J. Douglas, W. J. Lambert, K. Radhakrishnan, and M. Hill. 2014. FIVR---Fully integrated voltage regulators on 4th generation Intel® Core™ SoCs. In IEEE Applied Power Electronics Conference and Exposition (APEC). 432--439.Google Scholar
- E. Byres and J. Lowe. 2004. The myths and facts behind cyber security risks for industrial control systems. In The VDE Kongress, Vol. 116. 213--218.Google Scholar
- R. Callan, A. Zaji, and M. Prvulovic. 2014. A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In IEEE/ACM International Symposium on Microarchitecture. 242--254. Google ScholarDigital Library
- A. Cárdenas, S. Amin, and S. Sastry. 2008. Research Challenges for the Security of Control Systems. In 3rd USENIX workshop on Hot Topics in Security.Google Scholar
- A. Cárdenas, S. Amin, B. Sinopoli, A Giani, A. Perrig, and S Sastry. 2009. Challenges for securing cyber physical systems. In Workshop on future directions in cyber-physical systems security.Google Scholar
- B. Carrara and C. Adams. 2014. On acoustic covert channels between air-gapped systems. In International Symposium of Foundations and Practice of Security. Springer, 3--16.Google Scholar
- S. Chari, J. R. Rao, and P. Rohatgi. 2002. Template attacks. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 13--28.Google Scholar
- S. S. Clark, B. Ransford, A. Rahmati, S. Guineau, J. Sorber, K. Fu, and W. Xu. 2013. WatsUpDoc: power side channels to non-intrusively discover un-targeted malware on embedded medical devices. In USENIX Conference on Safety, Security, Privacy and Interoperability of Health Information Technologies. 9--9.Google Scholar
- A. Dakshi, R. Josyula, R. Pankaj, and S. Kai. 2005. Templates as master keys. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 15--29.Google Scholar
- F. Debeer, M. Witteman, B. Gedrojc, and Yijun S. Riscure. 2011. Practical Electro-Magnetic Analysis. In Non-invasive Attack Testing Workshop NIAT, Nara: Todaiji Cultural Center (Technical Programs).Google Scholar
- N. Falliere, L. Murchu, and E. Chien. 2011. W32. Stuxnet dossier. White paper, Symantec Corp., Security Response 5 (2011).Google Scholar
- P. Fouque, G. Leurent, D. Réal, and Fr. Valette. 2009. Practical electromagnetic template attack on HMAC. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 66--80. Google ScholarDigital Library
- D. Genkin, L. Pachmanov, I. Pipman, and E. Tromer. 2015. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. In International Workshop on Cryptographic Hardware and Embedded Systems. Vol. 9293. Springer, 207--228. Google ScholarCross Ref
- D. Genkin, A. Shamir, and E. Tromer. 2014. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Advances in Cryptology (CRYPTO). Springer, 444--461. Google ScholarCross Ref
- N. Goel, T. Naphade, and S. Mahapatra. 2015. Combined trap generation and transient trap occupancy model for time evolution of NBTI during DC multi-cycle and AC stress. In IEEE Reliability Physics Symposium (IRPS). 4A-3. Google ScholarCross Ref
- G. Goller and G. Sigl. 2015. Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment. In International Workshop on Constructive Side-Channel Analysis and Secure Design. Vol. 9064. Springer, 255--270. Google ScholarDigital Library
- M. Guri, A. Kachlon, O. Hasson, G. Kedma, Y. Mirsky, and Y. Elovici. 2015. GSMem: data exfiltration from air-gapped computers over GSM frequencies. In USENIX Security Symposium. 849--864.Google Scholar
- M. Guri, G. Kedma, A. Kachlon, and Y. Elovici. 2014. AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. In IEEE International Conference on Malicious and Unwanted Software. 58--67. Google ScholarCross Ref
- M. Guri, M. Monitz, Y. Mirski, and Y. Elovici. 2015. BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations. In IEEE Conference on Computer Security Foundations. 276--289. Google ScholarDigital Library
- H.Amrouch and J. Henkel. 2016. KIT short-term aging models, tools and degradation-aware cell libraries. http://ces.itec.kit.edu/dependable-hardware.php. (2016).Google Scholar
- M. Hanspach and M. Goetz. 2014. On covert acoustical mesh networks in air. arXiv preprint arXiv:1406.1213 (2014).Google Scholar
- M. Hutter and J. Schmidt. 2013. The temperature side channel and heating fault attacks. In International Conference on Smart Card Research and Advanced Applications. Springer, 219--235.Google Scholar
- N. Karimi, A. K. Kanuparthi, X. Wang, O. Sinanoglu, and R. Karri. 2015. MAGIC: Malicious Aging in Circuits/Cores. ACM Transaction on Architecture Code Optimization 12, 1 (Apr. 2015), 5:1--5:25.Google ScholarDigital Library
- T. Kasper, D. Oswald, and C. Paar. 2011. Side-channel analysis of cryptographic RFIDs with analog demodulation. In International Workshop on RFID. Security and Privacy. Vol. 7055. Springer, 61--77.Google Scholar
- J. Keane, X Wang, D. Persaud, and C. H. Kim. 2010. An All-In-One Silicon Odometer for Separately Monitoring HCI, BTI, and TDDB. IEEE Journal of Solid States Circuits 45, 4 (Apr 2010), 817 -- 829. Google ScholarCross Ref
- A. Keliris, H. Salehghaffari, B. Cairl, P. Krishnamurthy, M. Maniatakos, and F. Khorrami. 2016. Machine learning-based defense against process-aware attacks on industrial control systems. In IEEE International Test Conference (ITC). 1--10. Google ScholarCross Ref
- S. Khan, Nor Z. Haron, S. Hamdioui, and F. Catthoor. 2011. NBTI monitoring and design for reliability in nanoscale circuits. In IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems. 68--76. Google ScholarDigital Library
- F. Khorrami, R. Karri, and P. Krishnamurthy. 2017. Instrumenting Code for Embedded Controlled Remote Autonomous Monitoring. (Jan 2017).Google Scholar
- F. Khorrami, P. Krishnamurthy, and R. Karri. 2016. Cybersecurity for control system: A process aware perspective. IEEE Design & Test 33, 5 (Oct 2016), 75--83. Google ScholarCross Ref
- F. Khorrami, P. Krishnamurthy, and H. Melkote. 2003. Modeling and Adaptive Nonlinear Control of Electric Motors. Springer Verlag. Google ScholarCross Ref
- E. Kovacs. 2014. Cyberattack on German Steel Plant Caused Significant Damage. [Online]: http://www.securityweek.com/cyberattack-german-steel-plant-causes-significant-damage-report. (Dec 2014).Google Scholar
- D. Kravets. 2009. Feds: Hacker Disabled Offshore Oil Platforms' Leak-Detection System. [Online]: http://www.wired.com/2009/03/feds-hacker-dis/. (Mar 2009).Google Scholar
- P. Krishnamurthy, F. Khorrami, R. Karri, D. Paul-Pena, and H. Salehghaffari. 2017. Process-aware side-channel information leakage from physical instrumentation/devices in cyber-physical systems. (2017). submitted for journal publication.Google Scholar
- D. Kushner. 2013. The Real Story of Stuxnet. [Online]: http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet. (Feb. 2013).Google Scholar
- H. Li, A. T. Markettos, and S. Moore. 2005. Security evaluation against electromagnetic analysis at design time. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 280--292. Google ScholarDigital Library
- V. Lomné, E. Prouff, M. Rivain, T. Roche, and A. Thillard. 2014. How to estimate the success rate of higher-order side-channel attacks. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 35--54. Google ScholarDigital Library
- S. McLaughlin, C. Konstantinou, X. Wang, L. Davi, A. Sadeghi, M. Maniatakos, and R. Karri. 2016. The Cybersecurity Landscape in Industrial Control Systems. Proc. IEEE 104, 5 (May 2016), 1039--1057. Google ScholarCross Ref
- O. Meynard, D. Réal, S. Guilley, F. Flament, J-L. Danger, and F. Valette. 2010. Characterization of the electromagnetic side channel in frequency domain. In International Conference on Information Security and Cryptology. Springer, 471--486.Google Scholar
- C. Mims. 2013. If it ain't broke, of course Apple is engaging in planned obsolescence. http://qz.com/141297/of-courseapple-is-engaging-in-planned-obsolescence. (2013).Google Scholar
- Oracle. 2006. OpenSPARC T1. http://www.oracle.com/technetwork/systems/opensparc/opensparc-t1-page-1444609.html. (2006).Google Scholar
- N. Patel, P. Krishnamurthy, H. Amrouch, J. Henkel, M. Shamouilian, R. Karri, and F. Khorrami. 2017. Towards a New Thermal Monitoring Based Framework for Embedded CPS Device Security. (2017). submitted for journal publication.Google Scholar
- D. Paul-Pena, P. Krishnamurthy, R. Karri, and F. Khorrami. 2017. Process-aware side channel monitoring for embedded control system security. In IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC).Google Scholar
- C. Rampell. 2013. Cracking the Apple trap. http://www.nytimes.com/2013/11/03/magazine/why-apple-wants-to-bust-your-iphone.html. (2013).Google Scholar
- C. Rechberger and E. Oswald. 2004. Practical template attacks. In International Workshop on Information Security Applications. Vol. 3325. Springer, 440--456. Google ScholarDigital Library
- J. H. Reed and C. R. A. Gonzalez. 2012. Enhancing Smart Grid cyber security using power fingerprinting: Integrity assessment and intrusion detection. In International Workshop on Future of Instrumentation. 1--3. Google ScholarCross Ref
- J. Robertson and M. Riley. 2014. Mysterious '08 Turkey pipeline blast opened new cyberwar. [Online]: http://www.bloomberg.com/news/articles/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar. (Dec 2014).Google Scholar
- D. Rodopoulos, S.B. Mahato, V.V. de Almeida Camargo, B. Kaczer, F. Catthoor, S. Cosemans, G. Groeseneken, A. Papanikolaou, and D. Soudris. 2011. Time and workload dependent device variability in circuit simulations. In IEEE International Conference on IC Design & Technology (ICICDT). DOI:http://dx.doi.org/ Google ScholarCross Ref
- P. Rohatgi. 2009. Improved techniques for side-channel analysis. In Cryptographic Engineering. Springer, 381--406. Google ScholarCross Ref
- M. Rosoff. 2012. Microsoft: Apple makes old iPhones 'unusably slow' on purpose. (2012). http://www.businessinsider.com/microsoft-apple-makes-old-iphones-unusably-slow-on-purpose-2012-3Google Scholar
- D. K. Schroder and J. A. Babcock. 2003. Negative bias temperature instability: Road to cross in deep submicron silicon semiconductor manufacturing. Journal of Applied Physics 94, 1 (July 2003), 1--18. Google ScholarDigital Library
- H. Skipworth. 2012. The myth of the Sony kill switch. http://www.telegraph.co.uk/technology/news/7054587/Themyth-of-the-Sony-kill-switch.html. (2012).Google Scholar
- F. Standaert. 2010. Introduction to side-channel attacks. In Secure Integrated Circuits and Systems. Springer, 27--42. Google ScholarCross Ref
- R. J. Turk. 2005. Cyber Incidents Involving Control Systems. [Online]: https://inldigitallibrary.inl.gov/sti/3480144.pdf. (Oct. 2005).Google Scholar
- V. van Santen, H. Amrouch, N. Parihar, S. Mahapatra, and J. Henkel. 2016. Aging-aware Voltage Scaling. In Design, Automation and Test in Europe. EDA Consortium, 576--581. Google ScholarCross Ref
- V. M. van Santen, J. Martin-Martinez, H. Amrouch, M. Nafria, and J. Henkel. 2017. Reliability in Super- and Near-Threshold Computing: A Unified Model of RTN, BTI and PV. IEEE Transactions on Circuits and Systems-I (TCAS-1) (2017). Google ScholarCross Ref
- M. Vuagnoux and S. Pasini. 2009. Compromising Electromagnetic Emanations of Wired and Wireless Keyboards. In USENIX Security Symposium. 1--16.Google Scholar
- W. Wang, S. Yang, S. Bhardwaj, S. Vrudhula, F. Liu, and Y. Cao. 2010. The Impact of NBTI Effect on Combinational Circuit: Modeling, Simulation, and Analysis. IEEE Transactions on Very Large Scale Integration Systems 18, 2 (2010), 173--183. Google ScholarDigital Library
- X. Wang and R. Karri. 2013. Numchecker: Detecting kernel control-flow modifying rootkits by using hardware performance counters. In IEEE/ACM Design Automation Conference. 79:1--79:7. Google ScholarDigital Library
- X. Wang and R. Karri. 2016. Reusing Hardware Performance Counters to Detect and Identify Kernel Control-Flow Modifying Rootkits. IEEE Transactions on Computer-Aided Design 35, 3 (March 2016), 485--498. Google ScholarDigital Library
- X. Wang, C. Konstantinou, M. Maniatakos, and R. Karri. 2015. ConFirm: Detecting firmware modifications in embedded systems using Hardware Performance Counters. In IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 544--551. Google ScholarCross Ref
- G Wolrich, E. McLellan, L. Harada, J. Montanaro, and R. Yodlowski. 1984. A high performance floating point co-processor. IEEE Journal of Solid-State Circuits 19, 5 (May 1984), 690--696. Google ScholarCross Ref
- T. Worstall. 2013. Certainly there is planned obsolescence in Apple's iKit it is just not planned by Apple. http://www.forbes.com/sites/timworstall/2013/10/31/certainly-theres-planned-obsolescence-in-apples-ikit-its-just-not-planned-by-apple. (2013).Google Scholar
- Emerging (un-)reliability based security threats and mitigations for embedded systems: special session
Recommendations
Hardware-based cyber threats: attack vectors and defence techniques
There are certain vulnerabilities associated with computing hardware that attackers can exploit to launch destructive attacks which often go undetected by the existing hardware and software countermeasures. Side channel attacks (SCAs) and Rowhammer ...
Countermeasures for timing-based side-channel attacks against shared, modern computing hardware
There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating microarchitectural timing-based side-channel attacks against these systems and as a result compromise the security of the users of ...
Implications of fin width scaling on variability and reliability of high-k metal gate FinFETs
In this paper, we report a study to understand the fin width dependence on performance, variability and reliability of n-type and p-type triple-gate fin field effect transistors (FinFETs) with high-k dielectric and metal gate. Our results indicate that ...
Comments