research-article

Public Access

Emerging (un-)reliability based security threats and mitigations for embedded systems: special session

Authors:
Hussam Amrouch

Karlsruhe Institute of Technology, Karlsruhe, Germany

Karlsruhe Institute of Technology, Karlsruhe, Germany
View Profile

,
Prashanth Krishnamurthy

NYU Tandon School of Engineering

NYU Tandon School of Engineering
View Profile

,
Naman Patel

NYU Tandon School of Engineering

NYU Tandon School of Engineering
View Profile

,
Jörg Henkel

Karlsruhe Institute of Technology, Karlsruhe, Germany

Karlsruhe Institute of Technology, Karlsruhe, Germany
View Profile

,
Ramesh Karri

NYU Tandon School of Engineering

NYU Tandon School of Engineering
View Profile

,
Farshad Khorrami

NYU Tandon School of Engineering

NYU Tandon School of Engineering
View Profile

CASES '17: Proceedings of the 2017 International Conference on Compilers, Architectures and Synthesis for Embedded Systems CompanionOctober 2017Article No.: 17Pages 1–10https://doi.org/10.1145/3125501.3125529

Published:15 October 2017Publication History

CASES '17: Proceedings of the 2017 International Conference on Compilers, Architectures and Synthesis for Embedded Systems Companion

Pages 1–10

ABSTRACT

This paper addresses two reliability-based security threats and mitigations for embedded systems namely, aging and thermal side channels. Device aging can be used as a hardware attack vector by using voltage scaling or specially crafted instruction sequences to violate embedded processor guard bands. Short-term aging effects can be utilized to cause transient degradation of the embedded device without leaving any trace of the attack. (Thermal) side channels can be used as an attack vector and as a defense. Specifically, thermal side channels are an effective and secure way to remotely monitor code execution on an embedded processor and/or to possibly leak information. Although various algorithmic means to detect anomaly are available, machine learning tools are effective for anomaly detection. We will show such utilization of deep learning networks in conjunction with thermal side channels to detect code injection/modification representing anomaly.

References

2014. Cyanogenmod forum. http://forum.cyanogenmod.com/ (last accessed 10 Feb., 2014). (2014).Google Scholar
2014. ICS-CERT year in review - 2014. [Online]: https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2014_Final.pdf. (2014).Google Scholar
2015. NCCIC/ICS-CERT Year in Review - 2015. [Online]: https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2015_Final_S508C.pdf. (2015).Google Scholar
D. Agrawal, B. Selcuk, K.Deniz, P. Rohatgi, and B. Sunar. 2007. Trojan detection using IC fingerprinting. In IEEE Symposium on Security and Privacy. 296--310. Google ScholarDigital Library
M. A. Alam, K. Haldun, V. Dhanoop, and M. Souvik. 2007. A comprehensive model for PMOS NBTI degradation: Recent progress. Microelectronics Reliability 47, 6 (June 2007), 853--862. Google ScholarDigital Library
H. Amrouch and J. Henkel. 2015. Lucid infrared thermography of thermally-constrained processors. In IEEE/ACM Symposium on Low Power Electronics and Design (ISLPED). 347--352. Google ScholarCross Ref
H. Amrouch, B. Khaleghi, A. Gerstlauer, and J. Henkel. 2016. Reliability-aware Design to Suppress Aging. In IEEE/ACM Design Automation Conference. 1--6. Google ScholarDigital Library
H. Amrouch, J. Martin-Martinez, V. van Santen, M. Moras, R. Rodriguez, M. Nafria, and J. Henkel. 2015. Connecting the physical and application level towards grasping aging effects. In IEEE Reliability Physics Symposium (IRPS). 3.D.1.1--3.D.1.8. Google ScholarCross Ref
H. Amrouch, S. Mishra, V. van Santen, S. Mahapatra, and J. Henkel. 2017. Impact of BTI on dynamic and static power: From the physical to circuit level. In IEEE Reliability Physics Symposium (IRPS). CR-3.1--CR-3.6.Google Scholar
H. Amrouch, V. van Santen, T. Ebi, V. Wenzel, and J. Henkel. 2014. Towards Interdependencies of Aging Mechanisms. In IEEE/ACM Conference on Computer-Aided Design. 478--485. Google ScholarCross Ref
H. Amrouch, V. M. van Santen, and J. Henkel. 2017. Interdependencies of Degradation Effects and Their Impact on Computing. IEEE Design & Test 34, 3 (June 2017), 59--67. Google ScholarCross Ref
S. Arasu, M. Nourani, J. M. Carulli, and V. K. Reddy. 2016. Controlling Aging in Timing-Critical Paths. IEEE Design & Test 33, 4 (Aug 2016), 82--91. Google ScholarCross Ref
J. Balasch, B. Gierlichs, and I. Verbauwhede. 2015. Electromagnetic circuit fingerprints for Hardware Trojan detection. In IEEE International Symposium on Electromagnetic Compatibility. 246--251. Google ScholarCross Ref
S. Bhardwaj, W. Wang, R. Vattikonda, Y. Cao, and S. Vrudhula. 2006. Predictive modeling of the NBTI effect for reliable design. In IEEE Custom Integrated Circuits Conference. 189--192. Google ScholarCross Ref
S. Biedermann, S. Katzenbeisser, and J. Szefer. 2015. Hard Drive Side-Channel Attacks using Smartphone Magnetic Field Sensors. In International Conference in Financial Cryptography and Data Security. Springer, 489--496. Google ScholarCross Ref
C. Blask. 2011. ICS Cybersecurity: Water, water everywhere. [Online]: http://www.infosecisland.com/blogview/18281-ICS-Cybersecurity-Water-Water-Everywhere.html. (Nov 2011).Google Scholar
E. Burton, G. Schrom, F. Paillet, J. Douglas, W. J. Lambert, K. Radhakrishnan, and M. Hill. 2014. FIVR---Fully integrated voltage regulators on 4th generation Intel® Core^™ SoCs. In IEEE Applied Power Electronics Conference and Exposition (APEC). 432--439.Google Scholar
E. Byres and J. Lowe. 2004. The myths and facts behind cyber security risks for industrial control systems. In The VDE Kongress, Vol. 116. 213--218.Google Scholar
R. Callan, A. Zaji, and M. Prvulovic. 2014. A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In IEEE/ACM International Symposium on Microarchitecture. 242--254. Google ScholarDigital Library
A. Cárdenas, S. Amin, and S. Sastry. 2008. Research Challenges for the Security of Control Systems. In 3rd USENIX workshop on Hot Topics in Security.Google Scholar
A. Cárdenas, S. Amin, B. Sinopoli, A Giani, A. Perrig, and S Sastry. 2009. Challenges for securing cyber physical systems. In Workshop on future directions in cyber-physical systems security.Google Scholar
B. Carrara and C. Adams. 2014. On acoustic covert channels between air-gapped systems. In International Symposium of Foundations and Practice of Security. Springer, 3--16.Google Scholar
S. Chari, J. R. Rao, and P. Rohatgi. 2002. Template attacks. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 13--28.Google Scholar
S. S. Clark, B. Ransford, A. Rahmati, S. Guineau, J. Sorber, K. Fu, and W. Xu. 2013. WatsUpDoc: power side channels to non-intrusively discover un-targeted malware on embedded medical devices. In USENIX Conference on Safety, Security, Privacy and Interoperability of Health Information Technologies. 9--9.Google Scholar
A. Dakshi, R. Josyula, R. Pankaj, and S. Kai. 2005. Templates as master keys. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 15--29.Google Scholar
F. Debeer, M. Witteman, B. Gedrojc, and Yijun S. Riscure. 2011. Practical Electro-Magnetic Analysis. In Non-invasive Attack Testing Workshop NIAT, Nara: Todaiji Cultural Center (Technical Programs).Google Scholar
N. Falliere, L. Murchu, and E. Chien. 2011. W32. Stuxnet dossier. White paper, Symantec Corp., Security Response 5 (2011).Google Scholar
P. Fouque, G. Leurent, D. Réal, and Fr. Valette. 2009. Practical electromagnetic template attack on HMAC. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 66--80. Google ScholarDigital Library
D. Genkin, L. Pachmanov, I. Pipman, and E. Tromer. 2015. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. In International Workshop on Cryptographic Hardware and Embedded Systems. Vol. 9293. Springer, 207--228. Google ScholarCross Ref
D. Genkin, A. Shamir, and E. Tromer. 2014. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Advances in Cryptology (CRYPTO). Springer, 444--461. Google ScholarCross Ref
N. Goel, T. Naphade, and S. Mahapatra. 2015. Combined trap generation and transient trap occupancy model for time evolution of NBTI during DC multi-cycle and AC stress. In IEEE Reliability Physics Symposium (IRPS). 4A-3. Google ScholarCross Ref
G. Goller and G. Sigl. 2015. Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment. In International Workshop on Constructive Side-Channel Analysis and Secure Design. Vol. 9064. Springer, 255--270. Google ScholarDigital Library
M. Guri, A. Kachlon, O. Hasson, G. Kedma, Y. Mirsky, and Y. Elovici. 2015. GSMem: data exfiltration from air-gapped computers over GSM frequencies. In USENIX Security Symposium. 849--864.Google Scholar
M. Guri, G. Kedma, A. Kachlon, and Y. Elovici. 2014. AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. In IEEE International Conference on Malicious and Unwanted Software. 58--67. Google ScholarCross Ref
M. Guri, M. Monitz, Y. Mirski, and Y. Elovici. 2015. BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations. In IEEE Conference on Computer Security Foundations. 276--289. Google ScholarDigital Library
H.Amrouch and J. Henkel. 2016. KIT short-term aging models, tools and degradation-aware cell libraries. http://ces.itec.kit.edu/dependable-hardware.php. (2016).Google Scholar
M. Hanspach and M. Goetz. 2014. On covert acoustical mesh networks in air. arXiv preprint arXiv:1406.1213 (2014).Google Scholar
M. Hutter and J. Schmidt. 2013. The temperature side channel and heating fault attacks. In International Conference on Smart Card Research and Advanced Applications. Springer, 219--235.Google Scholar
N. Karimi, A. K. Kanuparthi, X. Wang, O. Sinanoglu, and R. Karri. 2015. MAGIC: Malicious Aging in Circuits/Cores. ACM Transaction on Architecture Code Optimization 12, 1 (Apr. 2015), 5:1--5:25.Google ScholarDigital Library
T. Kasper, D. Oswald, and C. Paar. 2011. Side-channel analysis of cryptographic RFIDs with analog demodulation. In International Workshop on RFID. Security and Privacy. Vol. 7055. Springer, 61--77.Google Scholar
J. Keane, X Wang, D. Persaud, and C. H. Kim. 2010. An All-In-One Silicon Odometer for Separately Monitoring HCI, BTI, and TDDB. IEEE Journal of Solid States Circuits 45, 4 (Apr 2010), 817 -- 829. Google ScholarCross Ref
A. Keliris, H. Salehghaffari, B. Cairl, P. Krishnamurthy, M. Maniatakos, and F. Khorrami. 2016. Machine learning-based defense against process-aware attacks on industrial control systems. In IEEE International Test Conference (ITC). 1--10. Google ScholarCross Ref
S. Khan, Nor Z. Haron, S. Hamdioui, and F. Catthoor. 2011. NBTI monitoring and design for reliability in nanoscale circuits. In IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems. 68--76. Google ScholarDigital Library
F. Khorrami, R. Karri, and P. Krishnamurthy. 2017. Instrumenting Code for Embedded Controlled Remote Autonomous Monitoring. (Jan 2017).Google Scholar
F. Khorrami, P. Krishnamurthy, and R. Karri. 2016. Cybersecurity for control system: A process aware perspective. IEEE Design & Test 33, 5 (Oct 2016), 75--83. Google ScholarCross Ref
F. Khorrami, P. Krishnamurthy, and H. Melkote. 2003. Modeling and Adaptive Nonlinear Control of Electric Motors. Springer Verlag. Google ScholarCross Ref
E. Kovacs. 2014. Cyberattack on German Steel Plant Caused Significant Damage. [Online]: http://www.securityweek.com/cyberattack-german-steel-plant-causes-significant-damage-report. (Dec 2014).Google Scholar
D. Kravets. 2009. Feds: Hacker Disabled Offshore Oil Platforms' Leak-Detection System. [Online]: http://www.wired.com/2009/03/feds-hacker-dis/. (Mar 2009).Google Scholar
P. Krishnamurthy, F. Khorrami, R. Karri, D. Paul-Pena, and H. Salehghaffari. 2017. Process-aware side-channel information leakage from physical instrumentation/devices in cyber-physical systems. (2017). submitted for journal publication.Google Scholar
D. Kushner. 2013. The Real Story of Stuxnet. [Online]: http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet. (Feb. 2013).Google Scholar
H. Li, A. T. Markettos, and S. Moore. 2005. Security evaluation against electromagnetic analysis at design time. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 280--292. Google ScholarDigital Library
V. Lomné, E. Prouff, M. Rivain, T. Roche, and A. Thillard. 2014. How to estimate the success rate of higher-order side-channel attacks. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, 35--54. Google ScholarDigital Library
S. McLaughlin, C. Konstantinou, X. Wang, L. Davi, A. Sadeghi, M. Maniatakos, and R. Karri. 2016. The Cybersecurity Landscape in Industrial Control Systems. Proc. IEEE 104, 5 (May 2016), 1039--1057. Google ScholarCross Ref
O. Meynard, D. Réal, S. Guilley, F. Flament, J-L. Danger, and F. Valette. 2010. Characterization of the electromagnetic side channel in frequency domain. In International Conference on Information Security and Cryptology. Springer, 471--486.Google Scholar
C. Mims. 2013. If it ain't broke, of course Apple is engaging in planned obsolescence. http://qz.com/141297/of-courseapple-is-engaging-in-planned-obsolescence. (2013).Google Scholar
Oracle. 2006. OpenSPARC T1. http://www.oracle.com/technetwork/systems/opensparc/opensparc-t1-page-1444609.html. (2006).Google Scholar
N. Patel, P. Krishnamurthy, H. Amrouch, J. Henkel, M. Shamouilian, R. Karri, and F. Khorrami. 2017. Towards a New Thermal Monitoring Based Framework for Embedded CPS Device Security. (2017). submitted for journal publication.Google Scholar
D. Paul-Pena, P. Krishnamurthy, R. Karri, and F. Khorrami. 2017. Process-aware side channel monitoring for embedded control system security. In IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC).Google Scholar
C. Rampell. 2013. Cracking the Apple trap. http://www.nytimes.com/2013/11/03/magazine/why-apple-wants-to-bust-your-iphone.html. (2013).Google Scholar
C. Rechberger and E. Oswald. 2004. Practical template attacks. In International Workshop on Information Security Applications. Vol. 3325. Springer, 440--456. Google ScholarDigital Library
J. H. Reed and C. R. A. Gonzalez. 2012. Enhancing Smart Grid cyber security using power fingerprinting: Integrity assessment and intrusion detection. In International Workshop on Future of Instrumentation. 1--3. Google ScholarCross Ref
J. Robertson and M. Riley. 2014. Mysterious '08 Turkey pipeline blast opened new cyberwar. [Online]: http://www.bloomberg.com/news/articles/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar. (Dec 2014).Google Scholar
D. Rodopoulos, S.B. Mahato, V.V. de Almeida Camargo, B. Kaczer, F. Catthoor, S. Cosemans, G. Groeseneken, A. Papanikolaou, and D. Soudris. 2011. Time and workload dependent device variability in circuit simulations. In IEEE International Conference on IC Design & Technology (ICICDT). DOI:http://dx.doi.org/ Google ScholarCross Ref
P. Rohatgi. 2009. Improved techniques for side-channel analysis. In Cryptographic Engineering. Springer, 381--406. Google ScholarCross Ref
M. Rosoff. 2012. Microsoft: Apple makes old iPhones 'unusably slow' on purpose. (2012). http://www.businessinsider.com/microsoft-apple-makes-old-iphones-unusably-slow-on-purpose-2012-3Google Scholar
D. K. Schroder and J. A. Babcock. 2003. Negative bias temperature instability: Road to cross in deep submicron silicon semiconductor manufacturing. Journal of Applied Physics 94, 1 (July 2003), 1--18. Google ScholarDigital Library
H. Skipworth. 2012. The myth of the Sony kill switch. http://www.telegraph.co.uk/technology/news/7054587/Themyth-of-the-Sony-kill-switch.html. (2012).Google Scholar
F. Standaert. 2010. Introduction to side-channel attacks. In Secure Integrated Circuits and Systems. Springer, 27--42. Google ScholarCross Ref
R. J. Turk. 2005. Cyber Incidents Involving Control Systems. [Online]: https://inldigitallibrary.inl.gov/sti/3480144.pdf. (Oct. 2005).Google Scholar
V. van Santen, H. Amrouch, N. Parihar, S. Mahapatra, and J. Henkel. 2016. Aging-aware Voltage Scaling. In Design, Automation and Test in Europe. EDA Consortium, 576--581. Google ScholarCross Ref
V. M. van Santen, J. Martin-Martinez, H. Amrouch, M. Nafria, and J. Henkel. 2017. Reliability in Super- and Near-Threshold Computing: A Unified Model of RTN, BTI and PV. IEEE Transactions on Circuits and Systems-I (TCAS-1) (2017). Google ScholarCross Ref
M. Vuagnoux and S. Pasini. 2009. Compromising Electromagnetic Emanations of Wired and Wireless Keyboards. In USENIX Security Symposium. 1--16.Google Scholar
W. Wang, S. Yang, S. Bhardwaj, S. Vrudhula, F. Liu, and Y. Cao. 2010. The Impact of NBTI Effect on Combinational Circuit: Modeling, Simulation, and Analysis. IEEE Transactions on Very Large Scale Integration Systems 18, 2 (2010), 173--183. Google ScholarDigital Library
X. Wang and R. Karri. 2013. Numchecker: Detecting kernel control-flow modifying rootkits by using hardware performance counters. In IEEE/ACM Design Automation Conference. 79:1--79:7. Google ScholarDigital Library
X. Wang and R. Karri. 2016. Reusing Hardware Performance Counters to Detect and Identify Kernel Control-Flow Modifying Rootkits. IEEE Transactions on Computer-Aided Design 35, 3 (March 2016), 485--498. Google ScholarDigital Library
X. Wang, C. Konstantinou, M. Maniatakos, and R. Karri. 2015. ConFirm: Detecting firmware modifications in embedded systems using Hardware Performance Counters. In IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 544--551. Google ScholarCross Ref
G Wolrich, E. McLellan, L. Harada, J. Montanaro, and R. Yodlowski. 1984. A high performance floating point co-processor. IEEE Journal of Solid-State Circuits 19, 5 (May 1984), 690--696. Google ScholarCross Ref
T. Worstall. 2013. Certainly there is planned obsolescence in Apple's iKit it is just not planned by Apple. http://www.forbes.com/sites/timworstall/2013/10/31/certainly-theres-planned-obsolescence-in-apples-ikit-its-just-not-planned-by-apple. (2013).Google Scholar

Emerging (un-)reliability based security threats and mitigations for embedded systems: special session
1. Computer systems organization

Recommendations

Hardware-based cyber threats: attack vectors and defence techniques

There are certain vulnerabilities associated with computing hardware that attackers can exploit to launch destructive attacks which often go undetected by the existing hardware and software countermeasures. Side channel attacks (SCAs) and Rowhammer ...
Read More
Countermeasures for timing-based side-channel attacks against shared, modern computing hardware

There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating microarchitectural timing-based side-channel attacks against these systems and as a result compromise the security of the users of ...
Read More
Implications of fin width scaling on variability and reliability of high-k metal gate FinFETs

In this paper, we report a study to understand the fin width dependence on performance, variability and reliability of n-type and p-type triple-gate fin field effect transistors (FinFETs) with high-k dielectric and metal gate. Our results indicate that ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in

CASES '17: Proceedings of the 2017 International Conference on Compilers, Architectures and Synthesis for Embedded Systems Companion
October 2017
51 pages
ISBN:9781450351843
DOI:10.1145/3125501

Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 15 October 2017
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cyber-physical systems
embedded systems
infrared images
long-term aging
reliability
short-term aging
side channels
thermal measurements
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate52of230submissions,23%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 17
  Total Citations
  View Citations
- 364
  Total Downloads
- Downloads (Last 12 months)54
- Downloads (Last 6 weeks)6
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Emerging (un-)reliability based security threats and mitigations for embedded systems: special session

CASES '17: Proceedings of the 2017 International Conference on Compilers, Architectures and Synthesis for Embedded Systems Companion

ABSTRACT

References

Cited By

Recommendations

Hardware-based cyber threats: attack vectors and defence techniques

Countermeasures for timing-based side-channel attacks against shared, modern computing hardware

Implications of fin width scaling on variability and reliability of high-k metal gate FinFETs

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Emerging (un-)reliability based security threats and mitigations for embedded systems: special session

CASES '17: Proceedings of the 2017 International Conference on Compilers, Architectures and Synthesis for Embedded Systems Companion

ABSTRACT

References

Cited By

Recommendations

Hardware-based cyber threats: attack vectors and defence techniques

Countermeasures for timing-based side-channel attacks against shared, modern computing hardware

Implications of fin width scaling on variability and reliability of high-k metal gate FinFETs

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media