research-article

Remote Detection of Unauthorized Activity via Spectral Analysis

Authors:
Fatih Karabacak

Arizona State University

Arizona State University
View Profile

,
Umit Ogras

Arizona State University, Tempe, AZ

Arizona State University, Tempe, AZ
View Profile

,
Sule Ozev

Arizona State University, Tempe, AZ

Arizona State University, Tempe, AZ
View Profile

ACM Transactions on Design Automation of Electronic Systems Volume 23 Issue 6Article No.: 81pp 1–21https://doi.org/10.1145/3276770

Published:28 November 2018Publication History

ACM Transactions on Design Automation of Electronic Systems

Abstract

Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated detection algorithms on these devices due to limited computational power and energy and, in some cases, lack of accessibility. This article presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, we are able to differentiate trojan activity without using a golden reference, or any knowledge of the attributes of the trojan activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120cm distance.

References

Mohammad Abdullah Al Faruque, Sujit Rokka Chhetri, A. Canedo, and J. Wan. 2016. Forensics of Thermal Side-Channel in Additive Manufacturing Systems. Technical Report. Retrieved from http://cecs.uci.edu/files/2016/01/CECS-TR-01-16.pdf.Google Scholar
Seyed Hashem Aref, Hamid Latifi, Mohammad Ismail Zibaii, and Mina Afshari. 2007. Fiber optic Fabry--Perot pressure sensor with low sensitivity to temperature changes for downhole application. Optics Communications 269, 2 (2007), 322--330.Google ScholarCross Ref
Michael Backes, Markus Dürmuth, Sebastian Gerling, Manfred Pinkal, and Caroline Sporleder. 2010. Acoustic side-channel attacks on printers. In USENIX Security Symposium. 307--322. Google ScholarDigital Library
Chongxi Bao, Domenic Forte, and Ankur Srivastava. 2014. On application of one-class SVM to reverse engineering-based hardware Trojan detection. In 2014 15th International Symposium on Quality Electronic Design (ISQED’14). IEEE, 47--54.Google ScholarCross Ref
Shubhendu Bhasin, Jean-Luc Danger, Sylvain Guilley, Xuan Thuy Ngo, and Laurent Sauvage. 2013. Hardware trojan horses in cryptographic ip cores. In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’13). IEEE, 15--29. Google ScholarDigital Library
Shivam Bhasin and Francesco Regazzoni. 2015. A survey on hardware trojan detection techniques. In 2015 IEEE International Symposium on Circuits and Systems (ISCAS’15). 2021--2024.Google ScholarCross Ref
Mohammad-Mahdi Bidmeshki and Yiorgos Makris. 2015. Toward automatic proof generation for information flow policies in third-party hardware IP. In 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST’15). IEEE, 163--168.Google ScholarCross Ref
Paul Bogdan, Miroslav Pajic, Partha Pratim Pande, and Vijay Raghunathan. 2016. Making the Internet-of-things a reality: From smart models, sensing and actuation to energy-efficient architectures. In Proceedings of the 11th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis. ACM, 25. Google ScholarDigital Library
Robert Callan, Alenka Zajić, and Milos Prvulovic. 2014. A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society, 242--254. Google ScholarDigital Library
Byeongju Cha and Sandeep K. Gupta. 2013. Trojan detection via delay measurements: A new approach to select paths and vectors to maximize effectiveness and minimize cost. In Proceedings of DATE, 2013. 1265--1270. Google ScholarDigital Library
Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. 2014. A large-scale analysis of the security of embedded firmwares. In 23rd USENIX Security Symposium (USENIX Security 14). 95--110. Google ScholarDigital Library
Ang Cui, Michael Costello, and Salvatore J Stolfo. 2013. When firmware modifications attack: A case study of embedded exploitation. In Proceedings of the 20th Symposium on Network and Distributed System Security (NDSS'13).Google Scholar
Elke De Mulder, Pieter Buysschaert, Sıddıka Berna Örs, Peter Delmotte, Bart Preneel, Guy Vandenbosch, and Ingrid Verbauwhede. 2005. Electromagnetic analysis attack on an FPGA implementation of an elliptic curve cryptosystem. In The International Conference on Computer as a Tool, 2005 (EUROCON’05). Vol. 2. IEEE, 1879--1882.Google ScholarCross Ref
Angelika Dohr, R. Modre-Opsrian, Mario Drobics, Dieter Hayn, and Günter Schreier. 2010. The Internet of things for ambient assisted living. In 2010 Seventh International Conference on Information Technology: New Generations (ITNG’10). IEEE, 804--809. Google ScholarDigital Library
Dongdong Du, Seetharam Narasimhan, Rajat Subhra Chakraborty, and Swarup Bhunia. 2010. Self-referencing: A scalable side-channel approach for hardware trojan detection. In Cryptographic Hardware and Embedded Systems (CHES’10). Springer, 173--187. Google ScholarDigital Library
Dave Evans. 2011. The Internet of Things. How the next evolution of Internet is changing everything. Cisco Internet Business Solutions Group (IBSG).Google Scholar
Al Faruque, Mohammad Abdullah, Sujit Rokka Chhetri, Arquimedes Canedo, and Jiang Wan. 2016. Acoustic side-channel attacks on additive manufacturing systems. In Proceedings of the 7th International Conference on Cyber-Physical Systems. IEEE Press, 19. Google ScholarDigital Library
Daniel Genkin, Itamar Pipman, and Eran Tromer. 2014. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. In Cryptographic Hardware and Embedded Systems (CHES’14). Springer, 242--260. Google ScholarDigital Library
Daniel Genkin, Adi Shamir, and Eran Tromer. 2014. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Advances in Cryptology (CRYPTO’14). Springer, 444--461.Google Scholar
Swaroop Ghosh, Mohammad Nasim Imtiaz Khan, Asmit De, and Jae-Won Jang. 2016. Security and privacy threats to on-chip non-volatile memories and countermeasures. In Proceedings of the 35th International Conference on Computer-Aided Design. ACM, 10. Google ScholarDigital Library
Ricardo Graves, Giorgio Di Natale, Lejla Batina, Shivam Bhasin, Baris Ege, Apostolos Fournaris, Nele Mentens, Stjepan Picek, Francesco Regazzoni, Vladimir Rozic, Nicolas Sklavos, and Bohan Yangk. 2015. Challenges in designing trustworthy cryptographic co-processors. In 2015 IEEE International Symposium on Circuits and Systems (ISCAS’15). 2009--2012.Google ScholarCross Ref
Ujjwal Gupta, Chetan Arvind Patil, Ganapati Bhat, Prabhat Mishra, and Umit Y. Ogras. 2017. DyPO: Dynamic Pareto-optimal configuration selection for heterogeneous MpSoCs. ACM Transactions on Embedded Computing Systems (TECS) 16, 5s (2017), 123. Google ScholarDigital Library
Chunhua He, Bo Hou, Liwei Wang, Yunfei En, and Shaofeng Xie. 2015. A failure physics model for hardware Trojan detection based on frequency spectrum analysis. In 2015 IEEE International Reliability Physics Symposium (IRPS’15). PR.1.1--PR.1.4.Google ScholarCross Ref
Annelie Heuser, Stjepan Picek, Sylvain Guilley, and Nele Mentens. 2016. Side-channel analysis of lightweight ciphers: Does lightweight equal easy? In International Workshop on Radio Frequency Identification: Security and Privacy Issues (RFIDSec'16). Springer, 91--104.Google Scholar
Kangqiao Hu, Abdullah Nazma Nowroz, Sherief Reda, and Farinaz Koushanfar. 2013. High-sensitivity hardware trojan detection using multimodal characterization. In Proceedings of DATE. 1271--1276. Google ScholarDigital Library
Hrishikesh Jayakumar, Kangwoo Lee, Woo Suk Lee, Arnab Raha, Younghyun Kim, and Vijay Raghunathan. 2014. Powering the Internet of things. In Proceedings of the 2014 International Symposium on Low Power Electronics and Design. ACM, 375--380. Google ScholarDigital Library
Ondrej Kachman and Marcel Balaz. 2016. Optimized differencing algorithm for firmware updates of low-power devices. In 2016 IEEE 19th International Symposium on Design and Diagnostics of Electronic Circuits 8 Systems (DDECS’16). IEEE, 1--4.Google ScholarCross Ref
Fatih Karabacak, Umit Y. Ogras, and Sule Ozev. 2016. Detection of malicious hardware components in mobile platforms. In 17th International Symposium on Quality Electronic Design (ISQED’16). IEEE Computer Society.Google ScholarCross Ref
Sye Loong Keoh, Sandeep S. Kumar, and Hannes Tschofenig. 2014. Securing the Internet of things: A standardization perspective. IEEE Internet of Things Journal 1, 3 (2014), 265--275.Google ScholarCross Ref
Lok-Won Kim, John D. Villasenor, and Cetin K. Koç. 2009. A Trojan-resistant system-on-chip bus architecture. In Proceedings of IEEE Military Communications Conference. 1--6. Google ScholarDigital Library
Paul Kocher, Ruby Lee, Gary McGraw, Anand Raghunathan, and Srivaths Moderator-Ravi. 2004. Security as a new dimension in embedded system design. In Proceedings of the 41st Annual Design Automation Conference. ACM, 753--760. Google ScholarDigital Library
Charalambos Konstantinou and Michail Maniatakos. 2015. Impact of firmware modification attacks on power systems field devices. In 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm’15). IEEE, 283--288.Google ScholarCross Ref
Gregor Leander. 2016. Intrinsic code attestation by instruction chaining for embedded devices. In Security and Privacy in Communication Networks: 11th International Conference (SecureComm’15), Revised Selected Papers, Vol. 164. Springer, 97.Google Scholar
LF Engineering Company. {n.d.}. Model L-600S ELF/VLF H-Field Loop Receiving System. Retrieved from https://www.lfengineering.com/files/pdf/L-600.pdf.Google Scholar
Yu Liu, Yier Jin, and Yiorgos Makris. 2013. Hardware Trojans in wireless cryptographic ICs: Silicon demonstration 8 detection method evaluation. In Proceedings of the International Conference on Computer-Aided Design. IEEE Press, 399--404. Google ScholarDigital Library
Leandros A. Maglaras and Jianmin Jiang. 2014. Intrusion detection in Scada systems using machine learning techniques. In 2014 Science and Information Conference (SAI’14). IEEE, 626--631.Google Scholar
Seetharam Narasimhan, Xinmu Wang, Dongdong Du, Rajat Subhra Chakraborty, and Swarup Bhunia. 2011. TeSR: A robust temporal self-referencing approach for hardware trojan detection. In Proceedings of the International Symposium on Hardware-Oriented Security and Trust. 71--74.Google ScholarCross Ref
Seetharam Narasimhan, Wen Yueh, Xinmu Wang, Saibal Mukhopadhyay, and Swarup Bhunia. 2012. Improving IC security against Trojan attacks through integration of security monitors. IEEE Design 8 Test of Computers 29, 5 (2012), 37--46.Google ScholarCross Ref
North American Electric Reliability Council, New Jersey. 1992--2009. NERC Disturbance Reports.Google Scholar
Abdullah Nazma Nowroz, Kangqiao Hu, Farinaz Koushanfar, and Sherief Reda. 2014. Novel techniques for high-sensitivity hardware trojan detection using thermal and power maps. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 33, 12 (2014), 1792--1805.Google ScholarCross Ref
ODROID. n.d. Platforms, ODROID -- XU3. Retrieved from http://www.hardkernel.com/main/products/prdt_info.php?g_code=G140448267127.Google Scholar
Maire O’Neill. 2016. Insecurity by design: Today’s IoT device security problem. Engineering 2, 1 (2016), 48--49.Google ScholarCross Ref
Mahmudur Rahman, Bogdan Carbunar, and Madhusudan Banik. 2013. Fit and vulnerable: Attacks and defenses for a health monitoring device. arXiv preprint arXiv:1304.5672 (2013).Google Scholar
Francesco Regazzoni and Ilia Polian. 2017. Securing the hardware of cyber-physical systems. In 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC’17). IEEE, 194--199.Google ScholarDigital Library
Jakob Rieck. 2016. Attacks on fitness trackers revisited: A case-study of unfit firmware security. arXiv preprint arXiv:1604.03313 (2016).Google Scholar
Ahmad-Reza Sadeghi, Christian Wachsmann, and Michael Waidner. 2015. Security and privacy challenges in industrial Internet of things. In Proceedings of the 52nd Annual Design Automation Conference. ACM, 54. Google ScholarDigital Library
Laurent Sauvage, Sylvain Guilley, and Yves Mathieu. 2009. Electromagnetic radiations of FPGAs: High spatial resolution cartography and attack on a cryptographic module. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 2, 1 (2009), 4. Google ScholarDigital Library
Devu Manikantan Shila, Penghe Geng, and Teems Lovett. 2016. I can detect you: Using intrusion checkers to resist malicious firmware attacks. In 2016 IEEE Symposium on Technologies for Homeland Security (HST’16). IEEE, 1--6.Google ScholarCross Ref
Nicolas Sklavos, Ricardo Chaves, Giorgio Di Natale, and Francesco Regazzoni. 2017. Hardware Security and Trust: Design and Deployment of Integrated Circuits in a Threatened Environment. Springer. Google ScholarDigital Library
François-Xavier Standaert, Tal G. Malkin, and Moti Yung. 2009. A unified framework for the analysis of side-channel key recovery attacks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 443--461.Google ScholarCross Ref
Sander Stepanov and Anastasios Venetsanopoulos. 2008. Random pulse train spectrum calculation unleashed. In Canadian Conference on Electrical and Computer Engineering, 2008 (CCECE’08). IEEE, 523--526.Google ScholarCross Ref
DMJ Tax. 2013. Data description toolbox dd tools 2.0.0.Google Scholar
Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware trojan taxonomy and detection. IEEE Design 8 Test of Computers 27, 1 (2010), 10--25. Google ScholarDigital Library
Panagiotis Vlacheas, Raffaele Giaffreda, Vera Stavroulaki, Dimitris Kelaidonis, Vassilis Foteinos, George Poulios, Panagiotis Demestichas, Andrey Somov, Abdur R. Biswas, and Klaus Moessner. 2013. Enabling smart cities through a cognitive management framework for the Internet of things. IEEE Communications Magazine 51, 6 (2013), 102--111.Google ScholarCross Ref
Xueyang Wang, Charalambos Konstantinou, Michail Maniatakos, and Ramesh Karri. 2015. ConFirm: Detecting firmware modifications in embedded systems using hardware performance counters. In 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD’15). IEEE, 544--551. Google ScholarDigital Library
Kan Xiao, Domenic Forte, and Mohammad Tehranipoor. 2014. A novel built-in self-authentication technique to prevent inserting hardware trojans. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 33, 12 (2014), 1778--1791.Google ScholarCross Ref
Kan Xiao, Xuehui Zhang, and Mohammad Tehranipoor. 2013. A clock sweeping technique for detecting hardware trojans impacting circuits delay. IEEE Design Test 30, 2 (2013), 26--34.Google ScholarCross Ref
Bo Yan and Guangwen Huang. 2009. Supply chain information transmission based on RFID and Internet of things. In ISECS International Colloquium on Computing, Communication, Control, and Management, 2009 (CCCM’09). Vol. 4. IEEE, 166--169.Google ScholarCross Ref
Qiaoyan Yu and Jonathan Frey. 2013. Exploiting error control approaches for hardware trojans on network-on-chip links. In Proceedings of the International Symposium on Defect and Fault Tolerance in VLSI and NanoTech. Systems. 266--271.Google ScholarCross Ref

Index Terms

Remote Detection of Unauthorized Activity via Spectral Analysis
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Malicious design modifications
      2. Side-channel analysis and countermeasures

Recommendations

Remote detection of unauthorized activity via spectral analysis: work-in-progress
CODES '17: Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis Companion

Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. This paper presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique ...
Read More
Edge-Based Intrusion Detection for IoT devices
Special Issue on Analytics for Cybersecurity and Privacy, Part 1

As the Internet of Things (IoT) is estimated to grow to 25 billion by 2021, there is a need for an effective and efficient Intrusion Detection System (IDS) for IoT devices. Traditional network-based IDSs are unable to efficiently detect IoT malware and ...
Read More
Towards effectively feature graph-based IoT botnet detection via reinforcement learning

Over the last decade, due to exponential growth in IoT devices and weak security mechanisms, the IoT is now facing more security challenges than ever before, especially botnet malware. There are many security solutions in detecting botnet malware on IoT ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Design Automation of Electronic Systems Volume 23, Issue 6
Special Issue on Internet of Things System Performance, Reliability, and Security
November 2018
288 pages
ISSN:1084-4309
EISSN:1557-7309
DOI:10.1145/3291062
Editor:
Naehyuck Chang
Korea Advanced Institute of Science and Technology, Korea
Issue’s Table of Contents
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 28 November 2018
- Accepted: 1 September 2018
- Revised: 1 June 2018
- Received: 1 July 2017
Published in todaes Volume 23, Issue 6

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
EM emission
IoT security
hardware/firmware trojan detection
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 396
  Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Remote Detection of Unauthorized Activity via Spectral Analysis

ACM Transactions on Design Automation of Electronic Systems

Abstract

References

Cited By

Index Terms

Recommendations

Remote detection of unauthorized activity via spectral analysis: work-in-progress

Edge-Based Intrusion Detection for IoT devices

Towards effectively feature graph-based IoT botnet detection via reinforcement learning