Abstract
Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated detection algorithms on these devices due to limited computational power and energy and, in some cases, lack of accessibility. This article presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, we are able to differentiate trojan activity without using a golden reference, or any knowledge of the attributes of the trojan activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120cm distance.
- Mohammad Abdullah Al Faruque, Sujit Rokka Chhetri, A. Canedo, and J. Wan. 2016. Forensics of Thermal Side-Channel in Additive Manufacturing Systems. Technical Report. Retrieved from http://cecs.uci.edu/files/2016/01/CECS-TR-01-16.pdf.Google Scholar
- Seyed Hashem Aref, Hamid Latifi, Mohammad Ismail Zibaii, and Mina Afshari. 2007. Fiber optic Fabry--Perot pressure sensor with low sensitivity to temperature changes for downhole application. Optics Communications 269, 2 (2007), 322--330.Google ScholarCross Ref
- Michael Backes, Markus Dürmuth, Sebastian Gerling, Manfred Pinkal, and Caroline Sporleder. 2010. Acoustic side-channel attacks on printers. In USENIX Security Symposium. 307--322. Google ScholarDigital Library
- Chongxi Bao, Domenic Forte, and Ankur Srivastava. 2014. On application of one-class SVM to reverse engineering-based hardware Trojan detection. In 2014 15th International Symposium on Quality Electronic Design (ISQED’14). IEEE, 47--54.Google ScholarCross Ref
- Shubhendu Bhasin, Jean-Luc Danger, Sylvain Guilley, Xuan Thuy Ngo, and Laurent Sauvage. 2013. Hardware trojan horses in cryptographic ip cores. In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’13). IEEE, 15--29. Google ScholarDigital Library
- Shivam Bhasin and Francesco Regazzoni. 2015. A survey on hardware trojan detection techniques. In 2015 IEEE International Symposium on Circuits and Systems (ISCAS’15). 2021--2024.Google ScholarCross Ref
- Mohammad-Mahdi Bidmeshki and Yiorgos Makris. 2015. Toward automatic proof generation for information flow policies in third-party hardware IP. In 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST’15). IEEE, 163--168.Google ScholarCross Ref
- Paul Bogdan, Miroslav Pajic, Partha Pratim Pande, and Vijay Raghunathan. 2016. Making the Internet-of-things a reality: From smart models, sensing and actuation to energy-efficient architectures. In Proceedings of the 11th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis. ACM, 25. Google ScholarDigital Library
- Robert Callan, Alenka Zajić, and Milos Prvulovic. 2014. A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society, 242--254. Google ScholarDigital Library
- Byeongju Cha and Sandeep K. Gupta. 2013. Trojan detection via delay measurements: A new approach to select paths and vectors to maximize effectiveness and minimize cost. In Proceedings of DATE, 2013. 1265--1270. Google ScholarDigital Library
- Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. 2014. A large-scale analysis of the security of embedded firmwares. In 23rd USENIX Security Symposium (USENIX Security 14). 95--110. Google ScholarDigital Library
- Ang Cui, Michael Costello, and Salvatore J Stolfo. 2013. When firmware modifications attack: A case study of embedded exploitation. In Proceedings of the 20th Symposium on Network and Distributed System Security (NDSS'13).Google Scholar
- Elke De Mulder, Pieter Buysschaert, Sıddıka Berna Örs, Peter Delmotte, Bart Preneel, Guy Vandenbosch, and Ingrid Verbauwhede. 2005. Electromagnetic analysis attack on an FPGA implementation of an elliptic curve cryptosystem. In The International Conference on Computer as a Tool, 2005 (EUROCON’05). Vol. 2. IEEE, 1879--1882.Google ScholarCross Ref
- Angelika Dohr, R. Modre-Opsrian, Mario Drobics, Dieter Hayn, and Günter Schreier. 2010. The Internet of things for ambient assisted living. In 2010 Seventh International Conference on Information Technology: New Generations (ITNG’10). IEEE, 804--809. Google ScholarDigital Library
- Dongdong Du, Seetharam Narasimhan, Rajat Subhra Chakraborty, and Swarup Bhunia. 2010. Self-referencing: A scalable side-channel approach for hardware trojan detection. In Cryptographic Hardware and Embedded Systems (CHES’10). Springer, 173--187. Google ScholarDigital Library
- Dave Evans. 2011. The Internet of Things. How the next evolution of Internet is changing everything. Cisco Internet Business Solutions Group (IBSG).Google Scholar
- Al Faruque, Mohammad Abdullah, Sujit Rokka Chhetri, Arquimedes Canedo, and Jiang Wan. 2016. Acoustic side-channel attacks on additive manufacturing systems. In Proceedings of the 7th International Conference on Cyber-Physical Systems. IEEE Press, 19. Google ScholarDigital Library
- Daniel Genkin, Itamar Pipman, and Eran Tromer. 2014. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. In Cryptographic Hardware and Embedded Systems (CHES’14). Springer, 242--260. Google ScholarDigital Library
- Daniel Genkin, Adi Shamir, and Eran Tromer. 2014. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Advances in Cryptology (CRYPTO’14). Springer, 444--461.Google Scholar
- Swaroop Ghosh, Mohammad Nasim Imtiaz Khan, Asmit De, and Jae-Won Jang. 2016. Security and privacy threats to on-chip non-volatile memories and countermeasures. In Proceedings of the 35th International Conference on Computer-Aided Design. ACM, 10. Google ScholarDigital Library
- Ricardo Graves, Giorgio Di Natale, Lejla Batina, Shivam Bhasin, Baris Ege, Apostolos Fournaris, Nele Mentens, Stjepan Picek, Francesco Regazzoni, Vladimir Rozic, Nicolas Sklavos, and Bohan Yangk. 2015. Challenges in designing trustworthy cryptographic co-processors. In 2015 IEEE International Symposium on Circuits and Systems (ISCAS’15). 2009--2012.Google ScholarCross Ref
- Ujjwal Gupta, Chetan Arvind Patil, Ganapati Bhat, Prabhat Mishra, and Umit Y. Ogras. 2017. DyPO: Dynamic Pareto-optimal configuration selection for heterogeneous MpSoCs. ACM Transactions on Embedded Computing Systems (TECS) 16, 5s (2017), 123. Google ScholarDigital Library
- Chunhua He, Bo Hou, Liwei Wang, Yunfei En, and Shaofeng Xie. 2015. A failure physics model for hardware Trojan detection based on frequency spectrum analysis. In 2015 IEEE International Reliability Physics Symposium (IRPS’15). PR.1.1--PR.1.4.Google ScholarCross Ref
- Annelie Heuser, Stjepan Picek, Sylvain Guilley, and Nele Mentens. 2016. Side-channel analysis of lightweight ciphers: Does lightweight equal easy? In International Workshop on Radio Frequency Identification: Security and Privacy Issues (RFIDSec'16). Springer, 91--104.Google Scholar
- Kangqiao Hu, Abdullah Nazma Nowroz, Sherief Reda, and Farinaz Koushanfar. 2013. High-sensitivity hardware trojan detection using multimodal characterization. In Proceedings of DATE. 1271--1276. Google ScholarDigital Library
- Hrishikesh Jayakumar, Kangwoo Lee, Woo Suk Lee, Arnab Raha, Younghyun Kim, and Vijay Raghunathan. 2014. Powering the Internet of things. In Proceedings of the 2014 International Symposium on Low Power Electronics and Design. ACM, 375--380. Google ScholarDigital Library
- Ondrej Kachman and Marcel Balaz. 2016. Optimized differencing algorithm for firmware updates of low-power devices. In 2016 IEEE 19th International Symposium on Design and Diagnostics of Electronic Circuits 8 Systems (DDECS’16). IEEE, 1--4.Google ScholarCross Ref
- Fatih Karabacak, Umit Y. Ogras, and Sule Ozev. 2016. Detection of malicious hardware components in mobile platforms. In 17th International Symposium on Quality Electronic Design (ISQED’16). IEEE Computer Society.Google ScholarCross Ref
- Sye Loong Keoh, Sandeep S. Kumar, and Hannes Tschofenig. 2014. Securing the Internet of things: A standardization perspective. IEEE Internet of Things Journal 1, 3 (2014), 265--275.Google ScholarCross Ref
- Lok-Won Kim, John D. Villasenor, and Cetin K. Koç. 2009. A Trojan-resistant system-on-chip bus architecture. In Proceedings of IEEE Military Communications Conference. 1--6. Google ScholarDigital Library
- Paul Kocher, Ruby Lee, Gary McGraw, Anand Raghunathan, and Srivaths Moderator-Ravi. 2004. Security as a new dimension in embedded system design. In Proceedings of the 41st Annual Design Automation Conference. ACM, 753--760. Google ScholarDigital Library
- Charalambos Konstantinou and Michail Maniatakos. 2015. Impact of firmware modification attacks on power systems field devices. In 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm’15). IEEE, 283--288.Google ScholarCross Ref
- Gregor Leander. 2016. Intrinsic code attestation by instruction chaining for embedded devices. In Security and Privacy in Communication Networks: 11th International Conference (SecureComm’15), Revised Selected Papers, Vol. 164. Springer, 97.Google Scholar
- LF Engineering Company. {n.d.}. Model L-600S ELF/VLF H-Field Loop Receiving System. Retrieved from https://www.lfengineering.com/files/pdf/L-600.pdf.Google Scholar
- Yu Liu, Yier Jin, and Yiorgos Makris. 2013. Hardware Trojans in wireless cryptographic ICs: Silicon demonstration 8 detection method evaluation. In Proceedings of the International Conference on Computer-Aided Design. IEEE Press, 399--404. Google ScholarDigital Library
- Leandros A. Maglaras and Jianmin Jiang. 2014. Intrusion detection in Scada systems using machine learning techniques. In 2014 Science and Information Conference (SAI’14). IEEE, 626--631.Google Scholar
- Seetharam Narasimhan, Xinmu Wang, Dongdong Du, Rajat Subhra Chakraborty, and Swarup Bhunia. 2011. TeSR: A robust temporal self-referencing approach for hardware trojan detection. In Proceedings of the International Symposium on Hardware-Oriented Security and Trust. 71--74.Google ScholarCross Ref
- Seetharam Narasimhan, Wen Yueh, Xinmu Wang, Saibal Mukhopadhyay, and Swarup Bhunia. 2012. Improving IC security against Trojan attacks through integration of security monitors. IEEE Design 8 Test of Computers 29, 5 (2012), 37--46.Google ScholarCross Ref
- North American Electric Reliability Council, New Jersey. 1992--2009. NERC Disturbance Reports.Google Scholar
- Abdullah Nazma Nowroz, Kangqiao Hu, Farinaz Koushanfar, and Sherief Reda. 2014. Novel techniques for high-sensitivity hardware trojan detection using thermal and power maps. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 33, 12 (2014), 1792--1805.Google ScholarCross Ref
- ODROID. n.d. Platforms, ODROID -- XU3. Retrieved from http://www.hardkernel.com/main/products/prdt_info.php?g_code=G140448267127.Google Scholar
- Maire O’Neill. 2016. Insecurity by design: Today’s IoT device security problem. Engineering 2, 1 (2016), 48--49.Google ScholarCross Ref
- Mahmudur Rahman, Bogdan Carbunar, and Madhusudan Banik. 2013. Fit and vulnerable: Attacks and defenses for a health monitoring device. arXiv preprint arXiv:1304.5672 (2013).Google Scholar
- Francesco Regazzoni and Ilia Polian. 2017. Securing the hardware of cyber-physical systems. In 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC’17). IEEE, 194--199.Google ScholarDigital Library
- Jakob Rieck. 2016. Attacks on fitness trackers revisited: A case-study of unfit firmware security. arXiv preprint arXiv:1604.03313 (2016).Google Scholar
- Ahmad-Reza Sadeghi, Christian Wachsmann, and Michael Waidner. 2015. Security and privacy challenges in industrial Internet of things. In Proceedings of the 52nd Annual Design Automation Conference. ACM, 54. Google ScholarDigital Library
- Laurent Sauvage, Sylvain Guilley, and Yves Mathieu. 2009. Electromagnetic radiations of FPGAs: High spatial resolution cartography and attack on a cryptographic module. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 2, 1 (2009), 4. Google ScholarDigital Library
- Devu Manikantan Shila, Penghe Geng, and Teems Lovett. 2016. I can detect you: Using intrusion checkers to resist malicious firmware attacks. In 2016 IEEE Symposium on Technologies for Homeland Security (HST’16). IEEE, 1--6.Google ScholarCross Ref
- Nicolas Sklavos, Ricardo Chaves, Giorgio Di Natale, and Francesco Regazzoni. 2017. Hardware Security and Trust: Design and Deployment of Integrated Circuits in a Threatened Environment. Springer. Google ScholarDigital Library
- François-Xavier Standaert, Tal G. Malkin, and Moti Yung. 2009. A unified framework for the analysis of side-channel key recovery attacks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 443--461.Google ScholarCross Ref
- Sander Stepanov and Anastasios Venetsanopoulos. 2008. Random pulse train spectrum calculation unleashed. In Canadian Conference on Electrical and Computer Engineering, 2008 (CCECE’08). IEEE, 523--526.Google ScholarCross Ref
- DMJ Tax. 2013. Data description toolbox dd tools 2.0.0.Google Scholar
- Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware trojan taxonomy and detection. IEEE Design 8 Test of Computers 27, 1 (2010), 10--25. Google ScholarDigital Library
- Panagiotis Vlacheas, Raffaele Giaffreda, Vera Stavroulaki, Dimitris Kelaidonis, Vassilis Foteinos, George Poulios, Panagiotis Demestichas, Andrey Somov, Abdur R. Biswas, and Klaus Moessner. 2013. Enabling smart cities through a cognitive management framework for the Internet of things. IEEE Communications Magazine 51, 6 (2013), 102--111.Google ScholarCross Ref
- Xueyang Wang, Charalambos Konstantinou, Michail Maniatakos, and Ramesh Karri. 2015. ConFirm: Detecting firmware modifications in embedded systems using hardware performance counters. In 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD’15). IEEE, 544--551. Google ScholarDigital Library
- Kan Xiao, Domenic Forte, and Mohammad Tehranipoor. 2014. A novel built-in self-authentication technique to prevent inserting hardware trojans. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 33, 12 (2014), 1778--1791.Google ScholarCross Ref
- Kan Xiao, Xuehui Zhang, and Mohammad Tehranipoor. 2013. A clock sweeping technique for detecting hardware trojans impacting circuits delay. IEEE Design Test 30, 2 (2013), 26--34.Google ScholarCross Ref
- Bo Yan and Guangwen Huang. 2009. Supply chain information transmission based on RFID and Internet of things. In ISECS International Colloquium on Computing, Communication, Control, and Management, 2009 (CCCM’09). Vol. 4. IEEE, 166--169.Google ScholarCross Ref
- Qiaoyan Yu and Jonathan Frey. 2013. Exploiting error control approaches for hardware trojans on network-on-chip links. In Proceedings of the International Symposium on Defect and Fault Tolerance in VLSI and NanoTech. Systems. 266--271.Google ScholarCross Ref
Index Terms
- Remote Detection of Unauthorized Activity via Spectral Analysis
Recommendations
Remote detection of unauthorized activity via spectral analysis: work-in-progress
CODES '17: Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis CompanionUnauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. This paper presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique ...
Edge-Based Intrusion Detection for IoT devices
Special Issue on Analytics for Cybersecurity and Privacy, Part 1As the Internet of Things (IoT) is estimated to grow to 25 billion by 2021, there is a need for an effective and efficient Intrusion Detection System (IDS) for IoT devices. Traditional network-based IDSs are unable to efficiently detect IoT malware and ...
Towards effectively feature graph-based IoT botnet detection via reinforcement learning
Over the last decade, due to exponential growth in IoT devices and weak security mechanisms, the IoT is now facing more security challenges than ever before, especially botnet malware. There are many security solutions in detecting botnet malware on IoT ...
Comments