ABSTRACT
With the proliferation of Internet of Things, there is a growing interest in embedded system attacks, e.g., key extraction attacks and firmware modification attacks. Code execution tracking, as the first step to locate vulnerable instruction pieces for key extraction attacks and to conduct control-flow integrity checking against firmware modification attacks, is therefore of great value. Because embedded systems, especially legacy embedded systems, have limited resources and may not support software or hardware update, it is important to design low-cost code execution tracking methods that require as little system modification as possible. In this work, we propose a non-intrusive code execution tracking solution via power-side channel, wherein we represent the code execution and its power consumption with a revised hidden Markov model and recover the most likely executed instruction sequence with a revised Viterbi algorithm. By observing the power consumption of the microcontroller unit during execution, we are able to recover the program execution flow with a high accuracy and detect abnormal code execution behavior even when only a single instruction is modified.
- P. C. Kocher, phet al. Differential power analysis. In Proc. of Advances in Cryptology (CRYPTO), 1999. Google ScholarDigital Library
- P. Dusart, phet al. Differential fault analysis on A.E.S. In Proc. of Applied Cryptography and Network Security (ACNS), 2003.Google ScholarCross Ref
- A. Cui, phet al. When firmware modifications attack: A case study of embedded exploitation. In NDSS, 2013.Google Scholar
- A. Francillon and C. Castelluccia. Code injection attacks on harvard-architecture devices. In Proc. of Conference on Computer and Communications Security (CCS), 2008. Google ScholarDigital Library
- T. Goodspeed. Exploiting wireless sensor networks over 802.15. 4. In Texas Instruments Developper Conference, 2008.Google Scholar
- M. Abadi, phet al. Control-flow integrity. In Proc. of Conference on Computer and Communications Security (CCS), 2005. Google ScholarDigital Library
- Ú. Erlingsson, et al. XFI: software guards for system address spaces. In Proc.s of Symposium on Operating Systems Design and Implementation (OSDI), 2006. Google ScholarDigital Library
- Y. Cheng, et al. Ropecker: A generic and practical approach for defending against ROP attacks. In Proc. of Network and Distributed System Security Symposium (NDSS), 2014.Google ScholarCross Ref
- V. Pappas, phet al. Transparent ROP exploit mitigation using indirect branch tracing. In Proc. of USENIX Security Symposium (USENIX Security), 2013. Google ScholarDigital Library
- L. Davi, et al. HAFIX: hardware-assisted flow integrity extension. In Proc. of Design Automation Conference (DAC), 2015. Google ScholarDigital Library
- M. Milenkovic, et al. Hardware support for code integrity in embedded processors. In Proc. of International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (CASES), 2005. Google ScholarDigital Library
- F. A. T. Abad, et al. On-chip control flow integrity check for real time embedded systems. In Proc. of Cyber-Physical Systems, Networks, and Applications (CPSNA), 2013.Google ScholarCross Ref
- T. Eisenbarth, et al. Building a side channel based disassembler. Transactions on Computational Science, 2010. Google ScholarDigital Library
- OpenSSL. https://www.openssl.org/.Google Scholar
- D. Genkin, et al. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Proc. of Advances in Cryptology (CRYPTO), 2014.Google ScholarCross Ref
- N. Benhadjyoussef, et al. The research of correlation power analysis on a aes implementations. Journal of Intelligent Computing Volume, 2011.Google Scholar
- E. Brier, et al. Correlation power analysis with a leakage model. In Proc. of Cryptographic Hardware and Embedded Systems (CHES), 2004.Google ScholarCross Ref
- J. Balasch, et al. An in-depth and black-box characterization of the effects of clock glitches on 8-bit mcus. In Proc. of Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2011. Google ScholarDigital Library
- A. Dehbaoui, et al. Electromagnetic transient faults injection on a hardware and a software implementations of AES. In Proc. of Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2012. Google ScholarDigital Library
- NIST FIPS Pub. Advanced encryption standard (AES). Federal Information Processing Standards Publication, 2001.Google Scholar
- P. Derbez, et al. Meet-in-the-middle and impossible differential fault analysis on AES. In Proc. of Cryptographic Hardware and Embedded Systems (CHES), 2011. Google ScholarDigital Library
- Y. Liu, et al. DERA: yet another differential fault attack on cryptographic devices based on error rate analysis. In Proc. of Design Automation Conference (DAC), 2015. Google ScholarDigital Library
- R. Lashermes, et al. A DFA on AES based on the entropy of error distributions. In Proc. of Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2012. Google ScholarDigital Library
- A. Moradi, et al. A generalized method of differential fault attack against AES cryptosystem. In Proc. of Cryptographic Hardware and Embedded Systems (CHES), 2006. Google ScholarDigital Library
- N. Carlini and D. Wagner. ROP is still dangerous: breaking modern defenses. In Proc. of USENIX Security Symposium (USENIX Security), 2014. Google ScholarDigital Library
- T. K. Bletsch, et al. Jump-oriented programming: a new class of code-reuse attack. In Proc. of Symposium on Information, Computer and Communications Security (ASIACCS), 2011. Google ScholarDigital Library
- A. One. Smashing the stack for fun and profit. Phrack magazine, 1996.Google Scholar
- N. Carlini, et al. Control-flow bending: On the effectiveness of control-flow integrity. In Proc. of USENIX Security Symposium (USENIX Security), 2015. Google ScholarDigital Library
- F. E. Allen. Control flow analysis. In ACM Sigplan Notices, 1970. Google ScholarDigital Library
- L. R. Rabiner. A tutorial on hidden markov models and selected applications in speech recognition. Proceedings of the IEEE, 1989.Google ScholarCross Ref
- C. Zhang, et al. Practical control flow integrity and randomization for binary executables. In Proc. of Symposium on Security and Privacy (SP), 2013. Google ScholarDigital Library
- M. Msgna, et al. The b-side of side channel leakage: Control flow security in embedded systems. In Proc. of Security and Privacy in Communication Networks (ICST), 2013.Google ScholarCross Ref
- I. Jolliffe. Principal component analysis. 2002.Google Scholar
- I. S. MacKenzie. The 8051 microcontroller. 1998. Google ScholarDigital Library
- UCR Dalton Project. http://www.cs.ucr.edu/ dalton/.%%Google Scholar
- %M. Dietrich and J. Haase. Process Variations and Probabilistic Integrated Circuit Design. 2011. Google ScholarDigital Library
- Embedded Trace Macrocells. http://www.arm.com/products/system-ip/debug-trace/trace-macrocells-etm/.Google Scholar
- C. R. A. González and J. H. Reed. Detecting unauthorized software execution in sdr using power fingerprinting. In MILITARY COMMUNICATIONS CONFERENCE, 2010-MILCOM 2010, 2010.Google ScholarCross Ref
- C. R. A. Gonzalez and J. H. Reed. Power fingerprinting in sdr integrity assessment for security and regulatory compliance. Analog Integrated Circuits and Signal Processing, 2011. Google ScholarDigital Library
- S. Stone and M. Temple. Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure. International Journal of Critical Infrastructure Protection, 2012.Google ScholarCross Ref
- S. J. Stone, et al. Detecting anomalous programmable logic controller behavior using rf-based hilbert transform features and a correlation-based verification process. International Journal of Critical Infrastructure Protection, 2015. Google ScholarDigital Library
- S. S. Clark, et al. Wattsupdoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. In 2013 USENIX Workshop on Health Information Technologies, HealthTech '13, 2013. Google ScholarDigital Library
- D. Vermoen, et al. Reverse engineering java card applets using power analysis. In Proc. of Information Security Theory and Practices (WISTP), 2007. Google ScholarDigital Library
- R. Novak. Side-channel attack on substitution blocks. In Proc. of Applied Cryptography and Network Security (ACNS), 2003.Google ScholarCross Ref
- C. Clavier. Side channel analysis for reverse engineering (SCARE) - an improved attack against a secret A3/A8 GSM algorithm. IACR Cryptology ePrint Archive, 2004.Google Scholar
- M. Goldack and I. C. Paar. Side-channel based reverse engineering for microcontrollers. Master's thesis, Ruhr-Universitat Bochum, Germany, 2008.Google Scholar
Index Terms
- On Code Execution Tracking via Power Side-Channel
Recommendations
Power-based side-channel instruction-level disassembler
DAC '18: Proceedings of the 55th Annual Design Automation ConferenceModern embedded computing devices are vulnerable against malware and software piracy due to insufficient security scrutiny and the complications of continuous patching. To detect malicious activity as well as protecting the integrity of executable ...
Side-channel analysis of MAC-Keccak hardware implementations
HASP '15: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and PrivacyAs Keccak has been selected as the new SHA-3 standard, Message Authentication Code (MAC) (MAC-Keccak) using a secret key will be widely used for integrity checking and authenticity assurance. Recent works have shown the feasibility of side-channel ...
Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityIntel Software Guard Extension (SGX) protects the confidentiality and integrity of an unprivileged program running inside a secure enclave from a privileged attacker who has full control of the entire operating system (OS). Program execution inside this ...
Comments