ABSTRACT
Modern embedded computing devices are vulnerable against malware and software piracy due to insufficient security scrutiny and the complications of continuous patching. To detect malicious activity as well as protecting the integrity of executable software, it is necessary to monitor the operation of such devices. In this paper, we propose a disassembler based on power-based side-channel to analyze the real-time operation of embedded systems at instruction-level granularity. The proposed disassembler obtains templates from an original device (e.g., IoT home security system, smart thermostat, etc.) and utilizes machine learning algorithms to uniquely identify instructions executed on the device. The feature selection using Kullback-Leibler (KL) divergence and the dimensional reduction using PCA in the time-frequency domain are proposed to increase the identification accuracy. Moreover, a hierarchical classification framework is proposed to reduce the computational complexity associated with large instruction sets. In addition, covariate shifts caused by different environmental measurements and device-to-device variations are minimized by our covariate shift adaptation technique. We implement this disassembler on an AVR 8-bit microcontroller. Experimental results demonstrate that our proposed disassembler can recognize test instructions including register names with a success rate no lower than 99.03% with quadratic discriminant analysis (QDA).
- Dakshi Agrawal, Josyula R. Rao, and Pankaj Rohatgi. 2003. Multi-channel Attacks. Springer Berlin Heidelberg, Berlin, Heidelberg, 2--16.Google Scholar
- Waqas Amir. 2016. Hackers are increasingly targeting IoT Devices with Mirai DDoS Malware. https://www.hackread.com/iot-devices-with-mirai-ddos-malware/. (Oct. 2016).Google Scholar
- Gerardo Canfora, Massimiliano Di Penta, and Luigi Cerulo. 2011. Achievements and Challenges in Software Reverse Engineering. Commun. ACM 54, 4 (April 2011), 142--151. Google ScholarDigital Library
- Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: A Library for Support Vector Machines. ACM Trans. Intell. Syst. Technol. 2, 3, Article 27 (May 2011), 27 pages. Google ScholarDigital Library
- Omar Choudary and Markus G. Kuhn. 2014. Template Attacks on Different Devices. Springer International Publishing, Cham, 179--198.Google Scholar
- Teodoro Cipresso and Mark Stamp. 2010. Software Reverse Engineering. Springer Berlin Heidelberg, Berlin, Heidelberg, 659--696.Google Scholar
- Leon Cohen. 1995. Time-frequency Analysis: Theory and Applications. Prentice-Hall, Inc., Upper Saddle River, NJ, USA. Google ScholarDigital Library
- Nicolas Debande, Youssef Souissi, M. Abdelaziz El Aabid, Sylvain Guilley, and Jean-Luc Danger. 2012. Wavelet Transform Based Pre-processing for Side Channel Analysis. In Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops (MICROW '12). 32--38. Google ScholarDigital Library
- Thomas Eisenbarth, Christof Paar, and BjÃűrn Weghenkel. 2010. Building a Side Channel Based Disassembler. In Transactions on Computational Science X, Marina L. Gavrilova, C.J. Kenneth Tan, and Edward David Moreno (Eds.). Lecture Notes in Computer Science, Vol. 6340. Springer Berlin Heidelberg, 78--99. Google ScholarDigital Library
- Jake Longo Galea, Elke De Mulder, Daniel Page, and Michael Tunstall. 2015. SoC it to EM: electromagnetic side-channel attacks on a complex system-on-chip. IACR Cryptology ePrint Archive 2015 (2015), 561.Google Scholar
- Michael Henson and Stephen Taylor. 2014. Memory Encryption: A Survey of Existing Techniques. ACM Comput. Surv. 46, 4, Article 53 (March 2014), 26 pages. Google ScholarDigital Library
- Atmel Inc. 2016. AVR Instruction set manual. (2016). http://www.atmel.com/images/Atmel-0856-AVR-Instruction-Set-Manual.pdfGoogle Scholar
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. Springer-Verlag, 388--397. Google ScholarDigital Library
- Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2007. Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer-Verlag New York, Inc., Secaucus, NJ, USA. Google ScholarDigital Library
- Muhammad Ali Mazidi, Sarmad Naimi, and Sepehr Naimi. 2010. AVR Microcontroller and Embedded Systems: Using Assembly and C (1st ed.). Prentice Hall Press, Upper Saddle River, NJ, USA. Google ScholarDigital Library
- David McCann, Carolyn Whitnall, and Elisabeth Oswald. 2016. ELMO: Emulating Leaks for the ARM Cortex-M0 without Access to a Side Channel Lab. Cryptology ePrint Archive, Report 2016/517. (2016).Google Scholar
- Amir Moradi, David Oswald, Christof Paar, and Pawel Swierczynski. 2013. Side-channel Attacks on the Bitstream Encryption Mechanism of Altera Stratix II: Facilitating Black-box Analysis Using Software Reverse-engineering. In Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays (FPGA '13). 91--100. Google ScholarDigital Library
- Mehari Msgna, Konstantinos Markantonakis, and Keith Mayes. 2014. Precise Instruction-Level Side Channel Profiling of Embedded Processors.Google Scholar
- M. Ozsoy, K. N. Khasawneh, C. Donovick, I. Gorelik, N. Abu-Ghazaleh, and D. Ponomarev. 2016. Hardware-Based Malware Detection Using Low-Level Architectural Features. IEEE Trans. Comput. 65, 11 (2016), 3332--3344. Google ScholarDigital Library
- Jungmin Park and Akhilesh Tyagi. 2016. Security Metrics for Power Based SCA Resistant Hardware Implementation. In 29th International Conference on VLSI Design and 15th International Conference on Embedded Systems, VLSID 2016, Kolkata, India, January 4-8, 2016. IEEE Computer Society, 541--546. Google ScholarDigital Library
- Emmanuel Prouff and Matthieu Rivain. 2007. A Generic Method for Secure SBox Implementation. Springer Berlin Heidelberg, Berlin, Heidelberg, 227--244. Google ScholarDigital Library
- S. Kullback and R. A. Leibler. 1951. On Information and Sufficiency. The Annals of Mathematical Statistics 22, 1 (1951), 79--86.Google ScholarCross Ref
- Daehyun Strobel, Florian Bache, David Oswald, Falk Schellenberg, and Christof Paar. 2015. Scandalee: a side-channel-based disassembler using local electromagnetic emanations. In Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, DATE 2015, Grenoble, France, March 9-13, 2015. 139--144. Google ScholarDigital Library
- Masashi Sugiyama and Motoaki Kawanabe. 2012. Machine Learning in Non-Stationary Environments: Introduction to Covariate Shift Adaptation. The MIT Press. Google ScholarDigital Library
Recommendations
Power-based Side-Channel Instruction-level Disassembler
2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC)Modern embedded computing devices are vulnerable against mal-ware and software piracy due to insufficient security scrutiny and the complications of continuous patching. To detect malicious activity as well as protecting the integrity of executable ...
Energy-efficient and high-performance instruction fetch using a block-aware ISA
ISLPED '05: Proceedings of the 2005 international symposium on Low power electronics and designThe front-end in superscalar processors must deliver high application performance in an energy-effective manner. Impediments such as multi-cycle instruction accesses, instruction-cache misses, and mispredictions reduce performance by 48% and increase ...
Flag and Register Array Based High Performance Instruction Set Architecture of Embedded Processor
CSNT '13: Proceedings of the 2013 International Conference on Communication Systems and Network TechnologiesHere, assumption is that if we add 8 numbers from register array then it takes 120ns when execution time is 5ns and register access time is 10ns. If we add same 8 number using one by one fetching from memory then it takes 840ns to add 8 numbers. In that ...
Comments