Classifying Proprietary Firmware on a Solid State Drive Using Idle State Current Draw Measurements

Solid state drives (SSDs) are coming under increased scrutiny as their popularity continues to grow. SSDs differ from their hard disk drive predecessors because they include an onboard layer of firmware to perform required maintenance tasks related to data location mapping, write performance, and drive lifetime management. This firmware layer is transparent to the user and can be difficult to characterize despite its clear potential to impact drive behavior. Flaws and vulnerabilities in this firmware layer have become increasingly common. In this work, we propose and analyze a technique to classify different versions of proprietary firmware on an SSD through the use of current draw measurements. We demonstrate that major groupings of firmware can be classified using current draw measurements not only from explicitly active drive states such as read and write but also from the low power idle state. We achieve pairwise classifications rates near 100% between firmware examples in these different major groupings. Coupling these results with firmware release information, we are able to infer major updates in the firmware timeline for the SSD we examined. We also develop an anomaly detector and achieve detection rates of 100% for samples that reside outside of the reference grouping.

[1]  Sungjin Lee,et al.  SSD-Insider: Internal Defense of Solid-State Drive against Ransomware with Perfect Data Recovery , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[2]  Hau T. Ngo,et al.  Towards detection of modified firmware on solid state drives via side channel analysis , 2018, MEMSYS.

[3]  Ashutosh Kumar Singh,et al.  The Elements of Statistical Learning: Data Mining, Inference, and Prediction , 2010 .

[4]  Wen-Zhan Song,et al.  Energy audition based cyber-physical attack detection system in IoT , 2019, ACM TUR-C.

[5]  Ryan McDowell,et al.  Using Current Draw Analysis to Identify Suspicious Firmware Behavior in Solid State Drives , 2019, 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[6]  C. Steger,et al.  Energy Consumption Measurement Technique for Automatic Instruction Set Characterization of Embedded Processors , 2007, 2007 IEEE Instrumentation & Measurement Technology Conference IMTC 2007.

[7]  Aurélien Francillon,et al.  Implementation and implications of a stealth hard-drive backdoor , 2013, ACSAC.

[8]  A. Satoh,et al.  Side-Channel Attack Standard Evaluation Board SASEBO-W for Smartcard Testing , 2011 .

[9]  P. Welch The use of fast Fourier transform for the estimation of power spectra: A method based on time averaging over short, modified periodograms , 1967 .

[10]  H.-S. Philip Wong,et al.  Phase-Change Memory—Towards a Storage-Class Memory , 2017, IEEE Transactions on Electron Devices.

[11]  Hau T. Ngo,et al.  Monitoring Device Current to Characterize Trim Operations of Solid-State Drives , 2019, IEEE Transactions on Information Forensics and Security.

[12]  Bernard van Gastel,et al.  Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[13]  Christof Paar,et al.  SCANDALee: A side-ChANnel-based DisAssembLer using local electromagnetic emanations , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[15]  V. Cruz Machado,et al.  Identifying vulnerabilities in the supply chain , 2009, 2009 IEEE International Conference on Industrial Engineering and Engineering Management.

[16]  Jongmoo Choi,et al.  SSD Characterization: From Energy Consumption's Perspective , 2011, HotStorage.

[17]  Hau T. Ngo,et al.  Classifying Solid State Drive Firmware via Side-Channel Current Draw Analysis , 2018, 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[18]  Carlos Aguayo Gonzalez,et al.  Detecting Malicious Software Execution in Programmable Logic Controllers Using Power Fingerprinting , 2014, Critical Infrastructure Protection.

[19]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[20]  Kevin D. Fairbanks,et al.  Inferring File System of Solid State Drives based on Current Consumption , 2017, 2017 IEEE 7th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems (CYBER).

[21]  Hau T. Ngo,et al.  Inferring read and write operations of solid-state drives based on energy consumption , 2016, 2016 IEEE 7th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).