Detecting Firmware Modification on Solid State Drives via Current Draw Analysis

Abstract Solid State Drives (SSDs) have gained significant market share among data storage options in recent years due to increased speed and durability. But when compared to Hard Disk Drives (HDDs), SSDs contain additional complexity which must be managed in firmware. Some manufacturers make firmware updates available, but their proprietary protections leave end users unable to verify the authenticity of the firmware post installation. This means that attackers who are able to get a malicious firmware version installed on a victim SSD are able to operate with impunity, as the owner will have no tools for detection. We use a method for performing side channel analysis of the current drawn by an SSD to compare its behavior while running genuine firmware against its behavior when running modified firmware. We further test this method for robustness against changes in external factors such as temperature and supplied power. In each case, we train a binary classifier with samples of genuine as well as modified firmware activity and are able to discriminate between them with over 90% accuracy in most experiments. Solid State Drives are trusted to store and protect critical data, so verification of SSD firmware is an important step towards having trust and confidence in the growing landscape of embedded devices used for critical operations.

[1]  Ninghui Li,et al.  Generating Summary Risk Scores for Mobile Applications , 2014, IEEE Transactions on Dependable and Secure Computing.

[2]  Deian Stefan,et al.  Data-Provenance Verification For Secure Hosts , 2012, IEEE Transactions on Dependable and Secure Computing.

[3]  Amitai Etzioni Cyber Trust , 2019 .

[4]  Hau T. Ngo,et al.  Monitoring Device Current to Characterize Trim Operations of Solid-State Drives , 2019, IEEE Transactions on Information Forensics and Security.

[5]  Hau T. Ngo,et al.  Inferring read and write operations of solid-state drives based on energy consumption , 2016, 2016 IEEE 7th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).

[6]  John T. Robinson Analysis of steady-state segment storage utilizations in a log-structured file system with least-utilized segment cleaning , 1996, OPSR.

[7]  Ramayya Krishnan,et al.  An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure , 2010, Inf. Syst. Res..

[8]  Tim Thornburgh Social engineering: the "Dark Art" , 2004, InfoSecCD '04.

[9]  Chu-Sing Yang,et al.  Autonomous and malware-proof blockchain-based firmware update platform with efficient batch verification for Internet of Things devices , 2019, Comput. Secur..

[10]  Dhruva Acharyya,et al.  Detecting Trojans Through Leakage Current Analysis Using Multiple Supply Pad ${I}_{\rm DDQ}$s , 2010, IEEE Transactions on Information Forensics and Security.

[11]  Kevin D. Fairbanks,et al.  Inferring File System of Solid State Drives based on Current Consumption , 2017, 2017 IEEE 7th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems (CYBER).

[12]  Peter Torr,et al.  Demystifying the threat modeling process , 2005, IEEE Security & Privacy Magazine.

[13]  Heng Yin,et al.  On the Trustworthiness of Memory Analysis—An Empirical Study from the Perspective of Binary Execution , 2015, IEEE Transactions on Dependable and Secure Computing.

[14]  Paul Dyson,et al.  Cost-Effective Security , 2007, IEEE Security & Privacy.

[15]  Shouhuai Xu,et al.  Enhancing Data Trustworthiness via Assured Digital Signing , 2012, IEEE Transactions on Dependable and Secure Computing.

[16]  Hiroshi Motoda,et al.  A Flash-Memory Based File System , 1995, USENIX.

[17]  Shareeful Islam,et al.  Detecting Cyber Supply Chain Attacks on Cyber Physical Systems Using Bayesian Belief Network , 2019, 2019 International Conference on Cyber Security and Internet of Things (ICSIoT).

[18]  C. Steger,et al.  Energy Consumption Measurement Technique for Automatic Instruction Set Characterization of Embedded Processors , 2007, 2007 IEEE Instrumentation & Measurement Technology Conference IMTC 2007.

[19]  Junghee Lee,et al.  SGX-SSD: A Policy-based Versioning SSD with Intel SGX , 2020, HotStorage.

[20]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[21]  Dong Liu,et al.  Byte-level malware classification based on markov images and deep learning , 2020, Comput. Secur..

[22]  Hau T. Ngo,et al.  Classifying Proprietary Firmware on a Solid State Drive Using Idle State Current Draw Measurements , 2020, IEEE Access.

[23]  Xiaodong Zhang,et al.  Understanding intrinsic characteristics and system implications of flash memory based solid state drives , 2009, SIGMETRICS '09.

[24]  Aurélien Francillon,et al.  Implementation and implications of a stealth hard-drive backdoor , 2013, ACSAC.

[25]  Maninder Singh,et al.  Malware detection based on opcode frequency , 2016, 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT).

[26]  Yuval Elovici,et al.  Malboard: A novel user keystroke impersonation attack and trusted detection framework based on side-channel analysis , 2019, Comput. Secur..

[27]  L. J. Camp Pricing Security , 2000 .

[28]  V. Cruz Machado,et al.  Identifying vulnerabilities in the supply chain , 2009, 2009 IEEE International Conference on Industrial Engineering and Engineering Management.

[29]  Cheng Chang,et al.  Research for Vulnerability Detection of Embedded System Firmware , 2017 .

[30]  Muttukrishnan Rajarajan,et al.  Employing Program Semantics for Malware Detection , 2015, IEEE Transactions on Information Forensics and Security.

[31]  Jongmoo Choi,et al.  SSD Characterization: From Energy Consumption's Perspective , 2011, HotStorage.

[32]  Stephen A. Weis,et al.  Protecting Data In-Use from Firmware and Physical Attacks , 2014 .

[33]  P. Welch The use of fast Fourier transform for the estimation of power spectra: A method based on time averaging over short, modified periodograms , 1967 .

[34]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[35]  Carlos Aguayo Gonzalez,et al.  Detecting Malicious Software Execution in Programmable Logic Controllers Using Power Fingerprinting , 2014, Critical Infrastructure Protection.

[36]  Sriram Sankar,et al.  Datacenter Scale Evaluation of the Impact of Temperature on Hard Disk Drive Failures , 2013, TOS.

[37]  Kaijie Wu,et al.  Towards trustworthy storage using SSDs with proprietary FTL , 2017, Microprocess. Microsystems.

[38]  Marcin Wójcik,et al.  Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests , 2013, ASIACRYPT.

[39]  Hau T. Ngo,et al.  Classifying Solid State Drive Firmware via Side-Channel Current Draw Analysis , 2018, 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[40]  Robert Tibshirani,et al.  The Elements of Statistical Learning: Data Mining, Inference, and Prediction, 2nd Edition , 2001, Springer Series in Statistics.

[41]  Shay Gueron,et al.  Blinded random corruption attacks , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[42]  Wenyuan Xu,et al.  WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices , 2013, HealthTech.

[43]  Noor Ahmad Hazari,et al.  A Blockchain Technology Approach for the Security and Trust of the IC Supply Chain , 2019, 2019 IEEE National Aerospace and Electronics Conference (NAECON).

[44]  Thomas M. Coughlin Fundamentals of Flash Memory and Other Solid-State Memory Technologies , 2008 .

[45]  Lena Connolly,et al.  The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures , 2019, Comput. Secur..

[46]  Hau T. Ngo,et al.  Towards detection of modified firmware on solid state drives via side channel analysis , 2018, MEMSYS.

[47]  Mark Mohammad Tehranipoor,et al.  SMA: A System-Level Mutual Authentication for Protecting Electronic Hardware and Firmware , 2017, IEEE Transactions on Dependable and Secure Computing.

[48]  Haider Adnan Khan,et al.  Malware Detection in Embedded Systems Using Neural Network Model for Electromagnetic Side-Channel Signals , 2019, Journal of Hardware and Systems Security.

[49]  Tei-Wei Kuo,et al.  Endurance Enhancement of Flash-Memory Storage, Systems: An Efficient Static Wear Leveling Design , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[50]  Jose M. Such,et al.  Understanding Security Requirements for Industrial Control System Supply Chains , 2019, 2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[51]  Wen-Zhan Song,et al.  Energy audition based cyber-physical attack detection system in IoT , 2019, ACM TUR-C.

[52]  Katerina Goseva-Popstojanova,et al.  Malware Detection Using Power Consumption and Network Traffic Data , 2019, 2019 2nd International Conference on Data Intelligence and Security (ICDIS).

[53]  Chunhua Su,et al.  Security and Privacy for the Industrial Internet of Things: An Overview of Approaches to Safeguarding Endpoints , 2018, IEEE Signal Processing Magazine.

[54]  Bernard van Gastel,et al.  Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[55]  Paolo Tecchio,et al.  Resource efficiency, privacy and security by design: A first experience on enterprise servers and data storage products triggered by a policy process , 2017, Comput. Secur..

[56]  Bruce Potter Threat Modelling: Microsoft SDL Threat Modelling Tool , 2009 .

[57]  Lingyu Wang,et al.  Modeling Supply Chain Attacks in IEC 61850 Substations , 2019, 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm).

[58]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[59]  Alireza Ejlali,et al.  An Accurate Instruction-Level Energy Estimation Model and Tool for Embedded Systems , 2013, IEEE Transactions on Instrumentation and Measurement.

[60]  Ahmad-Reza Sadeghi,et al.  Security analysis on consumer and industrial IoT devices , 2016, 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC).

[61]  Rubén Lumbiarres-López,et al.  Hardware Architecture Implemented on FPGA for Protecting Cryptographic Keys against Side-Channel Attacks , 2018, IEEE Transactions on Dependable and Secure Computing.

[62]  Sri Parameswaran,et al.  RIJID: Random Code Injection to Mask Power Analysis based Side Channel Attacks , 2007, 2007 44th ACM/IEEE Design Automation Conference.