Special session: emerging (Un-)reliability based security threats and mitigations for embedded systems

This paper addresses two reliability-based security threats and mitigations for embedded systems namely, aging and thermal side channels. Device aging can be used as a hardware attack vector by using voltage scaling or specially crafted instruction sequences to violate embedded processor guard bands. Short-term aging effects can be utilized to cause transient degradation of the embedded device without leaving any trace of the attack. (Thermal) side channels can be used as an attack vector and as a defense. Specifically, thermal side channels are an effective and secure way to remotely monitor code execution on an embedded processor and/or to possibly leak information. Although various algorithmic means to detect anomaly are available, machine learning tools are effective for anomaly detection. We will show such utilization of deep learning networks in conjunction with thermal side channels to detect code injection/modification representing anomaly.

[1]  Robert J. Turk Cyber Incidents Involving Control Systems , 2005 .

[2]  G. Groeseneken,et al.  Time and workload dependent device variability in circuit simulations , 2011, 2011 IEEE International Conference on IC Design & Technology.

[3]  G. Wolrich,et al.  A high performance floating point coprocessor , 1984, IEEE Journal of Solid-State Circuits.

[4]  C. Martin 2015 , 2015, Les 25 ans de l’OMC: Une rétrospective en photos.

[5]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[6]  Ramesh Karri,et al.  Reusing Hardware Performance Counters to Detect and Identify Kernel Control-Flow Modifying Rootkits , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[7]  양희영 2005 , 2005, Los 25 años de la OMC: Una retrospectiva fotográfica.

[8]  Jörg Henkel,et al.  Interdependencies of Degradation Effects and Their Impact on Computing , 2017, IEEE Design & Test.

[9]  Francky Catthoor,et al.  NBTI Monitoring and Design for Reliability in Nanoscale Circuits , 2011, 2011 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems.

[10]  Mordechai Guri,et al.  BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[11]  Pankaj Rohatgi Improved Techniques for Side-Channel Analysis , 2009, Cryptographic Engineering.

[12]  Michael Hutter,et al.  The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[13]  A. James 2010 , 2011, Philo of Alexandria: an Annotated Bibliography 2007-2016.

[14]  Simon W. Moore,et al.  Security evaluation against electromagnetic analysis at design time , 2005, Tenth IEEE International High-Level Design Validation and Test Workshop, 2005..

[15]  2013 , 2018, Eu minha tía e o golpe do atraso.

[16]  Ramesh Karri,et al.  MAGIC: Malicious Aging in Circuits/Cores , 2015, TACO.

[17]  Yu Cao,et al.  The Impact of NBTI Effect on Combinational Circuit: Modeling, Simulation, and Analysis , 2010, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[18]  Pramodita Sharma 2012 , 2013, Les 25 ans de l’OMC: Une rétrospective en photos.

[19]  Ramesh Karri,et al.  Process-aware side channel monitoring for embedded control system security , 2017, 2017 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC).

[20]  Olivier Meynard,et al.  Characterization of the Electromagnetic Side Channel in Frequency Domain , 2010, Inscrypt.

[21]  Souvik Mahapatra,et al.  Combined trap generation and transient trap occupancy model for time evolution of NBTI during DC multi-cycle and AC stress , 2015, 2015 IEEE International Reliability Physics Symposium.

[22]  François-Xavier Standaert,et al.  Introduction to Side-Channel Attacks , 2010, Secure Integrated Circuits and Systems.

[23]  Jörg Henkel,et al.  Connecting the physical and application level towards grasping aging effects , 2015, 2015 IEEE International Reliability Physics Symposium.

[24]  Daniel Genkin,et al.  Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation , 2015, CHES.

[25]  Yu Cao,et al.  Predictive Modeling of the NBTI Effect for Reliable Design , 2006, IEEE Custom Integrated Circuits Conference 2006.

[26]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[27]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[28]  Jörg Henkel,et al.  Lucid infrared thermography of thermally-constrained processors , 2015, 2015 IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED).

[29]  D. Varghese,et al.  A comprehensive model for PMOS NBTI degradation: Recent progress , 2007, Microelectron. Reliab..

[30]  Florence March,et al.  2016 , 2016, Affair of the Heart.

[31]  Georg Sigl,et al.  Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment , 2015, COSADE.

[32]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[33]  J. H. Reed,et al.  Enhancing Smart Grid cyber security using power fingerprinting: Integrity assessment and intrusion detection , 2012, 2012 Future of Instrumentation International Workshop (FIIW) Proceedings.

[34]  Ramesh Karri,et al.  Cybersecurity for Control Systems: A Process-Aware Perspective , 2016, IEEE Design & Test.

[35]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[36]  Ramesh Karri,et al.  NumChecker: Detecting kernel control-flow modifying rootkits by using Hardware Performance Counters , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[37]  Carlisle M. Adams,et al.  On Acoustic Covert Channels Between Air-Gapped Systems , 2014, FPS.

[38]  M. Anand “1984” , 1962 .

[39]  Jörg Henkel,et al.  Reliability in Super- and Near-Threshold Computing: A Unified Model of RTN, BTI, and PV , 2018, IEEE Transactions on Circuits and Systems I: Regular Papers.

[40]  S. M. García,et al.  2014: , 2020, A Party for Lazarus.

[41]  Milos Prvulovic,et al.  A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[42]  Stefan Katzenbeisser,et al.  Hard Drive Side-Channel Attacks Using Smartphone Magnetic Field Sensors , 2015, Financial Cryptography.

[43]  Mehrdad Nourani,et al.  Controlling Aging in Timing-Critical Paths , 2016, IEEE Design & Test.

[44]  Fabrice Paillet,et al.  FIVR — Fully integrated voltage regulators on 4th generation Intel® Core™ SoCs , 2014, 2014 IEEE Applied Power Electronics Conference and Exposition - APEC 2014.

[45]  Bruno Sinopoli,et al.  Challenges for Securing Cyber Physical Systems , 2009 .

[46]  Martin Vuagnoux,et al.  Compromising Electromagnetic Emanations of Wired and Wireless Keyboards , 2009, USENIX Security Symposium.

[47]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[48]  Mordechai Guri,et al.  AirHopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies , 2014, 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE).

[49]  S. Hewitt,et al.  2007 , 2018, Los 25 años de la OMC: Una retrospectiva fotográfica.

[50]  Rudy Lauwereins,et al.  Design, Automation, and Test in Europe , 2008 .

[51]  Ingrid Verbauwhede,et al.  Electromagnetic circuit fingerprints for Hardware Trojan detection , 2015, 2015 IEEE International Symposium on Electromagnetic Compatibility (EMC).

[52]  Michail Maniatakos,et al.  Machine learning-based defense against process-aware attacks on Industrial Control Systems , 2016, 2016 IEEE International Test Conference (ITC).

[53]  Dakshi Agrawal,et al.  Templates as Master Keys , 2005, CHES.

[54]  Wenyuan Xu,et al.  WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices , 2013, HealthTech.

[55]  Michael Hanspach,et al.  On Covert Acoustical Mesh Networks in Air , 2014, J. Commun..

[56]  Jörg Henkel,et al.  Aging-aware voltage scaling , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[57]  Christof Paar,et al.  Side-Channel Analysis of Cryptographic RFIDs with Analog Demodulation , 2011, RFIDSec.

[58]  Jörg Henkel,et al.  Impact of BTI on dynamic and static power: From the physical to circuit level , 2017, 2017 IEEE International Reliability Physics Symposium (IRPS).

[59]  D. Schroder,et al.  Negative bias temperature instability: Road to cross in deep submicron silicon semiconductor manufacturing , 2003 .

[60]  Jörg Henkel,et al.  Reliability-aware design to suppress aging , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[61]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .

[62]  Elisabeth Oswald,et al.  Practical Template Attacks , 2004, WISA.

[63]  Alexander Kmentt 2017 , 2018, The Treaty Prohibiting Nuclear Weapons.

[64]  Ulrike Goldschmidt Modeling And Adaptive Nonlinear Control Of Electric Motors , 2016 .

[65]  Jörg Henkel,et al.  Towards interdependencies of aging mechanisms , 2014, 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[66]  Denis Réal,et al.  Practical Electromagnetic Template Attack on HMAC , 2009, CHES.

[67]  John Keane,et al.  An All-In-One Silicon Odometer for Separately Monitoring HCI, BTI, and TDDB , 2010, IEEE Journal of Solid-State Circuits.

[68]  Adrian Thillard,et al.  How to Estimate the Success Rate of Higher-Order Side-Channel Attacks , 2014, IACR Cryptol. ePrint Arch..

[69]  蕭瓊瑞撰述,et al.  2009 , 2019, The Winning Cars of the Indianapolis 500.

[70]  A. Piperno,et al.  2003 , 2003, Intensive Care Medicine.

[71]  Mordechai Guri,et al.  GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies , 2015, USENIX Security Symposium.

[72]  Michail Maniatakos,et al.  ConFirm: Detecting firmware modifications in embedded systems using Hardware Performance Counters , 2015, 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).