Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Impedance Leakage Vulnerability and its Utilization in Reverse-engineering Embedded Software (2310.03175v2)

Published 4 Oct 2023 in cs.CR, cs.IR, and eess.SP

Abstract: Discovering new vulnerabilities and implementing security and privacy measures are important to protect systems and data against physical attacks. One such vulnerability is impedance, an inherent property of a device that can be exploited to leak information through an unintended side channel, thereby posing significant security and privacy risks. Unlike traditional vulnerabilities, impedance is often overlooked or narrowly explored, as it is typically treated as a fixed value at a specific frequency in research and design endeavors. Moreover, impedance has never been explored as a source of information leakage. This paper demonstrates that the impedance of an embedded device is not constant and directly relates to the programs executed on the device. We define this phenomenon as impedance leakage and use this as a side channel to extract software instructions from protected memory. Our experiment on the ATmega328P microcontroller and the Artix 7 FPGA indicates that the impedance side channel can detect software instructions with 96.1% and 92.6% accuracy, respectively. Furthermore, we explore the dual nature of the impedance side channel, highlighting the potential for beneficial purposes and the associated risk of intellectual property theft. Finally, potential countermeasures that specifically address impedance leakage are discussed.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. J.-P. A. Yaacoub and et al., “Cyber-physical systems security: Limitations, issues and future trends,” Microprocessors and microsystems, vol. 77, p. 103201, 2020.
  2. F.-X. Standaert, “Introduction to side-channel attacks,” Secure integrated circuits and systems, pp. 27–42, 2010.
  3. M. Brisfors, M. Moraitis, and E. Dubrova, “Side-channel attack countermeasures based on clock randomization have a fundamental flaw,” Cryptology ePrint Archive, 2022.
  4. Y. Zhou and D. Feng, “Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing,” Cryptology ePrint Archive, 2005.
  5. Y. Yao, M. Yang, C. Patrick, B. Yuce, and P. Schaumont, “Fault-assisted side-channel analysis of masked implementations,” in 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).   IEEE, 2018, pp. 57–64.
  6. M. Panoff and et al., “A review and comparison of ai-enhanced side channel analysis,” ACM Journal on Emerging Technologies in Computing Systems (JETC), vol. 18, no. 3, pp. 1–20, 2022.
  7. J. Kong, O. Aciiçmez, J.-P. Seifert, and H. Zhou, “Hardware-software integrated approaches to defend against software cache-based side channel attacks,” in 2009 IEEE 15th international symposium on high performance computer architecture.   IEEE, 2009, pp. 393–404.
  8. L. Lin, M. Kasper, T. Güneysu, C. Paar, and W. Burleson, “Trojan side-channels: Lightweight hardware trojans through side-channel engineering,” in Cryptographic Hardware and Embedded Systems-CHES 2009: 11th International Workshop Lausanne, Switzerland, September 6-9, 2009 Proceedings.   Springer, 2009, pp. 382–395.
  9. S. Dunlap and et al., “Using timing-based side channels for anomaly detection in industrial control systems,” International Journal of Critical Infrastructure Protection, vol. 15, pp. 12–26, 2016.
  10. D. Spatz, D. Smarra, and I. Ternovskiy, “A review of anomaly detection techniques leveraging side-channel emissions,” Cyber Sensing 2019, vol. 11011, pp. 48–55, 2019.
  11. M. S. Awal and M. T. Rahman, “Disassembling software instruction types through impedance side-channel analysis,” in 2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2023, pp. 227–237.
  12. L. N. Nguyen and et al., “Creating a backscattering side channel to enable detection of dormant hardware trojans,” IEEE transactions on very large scale integration (VLSI) systems, vol. 27, no. 7, pp. 1561–1574, 2019.
  13. M. S. Awal, C. Thompson, and M. T. Rahman, “Utilization of impedance disparity incurred from switching activities to monitor and characterize firmware activities,” in 2022 IEEE Physical Assurance and Inspection of Electronics (PAINE), 2022, pp. 1–7.
  14. S. K. Monfared, T. Mosavirik, and S. Tajik, “Leakyohm: Secret bits extraction using impedance analysis,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023, p. 1675–1689.
  15. F. Zhang, A. Hennessy, and S. Bhunia, “Robust counterfeit pcb detection exploiting intrinsic trace impedance variations,” in 2015 ieee 33rd vlsi test symposium (vts).   IEEE, 2015, pp. 1–6.
  16. K. Iokibe and et al., “A study on evaluation board requirements for assessing vulnerability of cryptographic modules to side-channel attacks,” in 2020 IEEE International Symposium on Electromagnetic Compatibility & Signal/Power Integrity (EMCSI), 2020, pp. 528–531.
  17. Z. Wang, K. Mei, H. Ding, J. Zhai, and S. Ma, “Rethinking the reverse-engineering of trojan triggers,” Advances in Neural Information Processing Systems, vol. 35, pp. 9738–9753, 2022.
  18. “Arduino Uno Rev3,” https://docs.arduino.cc/hardware/uno-rev3, (Accessed: 14 September 2023).
  19. “Alchitry Au,” https://alchitry.com/boards/au, (Accessed: 14 September 2023).
  20. “Atmega328p specification and datasheet,” https://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-7810-Automotive-Microcontrollers-ATmega328P_Datasheet.pdf, pp. 281–284, (Accessed: 14 September 2023).
  21. M. S. Awal, A. Madanayake, and M. T. Rahman, “Nearfield rf sensing for feature-detection and algorithmic classification of tamper attacks,” IEEE Journal of Radio Frequency Identification, vol. 6, pp. 490–499, 2022.
  22. S. Maji, U. Banerjee, and A. P. Chandrakasan, “Leaky nets: Recovering embedded neural network models and inputs through simple power and timing side-channels—attacks and defenses,” IEEE Internet of Things Journal, vol. 8, no. 15, pp. 12 079–12 092, 2021.
  23. J. He, Y. Zhao, X. Guo, and Y. Jin, “Hardware trojan detection through chip-free electromagnetic side-channel statistical analysis,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 25, no. 10, pp. 2939–2948, 2017.
  24. H. Zhu, H. Shan, D. Sullivan, X. Guo, Y. Jin, and X. Zhang, “Pdnpulse: sensing pcb anomaly with the intrinsic power delivery network,” IEEE Transactions on Information Forensics and Security, 2023.
  25. D. Fujimoto, S. Nin, Y.-I. Hayashi, N. Miura, M. Nagata, and T. Matsumoto, “A demonstration of a ht-detection method based on impedance measurements of the wiring around ics,” IEEE Transactions on Circuits and Systems II: Express Briefs, vol. 65, no. 10, pp. 1320–1324, 2018.
  26. R. Munny and J. Hu, “Power side-channel attack detection through battery impedance monitoring,” in 2021 IEEE International Symposium on Circuits and Systems (ISCAS).   IEEE, 2021, pp. 1–5.
  27. K. Basu and et al., “A theoretical study of hardware performance counters-based malware detection,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 512–525, 2019.
  28. S. S. Clark, B. Ransford, A. Rahmati, S. Guineau, J. Sorber, W. Xu, and K. Fu, “{{\{{WattsUpDoc}}\}}: Power side channels to nonintrusively discover untargeted malware on embedded medical devices,” in 2013 USENIX Workshop on Health Information Technologies (HealthTech 13), 2013.
  29. Y. Han, S. Etigowni, H. Liu, S. Zonouz, and A. Petropulu, “Watch me, but don’t touch me! contactless control flow monitoring via electromagnetic emanations,” in Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, 2017, pp. 1095–1108.
  30. P. Van Aubel, K. Papagiannopoulos, Ł. Chmielewski, and C. Doerr, “Side-channel based intrusion detection for industrial control systems,” in Critical Information Infrastructures Security: 12th International Conference, CRITIS 2017, Lucca, Italy, October 8-13, 2017, Revised Selected Papers 12.   Springer, 2018, pp. 207–224.
  31. N. Boggs and et al., “Utilizing electromagnetic emanations for out-of-band detection of unknown attack code in a programmable logic controller,” in Cyber Sensing 2018, vol. 10630.   SPIE, 2018, pp. 84–99.
  32. T. Eisenbarth, C. Paar, and B. Weghenkel, “Building a side channel based disassembler,” Transactions on computational science X: special issue on security in computing, part I, pp. 78–99, 2010.
  33. Y. Liu and et al., “On code execution tracking via power side-channel,” in Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, 2016, pp. 1019–1031.
  34. M. Msgna and et al., “Precise instruction-level side channel profiling of embedded processors,” in Information Security Practice and Experience: 10th International Conference, ISPEC 2014, Fuzhou, China, May 5-8, 2014. Proceedings 10.   Springer, 2014, pp. 129–143.
  35. D. Strobel, F. Bache, D. Oswald, F. Schellenberg, and C. Paar, “Scandalee: a side-channel-based disassembler using local electromagnetic emanations,” in 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).   IEEE, 2015, pp. 139–144.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now