TY - JOUR
T1 - Remote detection of unauthorized activity via spectral analysis
AU - Karabacak, Fatih
AU - Ogras, Umit
AU - Ozev, Sule
N1 - Funding Information:
This work was supported partially by National Science Foundation (NSF) grant CNS-1651624.
Funding Information:
This work was supported partially by National Science Foundation (NSF) grant CNS-1651624. Authors’ addresses: F. Karabacak, Intel, 5000 W Chandler Blvd, Chandler, AZ 85226; email: fatih.karabacak@intel.com; U. Ogras and S. Ozev, Arizona State University, ISTB4, Tempe, AZ 85281; emails: {umit, sozev}@asu.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. © 2018 Association for Computing Machinery. 1084-4309/2018/11-ART81 $15.00 https://doi.org/10.1145/3276770
PY - 2018/12
Y1 - 2018/12
N2 - Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated detection algorithms on these devices due to limited computational power and energy and, in some cases, lack of accessibility. This article presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, we are able to differentiate trojan activity without using a golden reference, or any knowledge of the attributes of the trojan activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120cm distance.
AB - Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated detection algorithms on these devices due to limited computational power and energy and, in some cases, lack of accessibility. This article presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, we are able to differentiate trojan activity without using a golden reference, or any knowledge of the attributes of the trojan activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120cm distance.
KW - EM emission
KW - Hardware/firmware trojan detection
KW - IoT security
UR - http://www.scopus.com/inward/record.url?scp=85061256972&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061256972&partnerID=8YFLogxK
U2 - 10.1145/3276770
DO - 10.1145/3276770
M3 - Article
AN - SCOPUS:85061256972
VL - 23
JO - ACM Transactions on Design Automation of Electronic Systems
JF - ACM Transactions on Design Automation of Electronic Systems
SN - 1084-4309
IS - 6
M1 - 81
ER -