Power fingerprinting in SDR integrity assessment for security and regulatory compliance
Tóm tắt
Software-Defined Radio (SDR) provides a flexible platform that facilitates radio resource management and enables new technologies and applications. Unfortunately, their reliance on software implementations makes them vulnerable to malicious software attacks that could impact their spectral emissions and disclose sensitive information. It is of critical importance for the widespread deployment of SDR to develop technologies that enable effective integrity assessment of communications platforms and timely detection of malicious intrusions. We provide further evidence of the feasibility of a novel approach called Power Fingerprinting (PFP) that enables an effective mechanism to perform integrity assessment of SDR. PFP relies on an external monitor that captures fine-grained measurements of the processor’s power consumption and compares them against stored signatures from trusted software by applying pattern recognition and signal detection techniques. Because it is implemented by an external monitor, PFP causes minimal disruption on the target system and also provides the necessary isolation to protect against malicious attacks to the monitor itself. Fine-granularity measurements deliver improved visibility into the execution status and make the PFP monitor difficult to evade, while the reliance on anomaly detection from trusted references makes it effective against zero-day attacks. We present the results of different feasibility experiments that support the applicability of PFP to SDR integrity assessment. In the first experiment, a PFP monitor is able to effectively detect the execution of a tampered routine that misconfigures the operational mode of a PICDEM Z radio platform, affecting the resulting spectral emission. In a second experiment, our monitor effectively identifies when a transmission routine is modified, affecting encryption settings. We also present an approach to improve the performance of PFP by characterizing the way a specific platform consumes power. This platform characterization, which can be done using principal component analysis or linear discriminant analysis, allows a PFP monitor to work only on the features that carry the most information. As a result, the PFP monitor is able to detect execution deviations resulting from a difference of a single bit transition, the smallest possible disruption.
Tài liệu tham khảo
Aguayo Gonzalez, C. R., & Reed, J. H. (2009). Power fingerprinting in SDR and CR integrity assessment. In IEEE military communications conference (Milcom).
Aguayo Gonzalez, C. R., & Reed, J. H. (2010). Detecting unauthorized software execution in SDR using power fingerprinting. In IEEE military communications conference (Milcom).
Aguayo Gonzalez, C. R., & Reed, J. H. (2010). Power fingerprinting in unauthorized software execution detection for sdr regulatory compliance. In Wireless innovation forum technical conference.
Bose, A., Hu, X., Shin, K., & Park, T. (2008). Behavioral detection of malware on mobile handsets. In ACM mobisys’08.
Cavallaro, L., Saxena, P., & Sekar, R. (2008). On the limits of information flow techniques for malware analysis and containment. In Lecture notes in computer science, Vol. 5137/2008, pp. 143–163. Heidelberg: Springer.
Federal Communications Commission. (2001). Authorization and use of software defined radios. ET docket no. 00-47.
Garfinkel, T., & Rosenblum, M. (2003). A virtual machine introspection based architecture for intrusion detection. In Proceedings of network & distributed system security symposium.
Garfinkel, T., Adams, K., Warfield, A., & Franklin, J. (2007). Compatibility is not transparency: Vmm detection myths and realities. In Proceedings of workshop on hot topics in operating systems.
IEEE Computer Society. (2003). Part 15.4: Wireless medium access control (MAC) and physical layer (PHY) specifications for low-rate wireless personal area networks (LR-WPANs). New York: IEEE Computer Society
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of 19th annual international cryptology conference advances in cryptology: (CRYPTO 99) (pp. 388–397).
Laopoulos, T., Neofotistos, P., Kosmatopoulos, C. A., & Nikolaidis, S. (2003). Measurement of current variations for the estimation of software-related power consumption. IEEE Transactions on Instrumentation and Measurement, 52(4), 1206–1212.
Mangard, S., Oswald, E., & Popp, T. (2007). Power analysis attacks: Revealing the secrets of smart cards. New York: Springer.
Microchip: Microchip website. http://www.microchip.com/wireles.
Mok, A. K., & Guangtian, L. (1997). Efficient run-time monitoring of timing constraints. In Proceedings of the third IEEE real-time technology and applications symposium.
Newsom, J., & Song, D. (2005). Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of IEEE symposium on security and privacy.
Nikolaidis, S., Kavvadias, N., Neofotistos, P., Kosmatopoulos, K., Laopoulos, T., & Bisdounis, L. (2002). Instrumentation setup for instruction level power modeling. Technical report. Heidelberg: Springer-Verlag.
Popp, T., Oswald, E., & Mangard, S. (2007). Power analysis attacks and countermeasures. Design & Test of Computers, IEEE, 24, 535–543.
Rad, R., Wang, X., Tehranipoor, M., & Plusquellic, J. (2008). Power supply signal calibration techniques for improving detection resolution to hardware trojans. In IEEE/ACM international conference on computer-aided design.
Chodrow, S. E., Jahanian, F., & Donner, M. (1991). Run-time monitoring of real-time systems. In Proceedings of the twelfth real-time systems symposium.
Sharif, M., Lee, W., Chui, W., & Lanzi, A. (2009). Secure in-vm monitoring using hardware virtualization. In Proceedings of ACM conference on computer and communication security.
Suh, G., Lee, J., Zang, D., & Devadas, S. (2004). Secure program execution via dynamic information flow tracking. In Proceedings of international conference on architectural support for programming languages and operating systems.
Tou, J. T., & Gonzalez, R. C. (1974). Pattern recognition principles. Reading, MA: Addison-Wesley Publishing Company.
Wang, X., Salmani, H., Tehranipoor, M., & Plusquellic, J. (2008). Hardware trojan detection and isolation using current integration and localized current analysis. In IEEE international symposium on defect and fault tolerance of VLSI systems.
Wang, X., Yin, Y., & Yu, H. (2005). Finding collisions in the full sha-1. In Proceedings of crypto ’05.
Weste, N., & Eshraghian, K. (1993). Principles of CMOS VLSI design: A systems perspective (2nd edn). Boston, MA: Addison-Wesley.
Whalen, A. D. (1971). Detection of signals in noise. New York: Academic Press.
Yang, Y. (2008). Application note: An1204 microchip miwi p2p wireless protocol. Gresham: Microchip Technology Inc.