Skip to main content
SpringerLink
Log in

Verifying Software Integrity in Embedded Systems: A Side Channel Approach

  • Conference paper
  • First Online:
Book cover Constructive Side-Channel Analysis and Secure Design (COSADE 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8622))

Abstract

In the last few decades embedded processors have invaded the modern lifestyle. Embedded systems have hardware and software components. Assuring the integrity of the software is very important as it is the component that controls what the hardware does through its instructions. Although there exist a number of software integrity verification techniques, they often fail to work in embedded environment. One main reason is, the memory read protection, frequently implemented in today’s microprocessors, that prevent the verifier from reading out the necessary software parts. In this paper we show that side channel leakage (power consumption) can be used to verify the integrity of the software component without prior knowledge of the software code. Our approach uses instruction-level power consumption templates to extract information about executed instructions by the processor. Then this information together with pre-computed signatures are used to verify the integrity of the executed application using RSA signature screening algorithm. The instruction-level templates are constructed ahead of time using few authentic reference processors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Defense Advanced Research Projects Agency: Darpa baa06-40, a trust for integrated circuits, Visited, May 2013. https://www.fbo.gov/index?s=opportunity&mode=form&id=db4ea611cad3764814b6937fcab2180a&tab=core&_cview=1

  2. Lieberman, J.I.: The national security aspects of the global migration of the U.S. semiconductor industry, Visited, May 2013. http://www.fas.org/irp/congress/2003_cr/s060503.html

  3. Defense Science Board Task Force: High performance microchip supply, Visited, May 2013. http://www.acq.osd.mil/dsb/reports/ADA435563.pdf

  4. U.S. Department of Commerce: Defense industrial base assessment: counterfeit electronics. Technical report, Bureau of Industry and Security, Office of Technology Evaluation, January 2010. http://www.bis.doc.gov/defenseindustrialbaseprograms/osies/defmarketresearchrpts/final_counterfeit_electronics_report.pdf

  5. Koushanfar, F., Sadeghi, A.-R., Seudie, H.: EDA for secure and dependable cybercars: challenges and opportunities. In: 2012 49th ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 220–228 (2012)

    Google Scholar 

  6. Larson, J.: The Cardio-pneumo-psychogram in deception. J. Exp. Psychol. 6(6), 420–454 (1923). http://books.google.co.uk/books?id=b6appwAACAAJ

    Article  Google Scholar 

  7. Wei, S., Nahapetian, A., Potkonjak, M.: Robust passive hardware metering. In: International Conference on Computer-Aided Design (ICCAD), 7–10 November 2011, pp. 802–809. IEEE (2011)

    Google Scholar 

  8. Chakravarthi, S., Krishnan, A.T., Reddy, V., Machala, C.F., Krishnan, S.: A comprehensive framework for predictive modeling of negative bias temperature instability. In: 2004 IEEE International Reliability Physics Symposium Proceedings 42nd Annual, pp. 273–282 (2004)

    Google Scholar 

  9. Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan detection using IC fingerprinting. In: IEEE Symposium on Security and Privacy 2007, SP ’07, pp. 296–310 (2007)

    Google Scholar 

  10. Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  11. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  12. Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, P., Quisquater, J.-J., Willems, J.-L.: A practical implementation of the timing attack. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820. Springer, Heidelberg (2000)

    Google Scholar 

  13. Arnaud, C., Fouque, P.-A.: Timing attack against protected RSA-CRT implementation used in PolarSSL. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 18–33. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  14. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  15. Popp, T., Mangard, S., Oswald, E.: Power analysis attacks and countermeasures. IEEE Des. Test Comput. 24(6), 535–543 (2007)

    Article  Google Scholar 

  16. Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  17. Gu, K., Wu, L., Li, X., Zhang, X.: Design and implementation of an electromagnetic analysis system for smart cards. In: Wang, Y., Cheung, Y., Guo, P., Wei, P., (eds) CIS, Sanya, Hainan, China, 3–4 December 2011, pp. 653–656. IEEE (2011)

    Google Scholar 

  18. Van Eck, W., Laborato, N.: Electromagnetic radiation from video display units: an eavesdropping risk? Comput. Secur. 4, 269–286 (1985)

    Article  Google Scholar 

  19. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, New York (2002)

    Book  Google Scholar 

  20. Tuchman, W.: A brief history of the data encryption standard. In: Denning, D., Denning, P. (eds.) Internet Besieged, pp. 275–280. ACM Press, New York (1998)

    Google Scholar 

  21. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  22. Oswald, D., Paar, C.: Breaking mifare DESFire MF3ICD40: power analysis and templates in the real world. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 207–222. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  23. Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering Java Card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007)

    Google Scholar 

  24. Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. Trans. Comput. Sci. 6340, 78–99 (2010)

    MathSciNet  Google Scholar 

  25. Clavier, C.: Side channel analysis for reverse engineering (SCARE) - an improved attack against a secret A3/A8 GSM algorithm. IACR Cryptology ePrint Archive 2004:49 (2004)

    Google Scholar 

  26. Lee, S., Ermedahl, A., Min, S.L., Chang, N.: An accurate instruction-level energy consumption model for embedded RISC processors. In: Hong, S., Pande, S., (eds.) LCTES/OM, Snowbird, Utah, USA, 22–23 June 2001, pp. 1–10. ACM (2001)

    Google Scholar 

  27. Kavvadias, N., Neofotistos, P., Nikolaidis, S., Kosmatopoulos, C.A., Laopoulos, T.: Measurements analysis of the software-related power consumption in microprocessors. IEEE Trans. Instrum. Measur. 53(4), 1106–1112 (2004)

    Article  Google Scholar 

  28. Mayes, K., Markantonakis, K., Chen, C.: Smart card platform-fingerprinting. Advanced Card Technology, pp. 78–82 (2006)

    Google Scholar 

  29. Becker, G.T., Strobel, D., Paar, C., Burleson, W.: Detecting software theft in embedded systems: a side-channel approach. IEEE Trans. Inf. Forensics Secur. 7(4), 1144–1154 (2012)

    Article  Google Scholar 

  30. Coron, J.-S., Naccache, D.: On the security of RSA screening. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, p. 197. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  31. Bishop, C.M., Nasrabadi, N.M.: Pattern recognition and machine learning. J. Electron. Imaging 16(4), 049901 (2007)

    Article  Google Scholar 

  32. Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  33. Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  34. Berrendero, J.R., Justel, A., Svarc, M.: Principal components for multivariate functional data. Comput. Stat. Data Anal. 55(9), 2619–2634 (2011)

    Article  MathSciNet  Google Scholar 

  35. Strang, G.: Introduction to Linear Algebra, vol. 3. Wellesley-Cambridge Press, Wellesley (2003)

    Google Scholar 

  36. Wang, L., Zhang, Y., Feng, J.: On the Euclidean distance of images. IEEE Trans. Pattern Anal. Mach. Intell. 27(8), 1334–1339 (2005)

    Article  Google Scholar 

  37. Deza, M.M., Deza, E.: Encyclopedia of Distances. Springer, Heidelberg (2009)

    Book  MATH  Google Scholar 

  38. Web site: Tutorial for learning assembly language for the AVR-Single-Chip-Processors, Visited, October 2013. http://www.avr-asm-tutorial.net/avr_en/

  39. Web site: AVR freaks, Visited, October 2013. http://www.avrfreaks.net/

  40. Teledyne LeCroy: Teledyne LeCroy website, Visited, February 2013. http://www.teledynelecroy.com

  41. Pomona Electronics: 6069A scope probe, website, Visited, October 2012. www.pomonaelectronics.com/pdf/d4550b-sp150b_6_01.pdf

  42. Kohenen, T.: Self-organized formation of topologically correct feature maps. Biol. Cybern. 43(1), 59–69 (1982)

    Article  Google Scholar 

  43. Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)

    MATH  Google Scholar 

  44. Kohenen, T.: Learning vector quantization. In: Self-Organizing Maps. Springer, Heidelberg (2001)

    Google Scholar 

  45. Rish, I.: An empirical study of the Naive Bayes classifier. IJCAI 2001 Workshop on Empirical Methods in Artificial Intelligence 3(22): 41–46 (2001)

    Google Scholar 

  46. Gut, A.: An Intermediate Course in Probability, 2nd edn. Springer, New York (2009). (Department of Mathematics, Uppsala University, Sweden)

    Book  MATH  Google Scholar 

  47. Deutsche Bank AG and Contributors: Cryptool 1-4-31, Downloaded, May 2013. http://www.cryptool.org/en/jct-downloads-en

  48. National Institute of Standards and Technology: FIPS 180–2, secure hash standard, federal information processing standard (FIPS), publication 180–2. Technical report, Department Of Commerce (1995)

    Google Scholar 

  49. Rivest, R.: RFC 1321: The MD5 message-digest algorithm, April 1992

    Google Scholar 

  50. Coron, J.-S., Goubin, L.: On Boolean and arithmetic masking against differential power analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, p. 231. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  51. Bo, Y., Xiangyu, L., Cong, C.: An AES chip with DPA resistance using hardware-based random order execution. J. Semicond. 33(6), 065009-8 (2012)

    Google Scholar 

  52. Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, p. 252. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, TW20 0EX, UK

    Mehari Msgna, Konstantinos Markantonakis & Keith Mayes

  2. Département D’informatique, École Normale Supérieure, 45 Rue D’Ulm, 75230, Paris Cedex 05, France

    David Naccache

Authors
  1. Mehari Msgna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Naccache
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mehari Msgna .

Editor information

Editors and Affiliations

  1. FNISA, Paris, France

    Emmanuel Prouff

Appendices

Appendix

A Selected AVR Instructions

Out of the 130 instructions supported by ATMega163 microcontroller we have selected 39 instructions for our experiment. In Table 1 we present the notations use in Table 2.

Table 1. Notations used in Table 2
Full size table
Table 2. AVR’s 39 instructions selected for the experiment.
Full size table

In Table 2, the first column is the list of selected instructions followed by their description. The third column is the operation that the instructions accomplish when executed. The forth column is the number of clock cycles that the instructions take to be executed.

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Msgna, M., Markantonakis, K., Naccache, D., Mayes, K. (2014). Verifying Software Integrity in Embedded Systems: A Side Channel Approach. In: Prouff, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2014. Lecture Notes in Computer Science(), vol 8622. Springer, Cham. https://doi.org/10.1007/978-3-319-10175-0_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10175-0_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10174-3

  • Online ISBN: 978-3-319-10175-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation