Power fingerprinting in SDR integrity assessment for security and regulatory compliance

Article

Abstract

Software-Defined Radio (SDR) provides a flexible platform that facilitates radio resource management and enables new technologies and applications. Unfortunately, their reliance on software implementations makes them vulnerable to malicious software attacks that could impact their spectral emissions and disclose sensitive information. It is of critical importance for the widespread deployment of SDR to develop technologies that enable effective integrity assessment of communications platforms and timely detection of malicious intrusions. We provide further evidence of the feasibility of a novel approach called Power Fingerprinting (PFP) that enables an effective mechanism to perform integrity assessment of SDR. PFP relies on an external monitor that captures fine-grained measurements of the processor’s power consumption and compares them against stored signatures from trusted software by applying pattern recognition and signal detection techniques. Because it is implemented by an external monitor, PFP causes minimal disruption on the target system and also provides the necessary isolation to protect against malicious attacks to the monitor itself. Fine-granularity measurements deliver improved visibility into the execution status and make the PFP monitor difficult to evade, while the reliance on anomaly detection from trusted references makes it effective against zero-day attacks. We present the results of different feasibility experiments that support the applicability of PFP to SDR integrity assessment. In the first experiment, a PFP monitor is able to effectively detect the execution of a tampered routine that misconfigures the operational mode of a PICDEM Z radio platform, affecting the resulting spectral emission. In a second experiment, our monitor effectively identifies when a transmission routine is modified, affecting encryption settings. We also present an approach to improve the performance of PFP by characterizing the way a specific platform consumes power. This platform characterization, which can be done using principal component analysis or linear discriminant analysis, allows a PFP monitor to work only on the features that carry the most information. As a result, the PFP monitor is able to detect execution deviations resulting from a difference of a single bit transition, the smallest possible disruption.

Keywords

Power Fingerprinting Integrity Assessment SDR Pattern Recognition 

References

  1. 1.
    Aguayo Gonzalez, C. R., & Reed, J. H. (2009). Power fingerprinting in SDR and CR integrity assessment. In IEEE military communications conference (Milcom).Google Scholar
  2. 2.
    Aguayo Gonzalez, C. R., & Reed, J. H. (2010). Detecting unauthorized software execution in SDR using power fingerprinting. In IEEE military communications conference (Milcom).Google Scholar
  3. 3.
    Aguayo Gonzalez, C. R., & Reed, J. H. (2010). Power fingerprinting in unauthorized software execution detection for sdr regulatory compliance. In Wireless innovation forum technical conference.Google Scholar
  4. 4.
    Bose, A., Hu, X., Shin, K., & Park, T. (2008). Behavioral detection of malware on mobile handsets. In ACM mobisys’08.Google Scholar
  5. 5.
    Cavallaro, L., Saxena, P., & Sekar, R. (2008). On the limits of information flow techniques for malware analysis and containment. In Lecture notes in computer science, Vol. 5137/2008, pp. 143–163. Heidelberg: Springer.Google Scholar
  6. 6.
    Federal Communications Commission. (2001). Authorization and use of software defined radios. ET docket no. 00-47.Google Scholar
  7. 7.
    Garfinkel, T., & Rosenblum, M. (2003). A virtual machine introspection based architecture for intrusion detection. In Proceedings of network & distributed system security symposium.Google Scholar
  8. 8.
    Garfinkel, T., Adams, K., Warfield, A., & Franklin, J. (2007). Compatibility is not transparency: Vmm detection myths and realities. In Proceedings of workshop on hot topics in operating systems.Google Scholar
  9. 9.
    IEEE Computer Society. (2003). Part 15.4: Wireless medium access control (MAC) and physical layer (PHY) specifications for low-rate wireless personal area networks (LR-WPANs). New York: IEEE Computer SocietyGoogle Scholar
  10. 10.
    Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of 19th annual international cryptology conference advances in cryptology: (CRYPTO 99) (pp. 388–397).Google Scholar
  11. 11.
    Laopoulos, T., Neofotistos, P., Kosmatopoulos, C. A., & Nikolaidis, S. (2003). Measurement of current variations for the estimation of software-related power consumption. IEEE Transactions on Instrumentation and Measurement, 52(4), 1206–1212.Google Scholar
  12. 12.
    Mangard, S., Oswald, E., & Popp, T. (2007). Power analysis attacks: Revealing the secrets of smart cards. New York: Springer.Google Scholar
  13. 13.
    Microchip: Microchip website. http://www.microchip.com/wireles.
  14. 14.
    Mok, A. K., & Guangtian, L. (1997). Efficient run-time monitoring of timing constraints. In Proceedings of the third IEEE real-time technology and applications symposium.Google Scholar
  15. 15.
    Newsom, J., & Song, D. (2005). Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of IEEE symposium on security and privacy.Google Scholar
  16. 16.
    Nikolaidis, S., Kavvadias, N., Neofotistos, P., Kosmatopoulos, K., Laopoulos, T., & Bisdounis, L. (2002). Instrumentation setup for instruction level power modeling. Technical report. Heidelberg: Springer-Verlag.Google Scholar
  17. 17.
    Popp, T., Oswald, E., & Mangard, S. (2007). Power analysis attacks and countermeasures. Design & Test of Computers, IEEE, 24, 535–543.Google Scholar
  18. 18.
    Rad, R., Wang, X., Tehranipoor, M., & Plusquellic, J. (2008). Power supply signal calibration techniques for improving detection resolution to hardware trojans. In IEEE/ACM international conference on computer-aided design.Google Scholar
  19. 19.
    Chodrow, S. E., Jahanian, F., & Donner, M. (1991). Run-time monitoring of real-time systems. In Proceedings of the twelfth real-time systems symposium.Google Scholar
  20. 20.
    Sharif, M., Lee, W., Chui, W., & Lanzi, A. (2009). Secure in-vm monitoring using hardware virtualization. In Proceedings of ACM conference on computer and communication security.Google Scholar
  21. 21.
    Suh, G., Lee, J., Zang, D., & Devadas, S. (2004). Secure program execution via dynamic information flow tracking. In Proceedings of international conference on architectural support for programming languages and operating systems.Google Scholar
  22. 22.
    Tou, J. T., & Gonzalez, R. C. (1974). Pattern recognition principles. Reading, MA: Addison-Wesley Publishing Company.Google Scholar
  23. 23.
    Wang, X., Salmani, H., Tehranipoor, M., & Plusquellic, J. (2008). Hardware trojan detection and isolation using current integration and localized current analysis. In IEEE international symposium on defect and fault tolerance of VLSI systems.Google Scholar
  24. 24.
    Wang, X., Yin, Y., & Yu, H. (2005). Finding collisions in the full sha-1. In Proceedings of crypto ’05.Google Scholar
  25. 25.
    Weste, N., & Eshraghian, K. (1993). Principles of CMOS VLSI design: A systems perspective (2nd edn). Boston, MA: Addison-Wesley.Google Scholar
  26. 26.
    Whalen, A. D. (1971). Detection of signals in noise. New York: Academic Press.Google Scholar
  27. 27.
    Yang, Y. (2008). Application note: An1204 microchip miwi p2p wireless protocol. Gresham: Microchip Technology Inc.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.Wireless @ Virginia Tech, Virginia TechBlacksburgUSA

Personalised recommendations