Skip to main content
SpringerLink
Log in

Power fingerprinting in SDR integrity assessment for security and regulatory compliance

  • Published:
Analog Integrated Circuits and Signal Processing Aims and scope Submit manuscript

Abstract

Software-Defined Radio (SDR) provides a flexible platform that facilitates radio resource management and enables new technologies and applications. Unfortunately, their reliance on software implementations makes them vulnerable to malicious software attacks that could impact their spectral emissions and disclose sensitive information. It is of critical importance for the widespread deployment of SDR to develop technologies that enable effective integrity assessment of communications platforms and timely detection of malicious intrusions. We provide further evidence of the feasibility of a novel approach called Power Fingerprinting (PFP) that enables an effective mechanism to perform integrity assessment of SDR. PFP relies on an external monitor that captures fine-grained measurements of the processor’s power consumption and compares them against stored signatures from trusted software by applying pattern recognition and signal detection techniques. Because it is implemented by an external monitor, PFP causes minimal disruption on the target system and also provides the necessary isolation to protect against malicious attacks to the monitor itself. Fine-granularity measurements deliver improved visibility into the execution status and make the PFP monitor difficult to evade, while the reliance on anomaly detection from trusted references makes it effective against zero-day attacks. We present the results of different feasibility experiments that support the applicability of PFP to SDR integrity assessment. In the first experiment, a PFP monitor is able to effectively detect the execution of a tampered routine that misconfigures the operational mode of a PICDEM Z radio platform, affecting the resulting spectral emission. In a second experiment, our monitor effectively identifies when a transmission routine is modified, affecting encryption settings. We also present an approach to improve the performance of PFP by characterizing the way a specific platform consumes power. This platform characterization, which can be done using principal component analysis or linear discriminant analysis, allows a PFP monitor to work only on the features that carry the most information. As a result, the PFP monitor is able to detect execution deviations resulting from a difference of a single bit transition, the smallest possible disruption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Listing 1
Listing 2
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Listing 3
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Listing 4
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Listing 5
Fig. 21
Fig. 22

Similar content being viewed by others

Notes

  1. The Rayleigh distribution parameter σ is calculated using a maximum likelihood estimate from 1 − X α.

  2. In this context, a class represents the power traces that result from the execution of a specific software.

  3. Note that we are using a different feature selection approach that the one described in Sect. 4.3.

References

  1. Aguayo Gonzalez, C. R., & Reed, J. H. (2009). Power fingerprinting in SDR and CR integrity assessment. In IEEE military communications conference (Milcom).

  2. Aguayo Gonzalez, C. R., & Reed, J. H. (2010). Detecting unauthorized software execution in SDR using power fingerprinting. In IEEE military communications conference (Milcom).

  3. Aguayo Gonzalez, C. R., & Reed, J. H. (2010). Power fingerprinting in unauthorized software execution detection for sdr regulatory compliance. In Wireless innovation forum technical conference.

  4. Bose, A., Hu, X., Shin, K., & Park, T. (2008). Behavioral detection of malware on mobile handsets. In ACM mobisys’08.

  5. Cavallaro, L., Saxena, P., & Sekar, R. (2008). On the limits of information flow techniques for malware analysis and containment. In Lecture notes in computer science, Vol. 5137/2008, pp. 143–163. Heidelberg: Springer.

  6. Federal Communications Commission. (2001). Authorization and use of software defined radios. ET docket no. 00-47.

  7. Garfinkel, T., & Rosenblum, M. (2003). A virtual machine introspection based architecture for intrusion detection. In Proceedings of network & distributed system security symposium.

  8. Garfinkel, T., Adams, K., Warfield, A., & Franklin, J. (2007). Compatibility is not transparency: Vmm detection myths and realities. In Proceedings of workshop on hot topics in operating systems.

  9. IEEE Computer Society. (2003). Part 15.4: Wireless medium access control (MAC) and physical layer (PHY) specifications for low-rate wireless personal area networks (LR-WPANs). New York: IEEE Computer Society

  10. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of 19th annual international cryptology conference advances in cryptology: (CRYPTO 99) (pp. 388–397).

  11. Laopoulos, T., Neofotistos, P., Kosmatopoulos, C. A., & Nikolaidis, S. (2003). Measurement of current variations for the estimation of software-related power consumption. IEEE Transactions on Instrumentation and Measurement, 52(4), 1206–1212.

    Google Scholar 

  12. Mangard, S., Oswald, E., & Popp, T. (2007). Power analysis attacks: Revealing the secrets of smart cards. New York: Springer.

  13. Microchip: Microchip website. http://www.microchip.com/wireles.

  14. Mok, A. K., & Guangtian, L. (1997). Efficient run-time monitoring of timing constraints. In Proceedings of the third IEEE real-time technology and applications symposium.

  15. Newsom, J., & Song, D. (2005). Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of IEEE symposium on security and privacy.

  16. Nikolaidis, S., Kavvadias, N., Neofotistos, P., Kosmatopoulos, K., Laopoulos, T., & Bisdounis, L. (2002). Instrumentation setup for instruction level power modeling. Technical report. Heidelberg: Springer-Verlag.

  17. Popp, T., Oswald, E., & Mangard, S. (2007). Power analysis attacks and countermeasures. Design & Test of Computers, IEEE, 24, 535–543.

    Google Scholar 

  18. Rad, R., Wang, X., Tehranipoor, M., & Plusquellic, J. (2008). Power supply signal calibration techniques for improving detection resolution to hardware trojans. In IEEE/ACM international conference on computer-aided design.

  19. Chodrow, S. E., Jahanian, F., & Donner, M. (1991). Run-time monitoring of real-time systems. In Proceedings of the twelfth real-time systems symposium.

  20. Sharif, M., Lee, W., Chui, W., & Lanzi, A. (2009). Secure in-vm monitoring using hardware virtualization. In Proceedings of ACM conference on computer and communication security.

  21. Suh, G., Lee, J., Zang, D., & Devadas, S. (2004). Secure program execution via dynamic information flow tracking. In Proceedings of international conference on architectural support for programming languages and operating systems.

  22. Tou, J. T., & Gonzalez, R. C. (1974). Pattern recognition principles. Reading, MA: Addison-Wesley Publishing Company.

  23. Wang, X., Salmani, H., Tehranipoor, M., & Plusquellic, J. (2008). Hardware trojan detection and isolation using current integration and localized current analysis. In IEEE international symposium on defect and fault tolerance of VLSI systems.

  24. Wang, X., Yin, Y., & Yu, H. (2005). Finding collisions in the full sha-1. In Proceedings of crypto ’05.

  25. Weste, N., & Eshraghian, K. (1993). Principles of CMOS VLSI design: A systems perspective (2nd edn). Boston, MA: Addison-Wesley.

  26. Whalen, A. D. (1971). Detection of signals in noise. New York: Academic Press.

  27. Yang, Y. (2008). Application note: An1204 microchip miwi p2p wireless protocol. Gresham: Microchip Technology Inc.

Download references

Acknowledgements

The authors would like to thank Wireless @ Virginia Tech Affiliates for their support. This work was supported in part by the National Science Foundation under Grant CNS-0910531. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation or Wireless @ Virginia Tech Affiliates.

Author information

Authors and Affiliations

  1. Wireless @ Virginia Tech, Virginia Tech, Blacksburg, VA, USA

    Carlos R. Aguayo González & Jeffrey H. Reed

Authors
  1. Carlos R. Aguayo González
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeffrey H. Reed
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carlos R. Aguayo González.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Aguayo González, C.R., Reed, J.H. Power fingerprinting in SDR integrity assessment for security and regulatory compliance. Analog Integr Circ Sig Process 69, 307–327 (2011). https://doi.org/10.1007/s10470-011-9777-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10470-011-9777-4

Keywords

Search

Navigation