Skip to main content
SpringerLink
Log in

The B-Side of Side Channel Leakage: Control Flow Security in Embedded Systems

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2013)

Abstract

The security of an embedded system is often compromised when a “trusted” program is subverted to behave differently. Such as executing maliciously crafted code and/or skipping legitimate parts of a “trusted” program. Several countermeasures have been proposed in the literature to counteract these behavioural changes of a program. A common underlying theme in most of them is to define security policies at the lower level of the system in an independent manner and then check for security violations either statically or dynamically at runtime. In this paper we propose a novel method that verifies a program’s behaviour, such as the control flow, by using the device’s side channel leakage.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Feng, A., Knieser, M., Rizkalla, M.E., King, B., Salama, P., Bowen, F.: Embedded system for sensor communication and security. IET Information Security 6(2), 111–121 (2012)

    Article  Google Scholar 

  2. Shoufan, A.: A hardware security module for quadrotor communication. In: International Conference on Field-Programmable Technology (FPT), December 10-12, 2012, pp. 253–256. IEEE (2012)

    Google Scholar 

  3. Jaeger, A., Stuebing, H., Huss, S.: A dedicated hardware security module for field operational tests of Car-to-X communication. In: 4th ACM Conference on Wireless Network Security (WiSec 2011) (June 2011)

    Google Scholar 

  4. Parameswaran, S., Wolf, T.: Embedded systems security - an overview. Design Autom. for Emb. Sys. 12(3), 173–183 (2008)

    Article  Google Scholar 

  5. Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the Java Card control flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  6. Francillon, A., Castelluccia, C.: Code injection attacks on Harvard-architecture devices. In: ACM Conference on Computer and Communications Security, October 27-31, pp. 15–26. ACM (2008)

    Google Scholar 

  7. Delalleau, G.: Large memory management vulnerabilities: System, compiler and application issues, http://cansecwest.com/core05/memory_vulns_delalleau.pdf (visited April 2013)

  8. Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Hardware-assisted run-time monitoring for secure program execution on embedded processors. IEEE Trans. VLSI Syst. 14(12), 1295–1308 (2006)

    Article  Google Scholar 

  9. Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1) (2009)

    Google Scholar 

  10. Frantzen, M., Shuey, M.: StackGhost: Hardware facilitated stack protection. In: Wallach, D.S. (ed.) 10th USENIX Security Symposium, August 13-17. USENIX (2001)

    Google Scholar 

  11. Francillon, A., Perito, D., Castelluccia, C.: Defending embedded systems against control flow attacks. In: Proceedings of the First ACM Workshop on Secure Execution of Untrusted Code, SecuCode 2009, pp. 19–26. ACM, New York (2009)

    Chapter  Google Scholar 

  12. Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In: Annual Computer Security Applications Conference (ACSAC), December 11-15, pp. 339–348. IEEE Computer Society (2006)

    Google Scholar 

  13. Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium, vol. 81, pp. 346–355 (1998)

    Google Scholar 

  14. Edward Suh, G., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), October 7-13, pp. 85–96. ACM (2004)

    Google Scholar 

  15. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  16. Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, P., Quisquater, J.-J., Willems, J.-L.: A practical implementation of the timing attack. In: Quisquater, J.-J., Schneier, B. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 167–182. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  17. Arnaud, C., Fouque, P.-A.: Timing attack against protected RSA-CRT implementation used in PolarSSL. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 18–33. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  18. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  19. Popp, T., Mangard, S., Oswald, E.: Power analysis attacks and countermeasures. IEEE Design & Test of Computers 24(6), 535–543 (2007)

    Article  MATH  Google Scholar 

  20. Oswald, D., Paar, C.: Breaking Mifare DESFire MF3ICD40: Power analysis and templates in the real world. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 207–222. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  21. Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Gu, K., Wu, L., Li, X., Zhang, X.: Design and implementation of an electromagnetic analysis system for smart cards. In: Wang, Y., Cheung, Y.M., Guo, P., Wei, Y. (eds.) CIS, Sanya, Hainan, China, December 3-4, pp. 653–656. IEEE (2011)

    Google Scholar 

  23. Van Eck, W., Laborato, N.: Electromagnetic radiation from video display units: An eavesdropping risk? Computers & Security 4, 269–286 (1985)

    Article  Google Scholar 

  24. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer (2002)

    Google Scholar 

  25. Tuchman, W.: A brief history of the data encryption standard. In: Denning, D., Denning, P. (eds.) Internet Besieged, pp. 275–280. ACM Press/Addison-Wesley Publishing Co., New York (1998)

    Google Scholar 

  26. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  27. Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering Java Card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  28. Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science X. LNCS, vol. 6340, pp. 78–99. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  29. Clavier, C.: Side channel analysis for reverse engineering (SCARE) - an improved attack against a secret A3/A8 GSM algorithm. IACR Cryptology ePrint Archive 2004, 49 (2004)

    Google Scholar 

  30. Lee, S., Ermedahl, A., Min, S.L., Chang, N.: An accurate instruction-level energy consumption model for embedded RISC processors. In: Hong, S., Pande, S. (eds.) LCTES/OM, Snowbird, Utah, USA, June 22-23, pp. 1–10. ACM (2001)

    Google Scholar 

  31. Kavvadias, N., Neofotistos, P., Nikolaidis, S., Kosmatopoulos, C.A., Laopoulos, T.: Measurements analysis of the software-related power consumption in microprocessors. IEEE T. Instrumentation and Measurement 53(4), 1106–1112 (2004)

    Article  Google Scholar 

  32. Mayes, K., Markantonakis, K., Chen, C.: Smart card platform-fingerprinting. In: Advanced Card Technology, pp. 78–82 (October 2006)

    Google Scholar 

  33. Allen, F.: Control flow analysis. In: Proceedings of a Symposium on Compiler Optimization, pp. 1–19. ACM, New York (1970)

    Chapter  Google Scholar 

  34. Popp, T., Mangard, S., Oswald, E.: Power analysis attacks and countermeasures. IEEE Design & Test of Computers 24(6), 535–543 (2007)

    Article  MATH  Google Scholar 

  35. Fink, A.: Markov Models for Pattern Recognition. Springer (2008)

    Google Scholar 

  36. Rabiner, L.: A tutorial on Hidden Markov Models and selected applications in speech recognition. Proceedings of the IEEE 77(2), 257–286 (1989)

    Article  Google Scholar 

  37. Gut, A.: An Intermediate Course In Probability, 2nd edn. Springer, Department of Mathematics, Uppsala University, Sweden (2009)

    Book  MATH  Google Scholar 

  38. Berrendero, J.R., Justel, A., Svarc, M.: Principal components for multivariate functional data. Computational Statistics & Data Analysis 55(9), 2619–2634 (2011)

    Article  MathSciNet  Google Scholar 

  39. Strang, G.: Introduction to Linear Algebra, 3rd edn. Wellesley-Cambridge Press, MA (2003)

    MATH  Google Scholar 

  40. Fisher, R.A.: The use of multiple measurements in taxonomic problems. Annals of Eugenics 7, 179–188 (1936)

    Article  Google Scholar 

  41. Fukumi, M., Mitsukura, Y.: Feature generation by simple-FLDA for pattern recognition. In: CIMCA/IAWTIC, November 28-30, pp. 730–734. IEEE Computer Society (2005)

    Google Scholar 

  42. Zhang, L., Wang, D., Gao, S.: Application of improved Fisher Linear Discriminant Analysis approaches. In: International Conference on Management Science and Industrial Engineering (MSIE), pp. 1311–1314 (2011)

    Google Scholar 

  43. Forney Jr., D.: The Viterbi Algorithm: A personal history. CoRR, abs/cs/0504020 (2005)

    Google Scholar 

  44. Teledyne LeCroy. Teledyne LeCroy website, http://www.teledynelecroy.com (visited February 2013)

  45. Pomona Electronics. 6069A Scope Probe, http://www.pomonaelectronics.com/pdf/d4550b-sp150b_6_01.pdf (visited October 2012)

  46. MATLAB. Version 7.10.0.499 (R2010a). The MathWorks, Inc., Natick, Massachusetts (2013), http://www.mathworks.co.uk/index.html

  47. MATLAB. Hidden Markov Model most probable state path, http://www.mathworks.co.uk/help/stats/hmmviterbi.html (visited March 2013)

  48. Atkins Limited. MALPAS, http://www.malpas-global.com/ (visited April 2013)

Download references

Author information

Authors and Affiliations

  1. Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, TW20 0EX, UK

    Mehari Msgna, Konstantinos Markantonakis & Keith Mayes

Authors
  1. Mehari Msgna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing and Mathematics, Charles Sturt University, Wagga Wagga, NSW, Australia

    Tanveer Zia

  2. School of Information Technologies, University of Sydney, Darlington, NSW, Australia

    Albert Zomaya

  3. Department of Computing, Macquarie University, Australia, Australia

    Vijay Varadharajan

  4. Department of EECS, University of Michigan, Ann Arbor, MI, USA

    Morley Mao

Rights and permissions

Reprints and permissions

Copyright information

© 2013 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Msgna, M., Markantonakis, K., Mayes, K. (2013). The B-Side of Side Channel Leakage: Control Flow Security in Embedded Systems. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds) Security and Privacy in Communication Networks. SecureComm 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-319-04283-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-04283-1_18

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-04282-4

  • Online ISBN: 978-3-319-04283-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation