Verifying Software Integrity in Embedded Systems: A Side Channel Approach

  • Mehari MsgnaEmail author
  • Konstantinos Markantonakis
  • David Naccache
  • Keith Mayes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8622)


In the last few decades embedded processors have invaded the modern lifestyle. Embedded systems have hardware and software components. Assuring the integrity of the software is very important as it is the component that controls what the hardware does through its instructions. Although there exist a number of software integrity verification techniques, they often fail to work in embedded environment. One main reason is, the memory read protection, frequently implemented in today’s microprocessors, that prevent the verifier from reading out the necessary software parts. In this paper we show that side channel leakage (power consumption) can be used to verify the integrity of the software component without prior knowledge of the software code. Our approach uses instruction-level power consumption templates to extract information about executed instructions by the processor. Then this information together with pre-computed signatures are used to verify the integrity of the executed application using RSA signature screening algorithm. The instruction-level templates are constructed ahead of time using few authentic reference processors.


Side channel leakage Power analysis Templates Principal components analysis RSA signature screening Application integrity 


  1. 1.
    Defense Advanced Research Projects Agency: Darpa baa06-40, a trust for integrated circuits, Visited, May 2013.
  2. 2.
    Lieberman, J.I.: The national security aspects of the global migration of the U.S. semiconductor industry, Visited, May 2013.
  3. 3.
    Defense Science Board Task Force: High performance microchip supply, Visited, May 2013.
  4. 4.
    U.S. Department of Commerce: Defense industrial base assessment: counterfeit electronics. Technical report, Bureau of Industry and Security, Office of Technology Evaluation, January 2010.
  5. 5.
    Koushanfar, F., Sadeghi, A.-R., Seudie, H.: EDA for secure and dependable cybercars: challenges and opportunities. In: 2012 49th ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 220–228 (2012)Google Scholar
  6. 6.
    Larson, J.: The Cardio-pneumo-psychogram in deception. J. Exp. Psychol. 6(6), 420–454 (1923). CrossRefGoogle Scholar
  7. 7.
    Wei, S., Nahapetian, A., Potkonjak, M.: Robust passive hardware metering. In: International Conference on Computer-Aided Design (ICCAD), 7–10 November 2011, pp. 802–809. IEEE (2011)Google Scholar
  8. 8.
    Chakravarthi, S., Krishnan, A.T., Reddy, V., Machala, C.F., Krishnan, S.: A comprehensive framework for predictive modeling of negative bias temperature instability. In: 2004 IEEE International Reliability Physics Symposium Proceedings 42nd Annual, pp. 273–282 (2004)Google Scholar
  9. 9.
    Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan detection using IC fingerprinting. In: IEEE Symposium on Security and Privacy 2007, SP ’07, pp. 296–310 (2007)Google Scholar
  10. 10.
    Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998) CrossRefGoogle Scholar
  11. 11.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996) Google Scholar
  12. 12.
    Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, P., Quisquater, J.-J., Willems, J.-L.: A practical implementation of the timing attack. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820. Springer, Heidelberg (2000) Google Scholar
  13. 13.
    Arnaud, C., Fouque, P.-A.: Timing attack against protected RSA-CRT implementation used in PolarSSL. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 18–33. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  14. 14.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  15. 15.
    Popp, T., Mangard, S., Oswald, E.: Power analysis attacks and countermeasures. IEEE Des. Test Comput. 24(6), 535–543 (2007)CrossRefGoogle Scholar
  16. 16.
    Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  17. 17.
    Gu, K., Wu, L., Li, X., Zhang, X.: Design and implementation of an electromagnetic analysis system for smart cards. In: Wang, Y., Cheung, Y., Guo, P., Wei, P., (eds) CIS, Sanya, Hainan, China, 3–4 December 2011, pp. 653–656. IEEE (2011)Google Scholar
  18. 18.
    Van Eck, W., Laborato, N.: Electromagnetic radiation from video display units: an eavesdropping risk? Comput. Secur. 4, 269–286 (1985)CrossRefGoogle Scholar
  19. 19.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, New York (2002)CrossRefGoogle Scholar
  20. 20.
    Tuchman, W.: A brief history of the data encryption standard. In: Denning, D., Denning, P. (eds.) Internet Besieged, pp. 275–280. ACM Press, New York (1998)Google Scholar
  21. 21.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  22. 22.
    Oswald, D., Paar, C.: Breaking mifare DESFire MF3ICD40: power analysis and templates in the real world. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 207–222. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  23. 23.
    Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering Java Card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007) Google Scholar
  24. 24.
    Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. Trans. Comput. Sci. 6340, 78–99 (2010)MathSciNetGoogle Scholar
  25. 25.
    Clavier, C.: Side channel analysis for reverse engineering (SCARE) - an improved attack against a secret A3/A8 GSM algorithm. IACR Cryptology ePrint Archive 2004:49 (2004)Google Scholar
  26. 26.
    Lee, S., Ermedahl, A., Min, S.L., Chang, N.: An accurate instruction-level energy consumption model for embedded RISC processors. In: Hong, S., Pande, S., (eds.) LCTES/OM, Snowbird, Utah, USA, 22–23 June 2001, pp. 1–10. ACM (2001)Google Scholar
  27. 27.
    Kavvadias, N., Neofotistos, P., Nikolaidis, S., Kosmatopoulos, C.A., Laopoulos, T.: Measurements analysis of the software-related power consumption in microprocessors. IEEE Trans. Instrum. Measur. 53(4), 1106–1112 (2004)CrossRefGoogle Scholar
  28. 28.
    Mayes, K., Markantonakis, K., Chen, C.: Smart card platform-fingerprinting. Advanced Card Technology, pp. 78–82 (2006)Google Scholar
  29. 29.
    Becker, G.T., Strobel, D., Paar, C., Burleson, W.: Detecting software theft in embedded systems: a side-channel approach. IEEE Trans. Inf. Forensics Secur. 7(4), 1144–1154 (2012)CrossRefGoogle Scholar
  30. 30.
    Coron, J.-S., Naccache, D.: On the security of RSA screening. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, p. 197. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  31. 31.
    Bishop, C.M., Nasrabadi, N.M.: Pattern recognition and machine learning. J. Electron. Imaging 16(4), 049901 (2007)CrossRefGoogle Scholar
  32. 32.
    Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  33. 33.
    Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  34. 34.
    Berrendero, J.R., Justel, A., Svarc, M.: Principal components for multivariate functional data. Comput. Stat. Data Anal. 55(9), 2619–2634 (2011)CrossRefMathSciNetGoogle Scholar
  35. 35.
    Strang, G.: Introduction to Linear Algebra, vol. 3. Wellesley-Cambridge Press, Wellesley (2003)Google Scholar
  36. 36.
    Wang, L., Zhang, Y., Feng, J.: On the Euclidean distance of images. IEEE Trans. Pattern Anal. Mach. Intell. 27(8), 1334–1339 (2005)CrossRefGoogle Scholar
  37. 37.
    Deza, M.M., Deza, E.: Encyclopedia of Distances. Springer, Heidelberg (2009)CrossRefzbMATHGoogle Scholar
  38. 38.
    Web site: Tutorial for learning assembly language for the AVR-Single-Chip-Processors, Visited, October 2013.
  39. 39.
    Web site: AVR freaks, Visited, October 2013.
  40. 40.
    Teledyne LeCroy: Teledyne LeCroy website, Visited, February 2013.
  41. 41.
    Pomona Electronics: 6069A scope probe, website, Visited, October 2012.
  42. 42.
    Kohenen, T.: Self-organized formation of topologically correct feature maps. Biol. Cybern. 43(1), 59–69 (1982)CrossRefGoogle Scholar
  43. 43.
    Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)zbMATHGoogle Scholar
  44. 44.
    Kohenen, T.: Learning vector quantization. In: Self-Organizing Maps. Springer, Heidelberg (2001)Google Scholar
  45. 45.
    Rish, I.: An empirical study of the Naive Bayes classifier. IJCAI 2001 Workshop on Empirical Methods in Artificial Intelligence 3(22): 41–46 (2001)Google Scholar
  46. 46.
    Gut, A.: An Intermediate Course in Probability, 2nd edn. Springer, New York (2009). (Department of Mathematics, Uppsala University, Sweden)CrossRefzbMATHGoogle Scholar
  47. 47.
    Deutsche Bank AG and Contributors: Cryptool 1-4-31, Downloaded, May 2013.
  48. 48.
    National Institute of Standards and Technology: FIPS 180–2, secure hash standard, federal information processing standard (FIPS), publication 180–2. Technical report, Department Of Commerce (1995)Google Scholar
  49. 49.
    Rivest, R.: RFC 1321: The MD5 message-digest algorithm, April 1992Google Scholar
  50. 50.
    Coron, J.-S., Goubin, L.: On Boolean and arithmetic masking against differential power analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, p. 231. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  51. 51.
    Bo, Y., Xiangyu, L., Cong, C.: An AES chip with DPA resistance using hardware-based random order execution. J. Semicond. 33(6), 065009-8 (2012)Google Scholar
  52. 52.
    Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, p. 252. Springer, Heidelberg (2000) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Mehari Msgna
    • 1
    Email author
  • Konstantinos Markantonakis
    • 1
  • David Naccache
    • 2
  • Keith Mayes
    • 1
  1. 1.Smart Card Centre, Information Security Group, Royal HollowayUniversity of LondonEghamUK
  2. 2.Département D’informatiqueÉcole Normale SupérieureParis Cedex 05France

Personalised recommendations