Remote Detection of Unauthorized Activity via Spectral Analysis

Remote Detection of Unauthorized Activity via Spectral Analysis

Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated d...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:ACM transactions on design automation of electronic systems 2018-12, Vol.23 (6), p.1-21, Article 81
Hauptverfasser: Karabacak, Fatih, Ogras, Umit, Ozev, Sule
Format: Artikel
Sprache:eng
Schlagworte:
Hardware attacks and countermeasures
Malicious design modifications
Security and privacy
Security in hardware
Side-channel analysis and countermeasures
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 21
container_issue 6
container_start_page 1
container_title ACM transactions on design automation of electronic systems
container_volume 23
creator Karabacak, Fatih
Ogras, Umit
Ozev, Sule
description Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated detection algorithms on these devices due to limited computational power and energy and, in some cases, lack of accessibility. This article presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, we are able to differentiate trojan activity without using a golden reference, or any knowledge of the attributes of the trojan activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120cm distance.
doi_str_mv 10.1145/3276770
format Article
fullrecord <record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3276770</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3276770</sourcerecordid><originalsourceid>FETCH-LOGICAL-a244t-cbf01f9cf994897d0d850bff27c812dbfd8c9d99c78009dc17c61efb01a375463</originalsourceid><addsrcrecordid>eNo9j01LAzEYhIMoWKt495Sbp7VvdpNNcpKlVisUBLXnJZsPjOxHSWJh_fWutHqaYeZhYBC6JnBHCGWLIucl53CCZoQxnvEC5OnkQdCMTv4cXcT4CQCMl2yG7l9tNySLH2yyOvmhx4PD2159pY8h-G9rcDXFe59GvPcKv-0mKqgWV71qx-jjJTpzqo326qhztH1cvS_X2ebl6XlZbTKVU5oy3TggTmonJRWSGzCCQeNczrUguWmcEVoaKTUXANJownVJrGuAqIIzWhZzdHvY1WGIMVhX74LvVBhrAvXv7_r4eyJvDqTS3T_0V_4A5ZhSmQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Remote Detection of Unauthorized Activity via Spectral Analysis</title><source>ACM Digital Library Complete</source><creator>Karabacak, Fatih ; Ogras, Umit ; Ozev, Sule</creator><creatorcontrib>Karabacak, Fatih ; Ogras, Umit ; Ozev, Sule</creatorcontrib><description>Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated detection algorithms on these devices due to limited computational power and energy and, in some cases, lack of accessibility. This article presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, we are able to differentiate trojan activity without using a golden reference, or any knowledge of the attributes of the trojan activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120cm distance.</description><identifier>ISSN: 1084-4309</identifier><identifier>EISSN: 1557-7309</identifier><identifier>DOI: 10.1145/3276770</identifier><language>eng</language><publisher>New York, NY, USA: ACM</publisher><subject>Hardware attacks and countermeasures ; Malicious design modifications ; Security and privacy ; Security in hardware ; Side-channel analysis and countermeasures</subject><ispartof>ACM transactions on design automation of electronic systems, 2018-12, Vol.23 (6), p.1-21, Article 81</ispartof><rights>ACM</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-a244t-cbf01f9cf994897d0d850bff27c812dbfd8c9d99c78009dc17c61efb01a375463</citedby><cites>FETCH-LOGICAL-a244t-cbf01f9cf994897d0d850bff27c812dbfd8c9d99c78009dc17c61efb01a375463</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://dl.acm.org/doi/pdf/10.1145/3276770$$EPDF$$P50$$Gacm$$H</linktopdf><link.rule.ids>314,778,782,2278,27911,27912,40183,75983</link.rule.ids></links><search><creatorcontrib>Karabacak, Fatih</creatorcontrib><creatorcontrib>Ogras, Umit</creatorcontrib><creatorcontrib>Ozev, Sule</creatorcontrib><title>Remote Detection of Unauthorized Activity via Spectral Analysis</title><title>ACM transactions on design automation of electronic systems</title><addtitle>ACM TODAES</addtitle><description>Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated detection algorithms on these devices due to limited computational power and energy and, in some cases, lack of accessibility. This article presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, we are able to differentiate trojan activity without using a golden reference, or any knowledge of the attributes of the trojan activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120cm distance.</description><subject>Hardware attacks and countermeasures</subject><subject>Malicious design modifications</subject><subject>Security and privacy</subject><subject>Security in hardware</subject><subject>Side-channel analysis and countermeasures</subject><issn>1084-4309</issn><issn>1557-7309</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><recordid>eNo9j01LAzEYhIMoWKt495Sbp7VvdpNNcpKlVisUBLXnJZsPjOxHSWJh_fWutHqaYeZhYBC6JnBHCGWLIucl53CCZoQxnvEC5OnkQdCMTv4cXcT4CQCMl2yG7l9tNySLH2yyOvmhx4PD2159pY8h-G9rcDXFe59GvPcKv-0mKqgWV71qx-jjJTpzqo326qhztH1cvS_X2ebl6XlZbTKVU5oy3TggTmonJRWSGzCCQeNczrUguWmcEVoaKTUXANJownVJrGuAqIIzWhZzdHvY1WGIMVhX74LvVBhrAvXv7_r4eyJvDqTS3T_0V_4A5ZhSmQ</recordid><startdate>20181201</startdate><enddate>20181201</enddate><creator>Karabacak, Fatih</creator><creator>Ogras, Umit</creator><creator>Ozev, Sule</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20181201</creationdate><title>Remote Detection of Unauthorized Activity via Spectral Analysis</title><author>Karabacak, Fatih ; Ogras, Umit ; Ozev, Sule</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a244t-cbf01f9cf994897d0d850bff27c812dbfd8c9d99c78009dc17c61efb01a375463</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Hardware attacks and countermeasures</topic><topic>Malicious design modifications</topic><topic>Security and privacy</topic><topic>Security in hardware</topic><topic>Side-channel analysis and countermeasures</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Karabacak, Fatih</creatorcontrib><creatorcontrib>Ogras, Umit</creatorcontrib><creatorcontrib>Ozev, Sule</creatorcontrib><collection>CrossRef</collection><jtitle>ACM transactions on design automation of electronic systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Karabacak, Fatih</au><au>Ogras, Umit</au><au>Ozev, Sule</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Remote Detection of Unauthorized Activity via Spectral Analysis</atitle><jtitle>ACM transactions on design automation of electronic systems</jtitle><stitle>ACM TODAES</stitle><date>2018-12-01</date><risdate>2018</risdate><volume>23</volume><issue>6</issue><spage>1</spage><epage>21</epage><pages>1-21</pages><artnum>81</artnum><issn>1084-4309</issn><eissn>1557-7309</eissn><abstract>Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated detection algorithms on these devices due to limited computational power and energy and, in some cases, lack of accessibility. This article presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, we are able to differentiate trojan activity without using a golden reference, or any knowledge of the attributes of the trojan activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120cm distance.</abstract><cop>New York, NY, USA</cop><pub>ACM</pub><doi>10.1145/3276770</doi><tpages>21</tpages></addata></record>
fulltext fulltext
identifier ISSN: 1084-4309
ispartof ACM transactions on design automation of electronic systems, 2018-12, Vol.23 (6), p.1-21, Article 81
issn 1084-4309
1557-7309
language eng
recordid cdi_crossref_primary_10_1145_3276770
source ACM Digital Library Complete
subjects Hardware attacks and countermeasures
Malicious design modifications
Security and privacy
Security in hardware
Side-channel analysis and countermeasures
title Remote Detection of Unauthorized Activity via Spectral Analysis
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-15T20%3A21%3A07IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Remote%20Detection%20of%20Unauthorized%20Activity%20via%20Spectral%20Analysis&rft.jtitle=ACM%20transactions%20on%20design%20automation%20of%20electronic%20systems&rft.au=Karabacak,%20Fatih&rft.date=2018-12-01&rft.volume=23&rft.issue=6&rft.spage=1&rft.epage=21&rft.pages=1-21&rft.artnum=81&rft.issn=1084-4309&rft.eissn=1557-7309&rft_id=info:doi/10.1145/3276770&rft_dat=%3Cacm_cross%3E3276770%3C/acm_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true