Detecting firmware modification on solid state drives via current draw analysis

Abstract

Solid State Drives (SSDs) have gained significant market share among data storage options in recent years due to increased speed and durability. But when compared to Hard Disk Drives (HDDs), SSDs contain additional complexity which must be managed in firmware. Some manufacturers make firmware updates available, but their proprietary protections leave end users unable to verify the authenticity of the firmware post installation. This means that attackers who are able to get a malicious firmware version installed on a victim SSD are able to operate with impunity, as the owner will have no tools for detection. We use a method for performing side channel analysis of the current drawn by an SSD to compare its behavior while running genuine firmware against its behavior when running modified firmware. We further test this method for robustness against changes in external factors such as temperature and supplied power. In each case, we train a binary classifier with samples of genuine as well as modified firmware activity and are able to discriminate between them with over 90% accuracy in most experiments. Solid State Drives are trusted to store and protect critical data, so verification of SSD firmware is an important step towards having trust and confidence in the growing landscape of embedded devices used for critical operations.