Abstract
The integrated circuit (IC) manufacturing process involves many players, from chip/board design and fabrication to firmware design and installation. In today’s global supply chain, any of these steps are prone to interference from rogue players, creating a security risk. Therefore, manufactured devices need to be verified to perform only their intended operations since it is not economically feasible to control the supply chain and use only trusted facilities. This paper presents a detection technique for malicious activity that can stem from hardware or firmware Trojans. The proposed technique relies on (i) repetitious side-channel sample collection of the active device, (ii) time-domain stitching, and (iii) frequency domain analysis. Since finding a trusted sample is generally impractical, the proposed technique is based on self-referencing to remove the effects of environmental or device-to-device variation in the frequency domain. We first observe that the power spectrum of the Trojan activity is confined to a low-frequency band. Then, we exploit this fact to achieve self-referencing using signal detection theory. The proposed technique’s effectiveness is demonstrated through experiments on a wearable electronics prototype and system-on-chip (SoC) under a variety of practical scenarios. Experimental results show the proposed detection technique enables a high overall detection coverage for malicious activities of varying types with 0.8 s monitoring time overhead, which is negligible.
Highlights
The Internet of Things (IoT) compromises a network of computing devices ranging from low-power edge nodes, such as sensors, to more powerful and capable computing systems
To compare with our previous work [2], in this paper, we propose a self-referenced malicious activity detection technique applicable to sinusoidal excitation, and to repetitive patterns to remove the effects of process and environmental variations
We extend the mathematical model to remove the need for sinusoidal excitation, which may not be practical in an Internet of Things (IoT) context
Summary
The Internet of Things (IoT) compromises a network of computing devices ranging from low-power edge nodes, such as sensors, to more powerful and capable computing systems. The increasing adoption of IoT poses new security challenges, mainly due to its limitations on hardware, compute resources, and power. This paper presents a method to detect malicious activity in lightweight wearable and IoT devices. The proposed technique is demonstrated on the wearable device prototype shown, which runs gesture recognition software including an arbitrary repetitive gesture recognition algorithm It first brings a side-channel signal (in our case, the power consumption) of the device into a periodic steady-state (PSS). A self-referenced malicious activity detection technique applicable to sinusoidal excitation and to repetitive patterns to remove the process and environmental variation effects, Evaluation of the proposed approach while running gesture recognition and Wi-Fi applications without requiring a trusted sample.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
