Real-time instruction-level verification of remote IoT/CPS devices via side channels

Abstract

In recent years, with the rise of IoT technology, wireless Cyber-Physical Systems (CPS) have become widely deployed in critical infrastructure, including power generation, military systems, and autonomous and unmanned vehicles. The introduction of network connectivity for data transfer, cloud support, etc., into CPS, can lead to malware injection. Meanwhile, outsourcing of advanced technology node fabrication overseas makes it difficult to protect these devices from malicious modification and hardware Trojans. For solving these issues, traditional anomaly detection methods insert monitoring circuits or software into the target device but come with high overhead and power consumption. Alternative anomaly detection methods occur offline and use large equipment like oscilloscopes and PCs to collect and process side-channel traces. While they can achieve high accuracy in detecting various anomalies, they are difficult to use in practice due to their large, expensive setups. In this paper, we introduce a new instruction-level verification methodology that uses a low-cost, external add-on to monitor the power traces of a target device. This methodology possesses fine-grained granularity and could protect the target device from any malware or hardware Trojans that alter even a single instruction inside the target device. The hardware used is a tiny (20 times 20 mm), custom-designed PCB called RASC that collects power traces, performs real-time malware detection, and transmits outcomes to security administrators via Bluetooth. The proposed methodology is demonstrated on 6 benchmarks with two types of malware on an Atmel AVR device, and the accuracy between offline and real-time malware detection is compared.