The UMBC Cyber Defense Lab presents
Firmware Instruction Identification
using Side-Channel Power Analysis
Deepak Krishnankutty
Computer Science and Electrical Engineering
University of Maryland, Baltimore County
11:15am-12:30pm, Friday, April 8, 2016, ITE 237
Power supply transients of encryption devices have been analyzed from the perspective of performing attacks to extract secret key or confidential information. Such attacks are based on exploiting the correlation between the power consumption of the device under attack and its underlying logic operations. However, side channel leakage through the power supply of instruction level events occurring on soft/hard core processors has not been extensively studied. Power traces of firmware running on general purpose processing units observed at low frequencies tend to reveal not just the variations in current consumption during individual clock cycles, but also information related to the sequence of instruction executions. In this talk, we present results from Side-Channel Analysis performed over multiple power supply pins and demonstrate the relationship between the power transients and machine-level instructions on an instance of the openMSP430 processor on an FPGA. This process is also applicable to standalone ASIC instances. Our approach is based on templates constructed from principal components representing instructions identified from the power profiles of different instruction sequences. The templates are then utilized for determining the order of clock cycles per instruction. This technique can be used to predict the sequence of clock cycles per instruction from the observed power profiles and identify anomalies caused by modification of code on a tightly constrained embedded system.
Deepak Krishnankutty is a PhD student in computer engineering at UMBC,
The UMBC Cyber Defense Lab meets biweekly Fridays. (April 22, Brian Kelley, Securing the cloud. May 8, Enis Enis Golaszewski, Hash bit sequences).