Side channel attacks in embedded systems: A tale of hostilities and deterrence

Ambrose, Jude Angelo; Ragel, Roshan; Jayasinghe, Darshana; Li, Tuo; Parameswaran, Sri

doi:10.1109/isqed.2015.7085468

Cited by 15 publications

(15 citation statements)

References 62 publications

(80 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(2) Security risk can be assessed based on attack methods. According to [67], methods of attacks can be classified into three different typical methods: (1) physical method, (2) logical or software-based method, and (3) Side-Channel attack method.…”

Section: A Security Risk Metricsmentioning

confidence: 99%

See 1 more Smart Citation

Analytical Review of Cybersecurity for Embedded Systems

Aloseel

Shaw

et al. 2021

IEEE Access

View full text Add to dashboard Cite

To identify the key factors and create the landscape of cybersecurity for embedded systems (CSES), an analytical review of the existing research on CSES has been conducted. The common properties of embedded systems, such as mobility, small size, low cost, independence, and limited power consumption when compared to traditional computer systems, have caused many challenges in CSES. The conflict between cybersecurity requirements and the computing capabilities of embedded systems makes it critical to implement sophisticated security countermeasures against cyber-attacks in an embedded system with limited resources, without draining those resources. In this study, twelve factors influencing CSES have been identified: ( 1) the components; (2) the characteristics; (3) the implementation; (4) the technical domain; (5) the security requirements; (6) the security problems; (7) the connectivity protocols; (8) the attack surfaces; (9) the impact of the cyber-attacks; (10) the security challenges of the ESs; (11) the security solutions; and(12) the players (manufacturers, legislators, operators, and users). A Multiple Layers Feedback Framework of Embedded System Cybersecurity (MuLFESC) with nine layers of protection is proposed, with new metrics of risk assessment. This will enable cybersecurity practitioners to conduct an assessment of their systems with regard to twelve identified cybersecurity aspects. In MuLFESC, the feedback from the systemcomponents layer to the system-operations layer could help implement "Security by Design" in the design stage at the bottom layer. The study provides a clear landscape of CSES and, therefore, could help to find better comprehensive solutions for CSES.INDEX TERMS Characteristics of embedded system, countermeasures, embedded system, cybersecurity of embedded system, MuLFESC, risk assessment.

show abstract

Section: A Security Risk Metricsmentioning

confidence: 99%

“…-A physical attack, whether non-invasive, semiinvasive, or invasive attack means an attacker's ability to access the cyber-physical system directly and this direct physical access is unauthorized and unauthenticated [67]. In this case, it is unpredictable to know what the attacker can do.…”

Section: A Security Risk Metricsmentioning

confidence: 99%

Analytical Review of Cybersecurity for Embedded Systems

Aloseel

Shaw

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Moreover, as mobile edge computing becomes more and more ubiquitous, security issues in these mobile devices become more paramount. Such mobile devices have to face hostile security threats [4]- [7] such as physical, logical/software-based and side-channel/lateral attacks. Amongst these, side-channel attack [4]- [6] is a popular security threat due to ease of access to the physical hardware where attacks are performed by observing the properties and behavior of the system such as power consumption, thermal dissipation, electromagnetic emission, etc.…”

Section: Introductionmentioning

confidence: 99%

“…Comparatively a lot less documented studies are performed in temperature (thermal) based side channel attacks [4]- [6] in mobile edge devices. Most of these mobile devices come equipped with heterogeneous multi-processors systemson-chip (MPSoC), which consists of multiple heterogeneous processors on a single chip, capable of processing different types of applications to cater for performance and energyefficiency of the executing applications.…”

Section: Introductionmentioning

confidence: 99%

ThermalAttackNet: Are CNNs Making It Easy To Perform Temperature Side-Channel Attack In Mobile Edge Devices?

Dey¹,

Kumar²,

McDonald-Maier³

2020

Preprint

View full text Add to dashboard Cite

<div><div><div><p>Side-channel attacks remain a challenge to information flow control and security in mobile edge devices till this date. One such important security flaw could be exploited through temperature side-channel attacks, where heat dissipation and propagation from the processing cores are observed over time in order to deduce security flaws. In this brief, we study how computer vision based convolutional neural networks (CNNs) could be used to exploit temperature (thermal) side-channel attack on different Linux governors in mobile edge device utilizing multi- processor system-on-chip (MPSoC). We also designed a power- and memory-efficient CNN model that is capable of performing thermal side-channel attack on the MPSoC and can be used by industry practitioners and academics as a benchmark to design methodologies to secure against such an attack in MPSoC.</p></div></div></div>

show abstract

“…Unfortunately, the cryptographic schemes in embedded systems are deployed in unforeseen adversarial settings where keys can be compromised through side-channel attacks. Such attacks have been reported on embedded devices [1] where the attacker extracts secret information from a victim program by observing a physical phenomenon, e.g. execution time and power consumption, during its execution [2].…”

Section: Introductionmentioning

confidence: 99%

CIDPro: Custom Instructions for Dynamic Program Diversification

Pham

Fell

Biswas

et al. 2018

2018 28th International Conference on Field Programmable Logic and Applications (FPL)

View full text Add to dashboard Cite

Timing side-channel attacks pose a major threat to embedded systems due to their ease of accessibility. We propose CIDPro, a framework that relies on dynamic program diversification to mitigate timing side-channel leakage. The proposed framework integrates the widely used LLVM compiler infrastructure and the increasingly popular RISC-V FPGA softprocessor. The compiler automatically generates custom instructions in the security critical segments of the program, and the instructions execute on the RISC-V custom co-processor to produce diversified timing characteristics on each execution instance. CIDPro has been implemented on the Zynq7000 XC7Z020 FPGA device to study the performance overhead and security tradeoffs. Experimental results show that our solution can achieve 80% and 86% timing side-channel capacity reduction for two benchmarks with an acceptable performance overhead compared to existing solutions. In addition, the proposed method incurs only a negligible hardware area overhead of 1% slices of the entire RISC-V system.

show abstract

Side channel attacks in embedded systems: A tale of hostilities and deterrence

Cited by 15 publications

References 62 publications

Analytical Review of Cybersecurity for Embedded Systems

Analytical Review of Cybersecurity for Embedded Systems

ThermalAttackNet: Are CNNs Making It Easy To Perform Temperature Side-Channel Attack In Mobile Edge Devices?

CIDPro: Custom Instructions for Dynamic Program Diversification

Contact Info

Product

Resources

About