Zero-overhead profiling via EM emanations

Callan, Robert; Behrang, Farnaz; Zajić, Alenka; Prvulovic, Milos; Orso, Alessandro

doi:10.1145/2931037.2931065

Cited by 44 publications

(14 citation statements)

References 41 publications

(43 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These developmental options affect the performance of the software being inspected in addition to the overhead of their placement each time a copy of the software needs to be inspected. It has been shown that unintended EM emissions of the CPU can be used to inspect software execution sequences without having to instrument the software [48,49,50,51]. Even when the same program is running on different devices, the ability to identify the instruction execution sequence can help to uniquely identify the software itself.…”

Section: Electromagnetic Emissions As a Software Signaturementioning

confidence: 99%

A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics

Sayakkara

Le-Khac

Scanlon

2019

Digital Investigation

View full text Add to dashboard Cite

The increasing prevalence of Internet of Things (IoT) devices has made it inevitable that their pertinence to digital forensic investigations will increase into the foreseeable future. These devices produced by various vendors often posses limited standard interfaces for communication, such as USB ports or WiFi/Bluetooth wireless interfaces. Meanwhile, with an increasing mainstream focus on the security and privacy of user data, built-in encryption is becoming commonplace in consumer-level computing devices, and IoT devices are no exception. Under these circumstances, a significant challenge is presented to digital forensic investigations where data from IoT devices needs to be analysed.This work explores the electromagnetic (EM) side-channel analysis literature for the purpose of assisting digital forensic investigations on IoT devices. EM side-channel analysis is a technique where unintentional electromagnetic emissions are used for eavesdropping on the operations and data handling of computing devices. The non-intrusive nature of EM side-channel approaches makes it a viable option to assist digital forensic investigations as these attacks require, and must result in, no modification to the target device. The literature on various EM side-channel analysis attack techniques are discussed -selected on the basis of their applicability in IoT device investigation scenarios. The insight gained from the background study is used to identify promising future applications of the technique for digital forensic analysis on IoT devices -potentially progressing a wide variety of currently hindered digital investigations.

show abstract

Section: Electromagnetic Emissions As a Software Signaturementioning

confidence: 99%

A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics

Sayakkara

Le-Khac

Scanlon

2019

Digital Investigation

View full text Add to dashboard Cite

show abstract

“…Recently, there has been a push towards using EMI to profile code. Callan et al [5] proposed ZOP: a zero-overhead approach to obtain profiling information via EMI measurements. ZOP first goes through a training phase in which it builds a model that associates different wave forms with different parts of the code.…”

Section: Profilingmentioning

confidence: 99%

“…MESC takes into account the activity rate of individual wires in a process and the layout to approximate the expected EMI from that process. This is in distinct contrast to previous works that utilize measured EMI to profile programs [5,19] or to isolate the on-chip location of magnetic field sources [25], as we aim to model the EMI from the layout, not the other way around. MESC uses some basic initial power measurements of a device as well as statistical sampling of switching activity in order to model the expected EMI of a processor.…”

Section: Introductionmentioning

confidence: 98%

EMI Architectural Model and Core Hopping

Gorman

Possignolo

Renau

2019

Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture

View full text Add to dashboard Cite

Processors radiate electromagnetic interference (EMI), which affects wireless communication technologies. However, despite the fact that the EMI generated by a processor is deterministic, architecturally modeling the EMI has proven to be a complex challenge. Moreover, EMI depends on the physical layout of the processor and on the binary being executed (both the application and its compilation options). This paper proposes Model for EMI on a SoC (MESC), the first architectural framework for modeling electromagnetic emissions from a core. MESC takes into account the layout and the switching activity of a process to model the expected EMI. We validate MESC on a real system to verify its accuracy. We then use MESC to demonstrate that two different core layouts can be leveraged to reduce EMI and propose EMI Core Hopper (EMI CHopper). EMI CHopper uses a multi-core system-where each core has the same RTL but minimally different layouts-and proposes hopping the application between cores to reduce in-band EMI when it interferes with wireless communication. Our evaluation shows that MESC is able to predict EMI within 95% accuracy across time and across the frequency spectrum, even when using statistical sampling to obtain activity rates. Leveraging MESC, our proposed EMI CHopper reduces in-band EMI by up to 50%, with low impact on performance. MESC will enable a new stream of micro-architectural research the same way architectural level power models have enabled exploration of performance and power simulation. CCS CONCEPTS • Computing methodologies → Model development and analysis; Simulation evaluation; • Computer systems organization → Multicore architectures.

show abstract

“…Interest in tracking the program activity is drawing the attention of experts from various fields due to its possible applications in monitoring code flow, detecting malicious activities, reverse engineering, cryptanalysis, etc. [1][2][3][4][5][6][7] Side channels are unintentional and asynchronous channels that can leak some sensitive information while performing a computer activity. 8 Many attacks are reported based on power analysis, 1, 2, 9-11 temperature analysis, 12 acoustic emanations, 13,14 electromagnetic (EM) emanations, 7,[15][16][17][18] etc.…”

Section: Introductionmentioning

confidence: 99%

“…One of the emerging applications of side-channel analysis is their use for tracking program activities on various code levels such as loops, paths, and basic blocks. [3][4][5][6]19 Most of the previous work on single instruction code analysis is focused on building sidechannel-based disassembler, 1,20,21 i.e. reconstructing the instructions from the side-channel signal.…”

Section: Introductionmentioning

confidence: 99%

Instruction level program tracking using electromagnetic emanations

et al. 2019

Self Cite

View full text Add to dashboard Cite

Monitoring computer system activities on the instruction level provides more resilience to malware attacks because these attacks can be analyzed better by observing the changes on the instruction level. Assuming the source code is available, many training signals can be collected to track the instruction sequence to detect whether a malware is injected or the system works properly. However, training signals have to be collected with high sampling rate to ensure that the significant features of these signals do not vanish. Since the clock frequencies of the current computer systems are extremely high, we need to have a commercial device with high sampling rate, i.e. 10GHz, which either costs remarkably high, or does not exist. To eliminate the deficiencies regarding the insufficient sampling rate, we propose a method to increase the sampling rate with the moderate commercial devices for training symbols. In that respect, we first generate some random instruction sequences which exist in the inspected source code. Then, these sequences are executed in a for-loop, and emanated electromagnetic (EM) signals from the processor are collected by a commercially available device with moderate sampling rate, i.e. sampling rate is much smaller than the clock frequency. Lastly, we apply a mapping of the gathered samples by utilizing modulo of their timings with respect to execution time of overall instruction sequence. As the final step, we provide some experimental results to illustrate that we successfully track the instruction sequence by applying the proposed approach.

show abstract

Zero-overhead profiling via EM emanations

Cited by 44 publications

References 41 publications

A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics

A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics

EMI Architectural Model and Core Hopping

Instruction level program tracking using electromagnetic emanations

Contact Info

Product

Resources

About