Power Fingerprinting for Integrity Assessment of Embedded Systems

Abstract

This dissertation introduces Power Fingerprinting (PFP), a novel technique for assessing the execution integrity of embedded devices. A PFP monitor is an external device that captures the dynamic power consumption of a processor using fine-grained measurements at the clock-cycle level and applies anomaly detection techniques to determine whether the integrity of the system has been compromised. PFP uses a set of trusted signatures from the target code that are extracted during a pre-characterization process. PFP provides significant visibility into the internal execution status, making it extremely robust against evasion. Because of its independence and physical separation, PFP prevents attacks on the monitor itself and introduces minimal overhead on platforms with resource constraints. Due to its anomaly detection operation, PFP is effective against unknown (zero-day) attacks.

This dissertation demonstrates the feasibility of PFP on different platforms with different configurations and architectural complexities. Experimental results demonstrate the feasibility of PFP in a basic deterministic embedded platform for radio applications in two different areas: security and regulatory certification. For more complex, non-deterministic platforms, this works presents feasibility results for monitoring the execution integrity of complex software on a high-performance Android platform, including the ability to detect a real privilege escalation attack. In addition, the dissertation develops several general techniques to implement and integrate PFP into embedded platforms such as a general monitoring architecture, a methodology to characterize software modules and extract signatures, and an approach to perform board characterization and improve monitoring sensitivity.