The Internet of Things (IoT) and Internet of Everything (IoE) has driven the proliferation of processors into nearly every powered device around us: from thermostats to refrigerators to light bulbs. From a security perspective, IoT/IoE creates a new layer of signals and systems that can be exploited to access supporting network layers. Our research focuses on leveraging the analog side channels of IoT/IoE processors, for defensive purposes. We apply signal-processing and machine-learning techniques to collected RF emissions to detect if code running on the processor has been modified (i.e., corrupted or injected with malware). The paper describes our process for positioning a wide-bandwidth RF probe over the device under test (DuT). Classifiers are implemented for identifying the code running on the device. We demonstrate the ability to detect, identify, and isolate instructions based on signatures learned during initial DuT characterization. The probe is positioned to capture RF signals that support-vector machine (SVM) classifiers can accurately discriminate between instructions, rather than relying on raw power leakage. At this well-discriminated location, the signatures of each instruction are extracted by applying principal component analysis (PCA) to separate its signal into components (fetch, opcode, operands, and values). These signatures are used to identify instructions in the test code. Additionally, this paper discusses applying our methodology to blocks of code/algorithms using sequence learning algorithms. These techniques enable significant reduction in feature dimensions improving speed and accuracy of instruction level classification of low-SNR RF sidechannels.
|