Abstract
In recent years, the ever increasing need of computing has lead to design of modern embedded computing devices that are dedicated to provide enhanced system performance. But, due to inadequate security monitoring and the challenges of ongoing operating systems’ patching, modern embedded computing systems are not supposed to be growing as much as seen in recent years. Specifically, embedded systems are applied in industry and household devices with some hesitation from people, because they are susceptible to malware, software piracy and data exfiltration. Therefore, it is vital to protect embedded devices from malicious activities and safeguard the integrity of executable software. In this paper, we propose (to the best of our knowledge) the first acoustic side-channel-based disassembler to investigate the real-time functioning of embedded systems at the instruction level. More specifically, we highlight the fact that the Central Processing Unit (CPU) (micro-controller in case of edge/embedded devices) can have a heart-beat (sound). This heart-beat extraction and analysis methodology are discussed in detail in this work. To design our proposed disassembler, we initially collect templates from a source device and then apply machine learning algorithms to uniquely identify instructions executed on the device. For this purpose, we use a hierarchical classification framework, to implement an acoustic side-channel disassembler “CPU-Doctor” for ATMEGA328P and ARM Cortex A53. “CPU-Doctor” exactly identifies group of the instructions with 100% ssaccuracy and uniquely determines the instruction with 96.67% accuracy in verification phase. Although we have presented the experimental analysis on ATMEGA328P and ARM Cortex A53, our approach is generic in nature and can be applied to any processor.
Access this article
Rent this article via DeepDyve
Similar content being viewed by others
Notes
i4.0 is a global term for the merging IoT-driven technology, enhanced decision making, and increased automation.
The Hype Cycle is basically a framework for comprehending emerging trends and forces.
Values are roughly calculated in this paper writing using sampling frequency of 44,000 Hz, and microcontroller cycle-time of \(1\times 10^{-6}\) second.
Hausbell Listening Device, Scientific Explorer Bionic Ear Electronic Listening Device.
References
Contreras, J.D., Garcia, J.I., Pastrana, J.D.: Developing of industry 4.0 applications. Int. J. Online Eng. 13(10) (2017)
Bremild, M.: What Happened to the IoT Hype?, Report, Oct. 03, 2021. https://www.linkedin.com/pulse/what-happened-iot-hype-morten-bremild (2021). Accessed 01 Nov. 2022
Neeli, J., Patil, S.: Insight to security paradigm, research trend & statistics in internet of things (IoT). Global Trans. Proc. 2(1), 84–90 (2021)
Arguello, C.N., Searle, H., Rampazzi, S., Butler, K.R.B.: A Practical Methodology for ML-Based EM Side Channel Disassemblers (2022). arXiv preprint arXiv:2206.10746
Claeys, T., Rousseau, F., Simunovic, B., Tourancheau, B.: Thermal covert channel in Bluetooth low energy networks. In: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, pp. 267–276 (2019)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–8 (2009)
Msgna, M., Markantonakis, K., Naccache, D., Mayes, K.: Verifying software integrity in embedded systems: a side channel approach. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 261–280. Springer, Cham (2014)
Genkin, D., Shamir, A., Tromer, E.: Acoustic cryptanalysis. J. Cryptol. 30(2), 392–443 (2017)
Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. In: Transactions on Computational Science X. Springer, Berlin, pp. 78–99 (2010)
Clavier, C.: Side channel analysis for reverse engineering (SCARE)-an improved attack against a secret A3/A8 GSM algorithm, IACR Cryptology ePrint Archive (2004)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Annual international cryptology conference, pp. 388–397 (1999)
Novak, R.: Side-channel attack on substitution blocks. In: International Conference on Applied Cryptography and Network Security, pp. 307–318 (2003)
Khan, H.A., et al.: IDEA: intrusion detection through electromagnetic-signal analysis for critical embedded and cyber-physical systems. IEEE Trans. Dependable Secure Comput. 18(3), 1150–1163 (2019)
McCann, D., Oswald, E., Whitnall, C.: Towards practical tools for side channel aware software engineering:’Grey Box’ modelling for instruction leakages. In: 26th USENIX security symposium (USENIX Security 17), pp. 199–216 (2017)
Msgna, M., Markantonakis, K., Mayes, K.: Precise instruction-level side channel profiling of embedded processors. In: International Conference on Information Security Practice and Experience, pp. 129–143 (2014)
Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering java card applets using power analysis. In: IFIP International Workshop on Information Security Theory and Practices, pp. 138–149 (2007)
Quisquater, J.-J., Samyde, D.: Automatic code recognition for smartcards using a Kohonen neural network,(2002)
Narimani, P., Akhaee, M.A., Habibi, S.A.: Side-channel based disassembler for AVR micro-controllers using convolutional neural networks. In: 2021 18th International ISC Conference on Information Security and Cryptology (ISCISC), 2021, pp. 75–80
Park, J., Rahman, F., Vassilev, A., Forte, D., Tehranipoor, M.: Leveraging side-channel information for disassembly and security. ACM J. Emerging Technol. Comput. Syst. (JETC) 16(1), 1–21 (2019)
Park, J., Xu, X., Jin, Y., Forte, D., Tehranipoor, M.: Power-based side-channel instruction-level disassembler. In: 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2018 Jun 24)
Cristiani, V., Lecomte, M., Hiscock, T.: A bit-level approach to side channel based disassembling. In: International Conference on Smart Card Research and Advanced Applications, pp. 143–158 (2019)
Vaidyan, V.M., Tyagi, A.: Instruction level disassembly through electromagnetic side-chanel: machine learning classification approach with reduced combinatorial complexity. In: Proceedings of the 2020 3rd International Conference on Signal Processing and Machine Learning, pp. 124–130 (2020)
Strobel, D., Bache, F., Oswald, D., Schellenberg, F., Paar, C.: Scandalee: a side-channel-based disassembler using local electromagnetic emanations. In: Design, Automation and Test in Europe Conference and Exhibition (DATE), pp. 139–144 (2015)
Bae, D., Ha, J.: Implementation of disassembler on microcontroller using side-channel power consumption leakage. Sensors 22(15), 5900 (2022)
van Geest, J., Buhan, I.: A side-channel based disassembler for the ARM-Cortex M0, Cryptology ePrint Archive (2022)
Gwinn, R.T., et al.: A Sense of Self for Power Side-Channel Signatures: Instruction Set Disassembly and Integrity Monitoring of a Microcontroller System. Johns Hopkins University, Baltimore (2022)
Gwinn, R., Matties, M., Rubin, A.D.: Configuration and Collection Factors for Side-Channel Disassembly (2022). arXiv preprint arXiv:2204.04766
Narimani, P., Habibi, S.A., Akhaee, M.A.: A Novel Framework for Dataset Generation for Profiling Disassembly Attacks Using Side-Channel Leakages and Deep Neural Networks (2022). arXiv preprint arXiv:2207.12068
Covaci, C., Gontean, A.: ‘Singing’ multilayer ceramic capacitors and mitigation methods—a review. Sensors 22(10), 3869 (2022)
Shamir, A., Tromer, E.: Acoustic cryptanalysis: on nosy people and noisy machines. Eurocrypt rump session (2004)
Ji, X., Zhang, J., Jiang, S., Li, J., Xu, W.: CapSpeaker: injecting voices to microphones via capacitors. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 1915–1929 (2021)
White, D.R., Atkinson, K., Osburn, J.D.: Taming EMI in microprocessor systems: the authors propose a systematic approach to limiting the effects of electromagnetic interference. IEEE Spectr. 22(12), 30–37 (1985)
Atmel: ATMEGA328P Microcontroller Data Sheet, Data Sheet. https://datasheet.octopart.com/ATMEGA328P-MU-Microchip-datasheet-65729177.pdf (2016). 01 Nov. 2022
Giannakopoulos, T., Pikrakis, A.: Introduction to Audio Analysis: A MATLAB® Approach. Academic Press, Cambridge (2014)
MathWorks: Rank features for classification using minimum redundancy maximum relevance (MRMR) algorithm. in.mathworks.com/help/stats/fscmrmr.html. 01 Nov. 2022
MathWorks: Feature Selection Manual. in.mathworks.com/help/stats/feature-selection.html. 01 Nov. 2022
Abdi, H., Williams, L.J.: Principal component analysis. WIREs Comput. Stat. 2(4), 433–59 (2010)
McCann, D., Whitnall, C., Oswald, E.: ELMO: Emulating Leaks for the ARM Cortex-M0 without Access to a Side Channel Lab., IACR Cryptol. ePrint Arch., vol. 2016, p. 517, (2016)
Park, J., Tyagi, A.: Using power clues to hack IoT devices: the power side channel provides for instruction-level disassembly. IEEE Consumer Electron. Mag. 6(3), 92–102 (2017)
Krishnankutty, D., et al.: Instruction sequence identification and disassembly using power supply side-channel analysis. IEEE Trans. Comput. 69(11), 1639–1653 (2020)
Fendri, H., et al.: A deep-learning approach to side-channel based CPU disassembly at design time. In: 2022 Design, Automation and Test in Europe Conference & Exhibition (DATE). IEEE (2022)
Callan, R., Zajic, A., Prvulovic, M.: A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In: 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE (2014)
Tsague, H.D., Twala, B.: An electromagnetic approach to smart card instruction identification using machine learning techniques. In: IEEE SmartWorld, Ubiquitous Intelligence and Computing, Advanced and Trusted Computed, Scalable Computing and Communications, Cloud and Big Data Computing. Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), IEEE (2017)
Chen, Y.T., Chen, M.C.: Using chi-square statistics to measure similarities for text categorization. Expert Syst. Appl. 38(4), 3085–90 (2011)
Vafa, Shahram, Masoumi, Massoud, Amini, Amir: An efficient profiling attack to real codes of PIC16F690 and ARM Cortex-M3. IEEE Access 8, 222520–222532 (2020)
Author information
Authors and Affiliations
Contributions
Oswa, Vishesh and Rohit made the initial experimental setup for proof of concept. Vishesh made the assembly code design for the experiments. Oswa made the trace collection, data analysis and ML tool development for the experiments. Oswa, Vishesh and Urbi have written the paper. Urbi gave the initial idea and had reviewed the whole paper.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Amro, O., Mishra, V., Negi, R. et al. CPU-Doctor: when a device’s heart-beat can be an acoustic side-channel disassembler. J Cryptogr Eng 14, 441–462 (2024). https://doi.org/10.1007/s13389-023-00327-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-023-00327-z