RASCv2: Enabling Remote Access to Side-Channels for Mission Critical and IoT Systems

Yunkai Bai,Andrew Stern,Jungmin Park,Mark Tehranipoor,Domenic Forte
DOI: https://doi.org/10.1145/3524123
IF: 1.447
2022-04-13
ACM Transactions on Design Automation of Electronic Systems
Abstract:Today, Internet of Things (IoT) and smart devices are being deployed in systems such as autonomous vehicles and medical monitoring devices. The introduction of IoT devices into these systems enables network connectivity for data transfer, cloud support, etc. but can also lead to malware injection. Since many IoT devices operate in remote environments, it is also difficult to protect them from physical tampering. Conventional protection approaches rely on software, but these can be circumvented by the moving target nature of malware or through hardware attacks. Alternatively, insertion of the internal monitoring circuits into IoT chips requires a design trade-off, balancing the requirements of the monitoring circuit and the main circuit. A very promising approach to detect anomalous behavior in IoT and other embedded systems is side-channel analysis. Till date, however, this can only be performed before deployment due to the cost and size of side-channel setups (e.g., oscilloscopes, probes, etc.) or by internal performance counters. Here, we introduce an external monitoring printed circuit board (PCB) named RASC to provide r emote a ccess to s ide- c hannels. RASC reduces the complete side-channel analysis system into two small PCBs (2cm × 2cm), providing the ability to monitor power and electromagnetic (EM) traces of the target device. Additionally, RASC can transmit data and/or alerts of anomalous activities detected to a remote host through Bluetooth. To demonstrate RASCs capabilities, we extract keys from encryption modules such as AES implemented on Arduino and FPGA boards. To illustrate RASC’s defensive capabilities, we also use it to perform malware detection. RASC’s success in power analysis is comparable to an oscilloscope/probe setup, but is lightweight and two orders of magnitude cheaper.
computer science, software engineering, hardware & architecture
What problem does this paper attempt to address?