Using power fingerprinting (PFP) to monitor the integrity and enhance security of computer based systems
First Claim
1. A method, comprising:
- observing power consumption of a processor using a sensor during execution of a first routine of software that has a first layer and a second layer, the first routine associated with the first layer and not the second layer;
observing power consumption of the processor using a sensor during execution of a second routine of software, the second routine associated with the second layer and not the first layer;
using the power consumption characterization of the first routine as a first fingerprint for comparison against observed execution of the first routine of the software to determine a first deviation;
using the power consumption characterization of the second routine as a second fingerprint for comparison against observed execution of the second routine of the software to determine a second deviation;
triggering an incident response associated with an attack on the first routine when the first deviation is determined; and
triggering an incident response associated with an attack on the second routine when the second deviation is determined.
2 Assignments
0 Petitions
Accused Products
Abstract
Procedures are described for enhancing target system execution integrity determined by power fingerprinting (PFP): by integrating PFP into the detection phase of comprehensive defense-in-depth security; by deploying a network of PFP enabled nodes executing untrusted devices with predefined inputs forcing a specific state sequence and specific software execution; by embedding module identification information into synchronization signaling; by combining signals from different board elements; by using malware signatures to enhance PFP performance; by automatic characterization and signature extraction; by providing secure signature updates; by protecting against side-channel attacks; performing real-time integrity assessment in embedded platform by monitoring their dynamic power consumption and comparing it against signatures from trusted code, including pre-characterizing power consumption of the platform by concentrating on trace sections carrying the most information about the internal execution status; by using PFP from sequence of bit transitions to detect deviations from authorized execution of software in a digital processor.
-
Citations
20 Claims
-
1. A method, comprising:
-
observing power consumption of a processor using a sensor during execution of a first routine of software that has a first layer and a second layer, the first routine associated with the first layer and not the second layer; observing power consumption of the processor using a sensor during execution of a second routine of software, the second routine associated with the second layer and not the first layer; using the power consumption characterization of the first routine as a first fingerprint for comparison against observed execution of the first routine of the software to determine a first deviation; using the power consumption characterization of the second routine as a second fingerprint for comparison against observed execution of the second routine of the software to determine a second deviation; triggering an incident response associated with an attack on the first routine when the first deviation is determined; and triggering an incident response associated with an attack on the second routine when the second deviation is determined. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
observing, using a sensor, a power consumption of each processor from a plurality of processors during operation of that processor, the plurality of processors being of a common make and a common model; determining, for each processor from the plurality of processors, a sequence of bit transitions characterizing the power consumption for that processor; modifying the power consumption for at least one processor from the plurality of processors to compensate for manufacturing-related differences among the plurality of processors to define a power consumption characterization for that at least one processor; and using, for each processor from the plurality of processors, the power consumption characterization for that processor as a fingerprint for comparison against a reference power consumption characterization to determine a deviation for that processor. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification