SYSTEMS, METHODS, AND APPARATUSES FOR INTRUSION DETECTION AND ANALYTICS USING POWER CHARACTERISTICS SUCH AS SIDE-CHANNEL INFORMATION COLLECTION

US 20160342791A1
Filed: 05/27/2016
Published: 11/24/2016
Est. Priority Date: 05/22/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a processor configured to receive a set of side-channel data representing a power signature of a target device, the set of side-channel data being captured by a probe disposed proximate to the target device,the processor configured to extract a first characteristic of the set of side-channel data;

the processor configured to receive, at a first time, a first set of reference side-channel data of a reference device, the first set of reference side-channel data having a second characteristic and representing a first reference power signature of the reference device,the processor configured to compare the first characteristic of the target device and the second characteristic of the reference device to determine a first anomaly of the target device,the processor configured to receive, at a second time after the first time, a second set of reference side-channel data of the reference device, the second set of reference side-channel data having a third characteristic and representing a second reference power signature of the reference device,the processor configured to compare the first characteristic of the target device and the third characteristic of the reference device to determine a second anomaly of the target device,the processor configured to send a signal indicating the change from the first anomaly to the second anomaly of the target device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments described herein include a system that collects and learns reference side-channel normal activity, process it to reveal key features, compares subsequent collected data and processed data for anomalous behavior, and reports such behavior to a management center where this information is displayed and predefine actions can be executed when anomalous behavior is observed. In some instances, a physical side channel (e.g. and indirect measure of program execution such as power consumption or electromagnetic emissions and other physical signals) can be used to assess the execution status in a processor or digital circuit using an external monitor and detect, with extreme accuracy, when an unauthorized execution has managed to disrupt the normal operation of a target system (e.g., a computer system, etc.).

27 Citations

20 Claims

1. An apparatus, comprising:
- a processor configured to receive a set of side-channel data representing a power signature of a target device, the set of side-channel data being captured by a probe disposed proximate to the target device,the processor configured to extract a first characteristic of the set of side-channel data;
  
  the processor configured to receive, at a first time, a first set of reference side-channel data of a reference device, the first set of reference side-channel data having a second characteristic and representing a first reference power signature of the reference device,the processor configured to compare the first characteristic of the target device and the second characteristic of the reference device to determine a first anomaly of the target device,the processor configured to receive, at a second time after the first time, a second set of reference side-channel data of the reference device, the second set of reference side-channel data having a third characteristic and representing a second reference power signature of the reference device,the processor configured to compare the first characteristic of the target device and the third characteristic of the reference device to determine a second anomaly of the target device,the processor configured to send a signal indicating the change from the first anomaly to the second anomaly of the target device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the processor is configured to receive the first set of reference side-channel data of the reference device that has been determined via simulating the target device in a software program.
  - 3. The apparatus of claim 1, wherein the reference device represents an emulation of the target device, the reference device configured to execute a code to determine the first set of reference side-channel data, the code being substantially similar to a code executed on the target device.
  - 4. The apparatus of claim 1, wherein:
    - the processor is configured to receive a plurality of sets of reference side-channel data of the reference device via machine learning and including the first set of reference side-channel data and the second set of reference side-channel data,the plurality of sets of reference side-channel data representing a plurality of reference power signatures of the reference device that includes the first reference power signature and the second reference power signature of the reference device.
  - 5. The apparatus of claim 1, wherein the processor is configured to track geographical migration of the first anomaly from the target device to a plurality of devices that are operatively coupled to the target device via a network.
  - 6. The apparatus of claim 1, wherein the first anomaly of the target device represents an anomaly of manufacturing origin of the target device.
  - 7. The apparatus of claim 1, wherein the first anomaly of the target device represents the target device being a counterfeit.

8. A method, comprising:
- receiving, at a first time, a first set of reference side-channel data of a reference device, the first set of reference side-channel data having a first reference characteristic and representing a first reference power signature of the reference device;
  
  receiving, at a second time after the first time, a second set of reference side-channel data of the reference device, the second set of reference side-channel data having a second reference characteristic and representing a second reference power signature of the reference device;
  
  receiving, at a third time after the second time, a set of side-channel data representing a power signature of a target device, the set of side-channel data being captured by a probe disposed proximate to the target device;
  
  extracting a characteristic of the set of side-channel data of the target device;
  
  comparing the characteristic of the target device with the first reference characteristic of the reference device to determine a first anomaly of the target device;
  
  comparing the characteristic of the target device with the second reference characteristic of the reference device to determine a second anomaly of the target device; and
  
  sending a signal indicating the change from the first anomaly to the second anomaly of the target device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the first set of reference side-channel data of the reference device is determined via simulating the target device in a software program.
  - 10. The method of claim 8, wherein the reference device represents an emulation of the target device, the reference device configured to execute a code to determine the first set of reference side-channel data, the code being substantially similar to a code executed on the target device.
  - 11. The method of claim 8, further comprising:
    - receiving a plurality of sets of reference side-channel data of the reference device via machine learning and including the first set of reference side-channel data and the second set of reference side-channel data, the plurality of set of reference side-channel data representing a plurality of reference power signatures of the reference device that includes the first reference power signature and the second reference power signature of the reference device.
  - 12. The method of claim 8, further comprising:
    - tracking geographical migration of the first anomaly from the target device to a plurality of devices that are operatively coupled to the target device via a network.
  - 13. The method of claim 8, wherein the first anomaly of the target device represents an anomaly of manufacturing origin of the target device.
  - 14. The method of claim 8, wherein the first anomaly of the target device represents the target device being a counterfeit.

15. An apparatus, comprising:
- a processor configured to receive a first set of side-channel data representing a power signature of a first target device and being captured by a probe disposed proximate to the first target device, the processor configured to be operatively coupled to the first target device via a network,the processor configured to receive a second set of side-channel data representing a power signature of a second target device and data being captured by a probe disposed proximate to the second target device, the processor configured to be operatively coupled to the second target device via the network,the processor configured to extract a first characteristic of the first set of side-channel data of the first target device and a second characteristic of the second set of side-channel data of the second target device,the processor configured to compare the first characteristic of the first target device with a power signature of a first reference device to determine a first anomaly of the first target device,the processor configured to compare the second characteristic of the second target device with a power signature of a second reference device to determine a second anomaly of the second target device,the processor configured to send a first signal indicating the first anomaly to the first target device and send a second signal indicating the second anomaly to the second target device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the processor configured to receive the first set of side-channel data from the first target device via an optical fiber.
  - 17. The apparatus of claim 15, wherein:
    - the processor is configured to receive a plurality of electrical signal that represent the power signature of the first target device and that are received from an optical demodulator that converted the plurality of electrical signal from a plurality of optical signals received from an optical modulator that converted the plurality of optical signals from the first set of side-channel data.
  - 18. The apparatus of claim 15, wherein the first set of side-channel data is converted to a plurality of optical signals by an optical modulator prior to being received at the processor, the optical modulator being external to the first target device.
  - 19. The apparatus of claim 15, wherein the first set of side-channel data is converted to a plurality of optical signals by an optical modulator prior to being received at the processor, the optical modulator being integrated within the first target device.
  - 20. The apparatus of claim 15, wherein the processor is physically remote from each of the first target device and the second target device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Power Fingerprinting Inc.
Original Assignee
Power Fingerprinting Inc.
Inventors
Reed, Jeffrey H., Aguayo Gonzalez, Carlos R., Chen, Steven C.

Granted Patent

US 10,157,278 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G01R 1/0408   Test fixtures or contact fi...

G01R 21/00   Arrangements for measuring ...

G01R 31/2832   Specific tests of electroni...

G01R 31/2886   Features relating to contac...

G01R 31/2887   involving moving the probe ...

G01R 31/2891   related to sensing or contr...

G01R 31/2893   Handling, conveying or load...

G06F 21/32   using biometric data, e.g. ...

G06F 21/552   involving long-term monitor...

G06F 21/755   with measures against power...

G06F 2221/034   Test or assess a computer o...

SYSTEMS, METHODS, AND APPARATUSES FOR INTRUSION DETECTION AND ANALYTICS USING POWER CHARACTERISTICS SUCH AS SIDE-CHANNEL INFORMATION COLLECTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS, METHODS, AND APPARATUSES FOR INTRUSION DETECTION AND ANALYTICS USING POWER CHARACTERISTICS SUCH AS SIDE-CHANNEL INFORMATION COLLECTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links