Using power fingerprinting (PFP) to monitor the integrity and enhance security of computer based systems
First Claim
1. A method for performing real-time integrity assessment of execution of a routine in a computer processing platform, comprising:
- monitoring execution of the routine by tracing power consumption of a processor by sampling with one or more sensors during execution of the routine;
using a platform characterization technique that further comprisesdetecting sections of traces sampled by the one or more sensors that display the largest dependence on state transitions in the processor;
using said sections to select features carrying the most information;
obtaining from a characterization of selected features of the routine contained in said sections a set of trusted power fingerprints of the routine;
establishing a threshold for a specific false alarm rate based on the probability distribution of distance from a signature comprised of said trusted fingerprints;
comparing a library of said trusted fingerprints to features extracted from traces from the execution of untrusted code;
determining a distance between said fingerprints and the extracted features; and
reporting an exception if the distance exceeds the threshold.
3 Assignments
0 Petitions
Accused Products
Abstract
Procedures are described for enhancing target system execution integrity determined by power fingerprinting (PFP): by integrating PFP into the detection phase of comprehensive defense-in-depth security; by deploying a network of PFP enabled nodes executing untrusted devices with predefined inputs forcing a specific state sequence and specific software execution; by embedding module identification information into synchronization signaling; by combining signals from different board elements; by using malware signatures to enhance PFP performance; by automatic characterization and signature extraction; by providing secure signature updates; by protecting against side-channel attacks; performing real-time integrity assessment in embedded platform by monitoring their dynamic power consumption and comparing it against signatures from trusted code, including pre-characterizing power consumption of the platform by concentrating on trace sections carrying the most information about the internal execution status; by using PFP from sequence of bit transitions to detect deviations from authorized execution of software in a digital processor.
-
Citations
16 Claims
-
1. A method for performing real-time integrity assessment of execution of a routine in a computer processing platform, comprising:
-
monitoring execution of the routine by tracing power consumption of a processor by sampling with one or more sensors during execution of the routine; using a platform characterization technique that further comprises detecting sections of traces sampled by the one or more sensors that display the largest dependence on state transitions in the processor; using said sections to select features carrying the most information; obtaining from a characterization of selected features of the routine contained in said sections a set of trusted power fingerprints of the routine; establishing a threshold for a specific false alarm rate based on the probability distribution of distance from a signature comprised of said trusted fingerprints; comparing a library of said trusted fingerprints to features extracted from traces from the execution of untrusted code; determining a distance between said fingerprints and the extracted features; and reporting an exception if the distance exceeds the threshold. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for performing real-time integrity assessment of execution of a routine in a computer processing platform, comprising:
-
one or more sensors for monitoring execution of the routine by tracing power consumption of a processor by sampling during execution of the routine; means for using a platform characterization technique that further comprises means for detecting sections of traces sampled with said one or more sensors that display the largest dependence on state transitions in the processor; means for using said sections to select features carrying the most information; means for obtaining from a characterization of the selected features contained in said sections a set of trusted power fingerprints of the routine; means for establishing a threshold for a specific false alarm rate based on the probability distribution of distance from a signature comprised of said trusted fingerprints; means for comparing a library of said trusted fingerprints to features extracted from traces from the execution of untrusted code means for determining a distance between said fingerprints and the extracted features; and means for reporting an exception if the distance exceeds the threshold. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for detecting deviations from authorized execution of software in a digital processor, comprising:
-
receiving, from one or more sensors, a signal representing power consumption of a first processor during execution of at least one routine of the software; comparing the power consumption of the first processor to a power consumption characterization for a second processor performing an authorized execution of the at least one routine of the software, the first processor being a type corresponding to a type of the second processor; and using a result of said comparing step to determine deviation. - View Dependent Claims (14, 15, 16)
-
Specification