Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection

US 9,411,009 B1
Filed: 10/13/2015
Issued: 08/09/2016
Est. Priority Date: 05/22/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a probe component configured to capture side-channel information relating to an operation status of a target device when the probe component disposed proximate to the target device;

a positioner device, disposed in connection with the probe component, configured to adjust a position of the probe component;

a processor, communicatively coupled to the probe component and the positioner device, configured to;

place, via the positioner device, the probe component at a first position,capture, via the probe component at the first position, a first set of side-channel data,obtain, from a data analytics component, feedback relating to the first set of side-channel data,determine a quality metric value associated with the first position based on the feedback, andsend a signal to the positioner device to adjust the positioner device to place the probe component at a second position.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments described herein include a system that collects and learns reference side-channel normal activity, process it to reveal key features, compares subsequent collected data and processed data for anomalous behavior, and reports such behavior to a management center where this information is displayed and predefine actions can be executed when anomalous behavior is observed. In some instances, a physical side channel (e.g. and indirect measure of program execution such as power consumption or electromagnetic emissions and other physical signals) can be used to assess the execution status in a processor or digital circuit using an external monitor and detect, with extreme accuracy, when an unauthorized execution has managed to disrupt the normal operation of a target system (e.g., a computer system, etc.).

70 Citations

View as Search Results

19 Claims

1. An apparatus, comprising:
- a probe component configured to capture side-channel information relating to an operation status of a target device when the probe component disposed proximate to the target device;
  
  a positioner device, disposed in connection with the probe component, configured to adjust a position of the probe component;
  
  a processor, communicatively coupled to the probe component and the positioner device, configured to;
  
  place, via the positioner device, the probe component at a first position,capture, via the probe component at the first position, a first set of side-channel data,obtain, from a data analytics component, feedback relating to the first set of side-channel data,determine a quality metric value associated with the first position based on the feedback, andsend a signal to the positioner device to adjust the positioner device to place the probe component at a second position.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the positioner device includes any of a movable table or a robotic arm.
  - 3. The apparatus of claim 1, wherein the positioner device is automatically adjusted.
  - 4. The apparatus of claim 1, wherein the processor is further configured to receive test instructions that include information of the first position or the second position.
  - 5. The apparatus of claim 1, wherein the processor is configured to send the signal to the position to adjust the positioner device to place the probe component at the second position when the quality metric is below a pre-defined threshold level.
  - 6. The apparatus of claim 1, wherein the quality metric includes consistency of the first set of side-channel data measured by mean-square-error or statistical variance of test features of the first set of side-channel data.
  - 7. The apparatus of claim 1, wherein the quality metric value is determined based on identifying and comparing an area of interest with the first set of side-channel data captured from the first position.
  - 8. The apparatus of claim 1, wherein the quality metric value is determined based on performance of a sequence of tests to detect corruption of instruction execution by the processor.
  - 9. The apparatus of claim 8, wherein the sequence of tests includes any of interrupts used in software or hardware, interrupts used in encryption, or boot sequences.
  - 10. The apparatus of claim 1, wherein the target device is a passive component does not include an active component.

11. An apparatus, comprising:
- a plurality of probe elements, each probe element from the plurality of probe elements configured to capture side-channel information relating to an operation status of a target device when the probe component disposed proximate to the target device; and
  
  a processor, communicatively coupled to the probe component, configured to;
  
  obtain a request to capture a first set of side-channel information associated with a first feature,select a first probe element from the plurality of probe elements based on the first feature,capture the first set of side-channel information via the first probe element,the first probe element configured to capture the first set of side-channel information with a data quality with respect to the first feature greater than a data quality with respect to the first feature for a second probe element from the plurality of probe elements.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The apparatus of claim 11, wherein the plurality of probe elements are arranged in a form of a matrix.
  - 13. The apparatus of claim 11, wherein the plurality of probe elements includes any of:
    - multiple identical probe elements that are spatially distributed,multiple different probe elements that are configured to capture different signals, orblock elements that are dynamically configured to form a combined probe component with different characteristics.
  - 14. The apparatus of claim 11, wherein at least one probe element from the plurality of probe elements includes an electromagnetic probe that has a reconfigurable antenna component.
  - 15. The apparatus of claim 11, wherein the plurality of probe elements includes an antenna configured to feed a discrete-time signal processing circuit for signal processing.
  - 16. The apparatus of claim 11, wherein the first probe element is selected based on time and chip activity to improve collection of the first feature.
  - 17. The apparatus of claim 11, wherein the first feature includes any of a specific region to monitor, a type of side-channel information, or a time period that the side-channel information is captured.
  - 18. The apparatus of claim 11, wherein the data quality with respect to the first feature for the first probe element is based on an increased signal gain in a specific spatial region.
  - 19. The apparatus of claim 11, wherein the processor is configured to:
    - select an input vector from a plurality of input vectors; and
      
      send to the target device the input vector such that the target device operates based on the input vector to produce the first set of side-channel information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Power Fingerprinting Inc.
Original Assignee
Power Fingerprinting Inc.
Inventors
Aguayo Gonzalez, Carlos R., Reed, Jeffrey H., Chen, Steven C.
Primary Examiner(s)
Hollington, Jermele M
Assistant Examiner(s)
Russo, Raul Rios

Application Number

US14/881,862
Time in Patent Office

301 Days
Field of Search

324/71, 324/378, 324/403, 324/415, 324/425, 324/537, 324/750.16, 324/754.01
US Class Current

1/1
CPC Class Codes

G01R 1/0408   Test fixtures or contact fi...

G01R 21/00   Arrangements for measuring ...

G01R 31/2832   Specific tests of electroni...

G01R 31/2886   Features relating to contac...

G01R 31/2887   involving moving the probe ...

G01R 31/2891   related to sensing or contr...

G01R 31/2893   Handling, conveying or load...

G06F 21/32   using biometric data, e.g. ...

G06F 21/552   involving long-term monitor...

G06F 21/755   with measures against power...

G06F 2221/034   Test or assess a computer o...

Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links