Systems, methods, and apparatus to enhance the integrity assessment when using power fingerprinting systems for computer-based systems
First Claim
1. A method, comprising:
- receiving, at a first module, side-channel information of a first target component of a system, the first module being collocated with the first target component, the side-channel information of the first target component being associated with a plurality of authorized execution statuses of the first target component and an execution status of the first target component;
obtaining a power fingerprint for the first target component based on the side-channel information for the first target component, the power fingerprint for the first target component representing the plurality of authorized execution statuses of the first target component;
receiving, at a second module, side-channel information of a second target component of the system, the second module being collocated with the second target component, the side-channel information of the second target component being associated with a plurality of authorized execution statuses of the second target component and an execution status of the second target component;
obtaining a power fingerprint for the second target component based on the side-channel information for the second target component, the power fingerprint for the second target component representing the plurality of execution statuses of the second target component; and
sending, from a processor physically separate from the first target component and the second target component, a reporting signal based on at least one of (1) the power fingerprint for the first target component and an execution status of the first target component, or (2) the power fingerprint for the second target component and an execution status of the second target component, the reporting signal associated with at least one of the execution status of the first target component or the execution status of the second target component.
1 Assignment
0 Petitions
Accused Products
Abstract
A power fingerprinting system is adopted for assessing integrity of a target computer-based system. In one implementation, the power fingerprinting system may receive, at a first module, side-channel information of a first target component of a system, the first module being collocated with the first target component; obtain a power fingerprint for the first target component based on the side-channel information for the first target component, the power fingerprint for the first target component representing a plurality of execution statuses of the first target component; receive, at a second module, side-channel information of a second target component of the system, the second module being collocated with the second target component, the power fingerprint for the second target component representing a plurality of execution statuses of the second target component; and obtain a power fingerprint for the second target component based on the side-channel information for the second target component.
45 Citations
17 Claims
-
1. A method, comprising:
-
receiving, at a first module, side-channel information of a first target component of a system, the first module being collocated with the first target component, the side-channel information of the first target component being associated with a plurality of authorized execution statuses of the first target component and an execution status of the first target component; obtaining a power fingerprint for the first target component based on the side-channel information for the first target component, the power fingerprint for the first target component representing the plurality of authorized execution statuses of the first target component; receiving, at a second module, side-channel information of a second target component of the system, the second module being collocated with the second target component, the side-channel information of the second target component being associated with a plurality of authorized execution statuses of the second target component and an execution status of the second target component; obtaining a power fingerprint for the second target component based on the side-channel information for the second target component, the power fingerprint for the second target component representing the plurality of execution statuses of the second target component; and sending, from a processor physically separate from the first target component and the second target component, a reporting signal based on at least one of (1) the power fingerprint for the first target component and an execution status of the first target component, or (2) the power fingerprint for the second target component and an execution status of the second target component, the reporting signal associated with at least one of the execution status of the first target component or the execution status of the second target component. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a first preprocessor configured to be collocated with a first target component of a system, the first preprocessor receiving side-channel information of a first target component of a system when the first preprocessor and the first target component are operational, the side-channel information of the first target component being associated with a plurality of authorized execution statuses of the first target component and an execution status of the first target component; a second preprocessor configured to collocated with a second target component of the system, the second preprocessor receiving side-channel information of the second target component when the second preprocessor and the second target component are operational, the side-channel information of the second target component being associated with a plurality of authorized execution statuses of the second target component and an execution status of the second target component; and a processor physically separate from the first target component and the second target component, the processor operatively coupled the first preprocessor and the second preprocessor, the processor sending, when operational, a reporting signal based on at least one of (1) a power fingerprint for the first target component and an execution status of the first target component, or (2) a power fingerprint for the second target component and an execution status of the second target component, the power fingerprint for the first target component being based on the side-channel information for the first target component and representing the plurality of authorized execution statuses of the first target component, the power fingerprint for the second target component being based on the side-channel information for the second target component and representing the plurality of execution statuses of the second target component. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
obtaining a power fingerprint for a first target component of a system based on a side-channel information for the first target component, the power fingerprint for the first target component representing a plurality of authorized execution statuses of the first target component, the side-channel information of the first target component being received from a first preprocessor collated with the first target component and being associated with a plurality of authorized execution statuses of the first target component and an execution status of the first target component; obtaining a power fingerprint for a second target component of the system based on the side-channel information for the second target component, the power fingerprint for the second target component representing a plurality of execution statuses of the second target component, the side-channel information of the second target component being received from a second preprocessor collated with the second target component and being associated with a plurality of authorized execution statuses of the second target component and an execution status of the second target component; and sending, by a processor physically separate from the first target component and the second target component, a reporting signal based on at least one of (1) the power fingerprint for the first target component and an execution status of the first target component, or (2) the power fingerprint for the second target component and an execution status of the second target component. - View Dependent Claims (15, 16, 17)
-
Specification