Using power fingerprinting (PFP) to monitor the integrity and enhance security of computer based systems
First Claim
1. A method, comprising:
- receiving a signal representing power consumption of a first electronic device measured with one or more sensors during operation;
defining a plurality of signal sections based on the signal, each signal section from the plurality of signal sections being less than a total size of the signal, each signal section from the plurality of signal sections associated with one signature section from a plurality of signature sections representing power consumption of a second electronic device during operation, the second electronic device being a trusted device; and
comparing, for at least one signal section from the plurality of signal sections, that signal section to the associated signature section from the plurality of signature sections to extract a feature.
0 Assignments
0 Petitions
Accused Products
Abstract
Procedures are described for enhancing target system execution integrity determined by power fingerprinting (PFP): by integrating PFP into the detection phase of comprehensive defense-in-depth security; by deploying a network of PFP enabled nodes executing untrusted devices with predefined inputs forcing a specific state sequence and specific software execution; by embedding module identification information into synchronization signaling; by combining signals from different board elements; by using malware signatures to enhance PFP performance; by automatic characterization and signature extraction; by providing secure signature updates; by protecting against side-channel attacks; performing real-time integrity assessment in embedded platform by monitoring their dynamic power consumption and comparing it against signatures from trusted code, including pre-characterizing power consumption of the platform by concentrating on trace sections carrying the most information about the internal execution status; by using PFP from sequence of bit transitions to detect deviations from authorized execution of software in a digital processor.
-
Citations
26 Claims
-
1. A method, comprising:
-
receiving a signal representing power consumption of a first electronic device measured with one or more sensors during operation; defining a plurality of signal sections based on the signal, each signal section from the plurality of signal sections being less than a total size of the signal, each signal section from the plurality of signal sections associated with one signature section from a plurality of signature sections representing power consumption of a second electronic device during operation, the second electronic device being a trusted device; and comparing, for at least one signal section from the plurality of signal sections, that signal section to the associated signature section from the plurality of signature sections to extract a feature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
receiving a signal representing power consumption of a first electronic device measured with one or more sensors during operation; defining a signal section based on the signal and having a duration less than a total duration of the signal, the signal section associated with a signature section representing power consumption of a second electronic device during operation of authorized code and that includes a feature having a size; and comparing the signal section to the associated signature section to extract the feature, the size of the feature for the signal section being greater than a size of the feature when extracted based on a difference between the signal in its entirety and a signature in its entirety generated from the second electronic device during operation, the second electronic device being a trusted device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method, comprising:
-
receiving a signal representing power consumption of a first electronic device measured with one or more sensors during operation; defining a plurality of signal sections based on the signal, each signal section from the plurality of signal sections being less than a total size of the signal, each signal section from the plurality of signal sections associated with one signature section from a plurality of signature sections representing power consumption of a second electronic device during operation, the second electronic device being a trusted device; comparing each signal section from the plurality of signal sections to the associated signature section from the plurality of signature sections to identify a time of a maximum correlation value for that signal section and the associated signature section; and compensating for timing differences between each signal section from the plurality of signal sections and the associated signature section based on the time of the maximum correlation value for that signal section. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
Specification