Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection

US 10,970,387 B2
Filed: 12/13/2018
Issued: 04/06/2021
Est. Priority Date: 05/22/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a power management circuit configured to be operatively coupled to a processor, the power management circuit configured to send to the processor a first power signal and a second power signal that is generated by varying the first power signal based on a regulatory function of the power management circuit, the regulatory function of the power management circuit including a set of policies to regulate the first power signal within operating parameters of the power management circuit;

a sensor in communication with or included within at least one of the power management circuit or the processor, the sensor configured to detect a first side-channel information of the processor based on the first power signal and a second side-channel information of the processor that is based on the second power signal; and

a notification circuit in communication with the sensor, the notification circuit configured to send a notification signal indicative of an anomaly of the processor when the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments described herein include a system that collects and learns reference side-channel normal activity, process it to reveal key features, compares subsequent collected data and processed data for anomalous behavior, and reports such behavior to a management center where this information is displayed and predefine actions can be executed when anomalous behavior is observed. In some instances, a physical side channel (e.g. and indirect measure of program execution such as power consumption or electromagnetic emissions and other physical signals) can be used to assess the execution status in a processor or digital circuit using an external monitor and detect, with extreme accuracy, when an unauthorized execution has managed to disrupt the normal operation of a target system (e.g., a computer system, etc.).

84 Citations

21 Claims

1. An apparatus, comprising:
- a power management circuit configured to be operatively coupled to a processor, the power management circuit configured to send to the processor a first power signal and a second power signal that is generated by varying the first power signal based on a regulatory function of the power management circuit, the regulatory function of the power management circuit including a set of policies to regulate the first power signal within operating parameters of the power management circuit;
  
  a sensor in communication with or included within at least one of the power management circuit or the processor, the sensor configured to detect a first side-channel information of the processor based on the first power signal and a second side-channel information of the processor that is based on the second power signal; and
  
  a notification circuit in communication with the sensor, the notification circuit configured to send a notification signal indicative of an anomaly of the processor when the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1, wherein the regulatory function of the power management circuit is voltage scaling, a voltage of the first power signal differs from a voltage of the second power signal, the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information relative to a reference.
  - 3. The apparatus of claim 1, wherein the regulatory function of the power management circuit is frequency scaling, a frequency of the first power signal differs from a frequency of the second power signal, the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information relative to a reference.
  - 4. The apparatus of claim 1, wherein the regulatory function of the power management circuit is frequency scaling, a frequency of the first power signal differs from a frequency of the second power signal, the anomaly of the processor is detected based on a reference that has been time scaled relative to the frequency of the second power signal.
  - 5. The apparatus of claim 1, wherein the regulatory function of the power management circuit is power adjustment, a power of the first power signal differs from a power of the second power signal, the anomaly of the processor is detected based on a change in heat generated to at least one of the power management circuit or the processor based on the first power signal and the second power signal.
  - 6. The apparatus of claim 1, wherein the regulatory function of the power management circuit is power adjustment, a power of the first power signal differs from a power of the second power signal, the anomaly of the processor is detected based on a disruption to the regulatory function of the power management circuit due to one of the first power signal or the second power signal that has a higher power than another of the first power signal or the second power signal.
  - 7. The apparatus of claim 1, wherein the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information relative to a reference that is calibrated for the regulatory function and the second power signal.
  - 8. The apparatus of claim 1, wherein the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information relative to a reference that has been transformed based on the regulatory function.
  - 9. The apparatus of claim 1, wherein:
    - the power management circuit is configured to be operatively coupled to an electronic device operatively coupled to the processor via a Universal Serial Bus (USB) connection;
      
      the sensor is configured to detect a third side-channel information of the electronic device indicating anomalous behavior of the electronic device.
  - 10. The apparatus of claim 1, wherein:
    - the power management circuit is included in a power management chip configured to adjust a level of power provided to the processor.
  - 11. The apparatus of claim 1, wherein:
    - the power management circuit includes or is operatively coupled to an analog-to-digital converter (ADC), the ADC configured to convert the first side-channel information from an analog signal to a digital signal.
  - 12. The apparatus of claim 1, wherein:
    - the power management circuit includes or is operatively coupled to an analog-to-digital converter (ADC), the power management circuit and the ADC are included in a power management chip configured to adjust power to the processor, the ADC configured to convert the first side-channel information from an analog signal to a digital signal.
  - 13. The apparatus of claim 1, wherein the regulatory function of the power management circuit is based on a current input.

14. A method, comprising:
- sending, from a power management circuit to a processor, a first power signal and a second power signal that is generated by varying the first power signal based on a regulatory function of the power management circuit, the regulatory function of the power management circuit including a set of policies to regulate the first power signal within operating parameters of the power management circuit;
  
  receiving a first side-channel information of the processor based on the first power signal and a second side-channel information of the processor that is based on the second power signal; and
  
  sending a notification signal indicative of an anomaly of the processor when the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the regulatory function of the power management circuit is voltage scaling, a voltage of the first power signal differs from a voltage of the second power signal, the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information relative to a reference.
  - 16. The method of claim 14, wherein the regulatory function of the power management circuit is frequency scaling, a frequency of the first power signal differs from a frequency of the second power signal, the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information relative to a reference.
  - 17. The method of claim 14, wherein the regulatory function of the power management circuit is frequency scaling, a frequency of the first power signal differs from a frequency of the second power signal, the anomaly of the processor is detected based on a reference that has been time scaled relative to the frequency of the second power signal.
  - 18. The method of claim 14, wherein the regulatory function of the power management circuit is power adjustment, a power of the first power signal differs from a power of the second power signal, the anomaly of the processor is detected based on a change in heat generated to at least one of the power management circuit or the processor based on the first power signal and the second power signal.
  - 19. The method of claim 14, wherein the regulatory function of the power management circuit is power adjustment, a power of the first power signal differs from a power of the second power signal, the anomaly of the processor is detected based on a disruption to the regulatory function of the power management circuit due to one of the first power signal or the second power signal that has a higher power than another of the first power signal or the second power signal.
  - 20. The method of claim 14, wherein the regulatory function of the power management circuit is based on a current input.

21. An apparatus, comprising:
- a power management circuit configured to be operatively coupled to a processor and adjust a level of power provided to the processor,the power management circuit configured to send to the processor a first power signal and a second power signal that is generated by varying the first power signal and based on a regulatory function of the power management circuit, the regulatory function of the power management circuit including a set of policies to regulate the first power signal within operating parameters of the power management circuit,the power management circuit in communication with a sensor configured to detect a first side-channel information of the processor based on the first power signal and a second side-channel information of the processor that is based on the second power signal; and
  
  a notification circuit in communication with the sensor, the notification circuit configured to send a notification signal indicative of an anomaly of the processor when the anomaly of the processor is detected based on at least one of the first side-channel information or the second side-channel information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Power Fingerprinting Inc.
Original Assignee
Power Fingerprinting Inc.
Inventors
Aguayo Gonzalez, Carlos R., Reed, Jeffrey H., Chen, Steven C.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US16/219,438
Publication Number

US 20190197237A1
Time in Patent Office

845 Days
Field of Search
US Class Current
CPC Class Codes

G01R 1/0408   Test fixtures or contact fi...

G01R 21/00   Arrangements for measuring ...

G01R 31/2832   Specific tests of electroni...

G01R 31/2886   Features relating to contac...

G01R 31/2887   involving moving the probe ...

G01R 31/2891   related to sensing or contr...

G01R 31/2893   Handling, conveying or load...

G06F 21/32   using biometric data, e.g. ...

G06F 21/552   involving long-term monitor...

G06F 21/755   with measures against power...

G06F 2221/034   Test or assess a computer o...

Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

84 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links