当前位置:
X-MOL 学术
›
IEEE Trans. Comput.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Instruction Sequence Identification and Disassembly Using Power Supply Side-Channel Analysis
IEEE Transactions on Computers ( IF 3.6 ) Pub Date : 2020-11-01 , DOI: 10.1109/tc.2020.3018092 Deepak Krishnankutty , Zheng Li , Ryan Robucci , Nilanjan Banerjee , Chintan Patel
IEEE Transactions on Computers ( IF 3.6 ) Pub Date : 2020-11-01 , DOI: 10.1109/tc.2020.3018092 Deepak Krishnankutty , Zheng Li , Ryan Robucci , Nilanjan Banerjee , Chintan Patel
Embedded systems are prone to leak information via side-channels associated with their physical internal activity, such as power consumption, timing, and faults. Leaked information can be analyzed to extract sensitive data and devices should be assessed for such vulnerabilities. Side-channel power-supply leakage from embedded devices can also provide information regarding instruction-level activity for control code executed on these devices. Methods proposed to disassemble instruction-level activity via side-channel leakage have not addressed issues related to pipelined multi-clock-cycle architectures, nor have proven robustness or reliability. The problem of detecting malicious code modifications while not obstructing the sequence of instructions being executed needs to be addressed. In this article, instruction sequences being executed on a general-purpose pipelined computing platform are identified and instructions that make up these sequences are classified based on hardware utilization. Individual instruction classification results using a fine-grained classifier is also presented. A dynamic programming algorithm was applied to detect the boundaries of instructions in a sequence with a 100 percent accuracy. A unique aspect of this technique is the use of multiple power supply pin measurements to increase precision and accuracy. To demonstrate the robustness of this technique, power leakage data from ten target FPGAs programmed with a prototype of the pipelined architecture was analyzed and classification accuracies averaging 99 percent were achieved with instructions labeled based on hardware utilization. Individual instruction classification accuracies above 90 percent were achieved using a fine-grained classifier. Classification accuracies were also verified when a target FPGA was subjected to different controlled temperatures. The classification accuracies on discrete (ASIC) pipelined-architecture microcontrollers was 97 percent.
中文翻译:
使用电源侧通道分析的指令序列识别和反汇编
嵌入式系统很容易通过与其内部物理活动相关的侧信道泄漏信息,例如功耗、时序和故障。可以分析泄漏的信息以提取敏感数据,并且应评估设备是否存在此类漏洞。嵌入式设备的侧通道电源泄漏还可以为在这些设备上执行的控制代码提供有关指令级活动的信息。建议通过旁道泄漏来反汇编指令级活动的方法没有解决与流水线多时钟周期架构相关的问题,也没有经过验证的鲁棒性或可靠性。需要解决在不妨碍正在执行的指令序列的情况下检测恶意代码修改的问题。在本文中,识别在通用流水线计算平台上执行的指令序列,并根据硬件利用率对构成这些序列的指令进行分类。还提供了使用细粒度分类器的单个指令分类结果。应用动态编程算法以 100% 的准确度检测序列中指令的边界。这种技术的一个独特方面是使用多个电源引脚测量来提高精度和准确度。为了证明该技术的稳健性,我们分析了来自使用流水线架构原型编程的 10 个目标 FPGA 的功率泄漏数据,并通过基于硬件利用率标记的指令实现了平均 99% 的分类准确度。使用细粒度分类器实现了 90% 以上的单个指令分类准确率。当目标 FPGA 处于不同的受控温度时,分类精度也得到了验证。分立 (ASIC) 流水线架构微控制器的分类精度为 97%。
更新日期:2020-11-01
中文翻译:
使用电源侧通道分析的指令序列识别和反汇编
嵌入式系统很容易通过与其内部物理活动相关的侧信道泄漏信息,例如功耗、时序和故障。可以分析泄漏的信息以提取敏感数据,并且应评估设备是否存在此类漏洞。嵌入式设备的侧通道电源泄漏还可以为在这些设备上执行的控制代码提供有关指令级活动的信息。建议通过旁道泄漏来反汇编指令级活动的方法没有解决与流水线多时钟周期架构相关的问题,也没有经过验证的鲁棒性或可靠性。需要解决在不妨碍正在执行的指令序列的情况下检测恶意代码修改的问题。在本文中,识别在通用流水线计算平台上执行的指令序列,并根据硬件利用率对构成这些序列的指令进行分类。还提供了使用细粒度分类器的单个指令分类结果。应用动态编程算法以 100% 的准确度检测序列中指令的边界。这种技术的一个独特方面是使用多个电源引脚测量来提高精度和准确度。为了证明该技术的稳健性,我们分析了来自使用流水线架构原型编程的 10 个目标 FPGA 的功率泄漏数据,并通过基于硬件利用率标记的指令实现了平均 99% 的分类准确度。使用细粒度分类器实现了 90% 以上的单个指令分类准确率。当目标 FPGA 处于不同的受控温度时,分类精度也得到了验证。分立 (ASIC) 流水线架构微控制器的分类精度为 97%。
京公网安备 11010802027423号