About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
sesa 21(28): e2

Research Article

Side-channel Programming for Software Integrity Checking

Download1162 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/eai.2-6-2021.170013,
        author={Hong Liu and Eugene Y. Vasserman},
        title={Side-channel Programming for Software Integrity Checking},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={8},
        number={28},
        publisher={EAI},
        journal_a={SESA},
        year={2021},
        month={6},
        keywords={Security, Embedded systems, Software integrity, Side-channel analysis},
        doi={10.4108/eai.2-6-2021.170013}
    }
    
  • Hong Liu
    Eugene Y. Vasserman
    Year: 2021
    Side-channel Programming for Software Integrity Checking
    SESA
    EAI
    DOI: 10.4108/eai.2-6-2021.170013
Hong Liu1,*, Eugene Y. Vasserman2,*
  • 1: Work performed while at Kansas State University
  • 2: Department of Computer Science, Kansas State University, Manhattan, KS 66506 USA
*Contact email: hxdc77@163.com, eyv@ksu.edu

Abstract

Verifying software integrity for embedded systems, especially legacy and deployed systems, is very challenging. Ordinary integrity protection and verification methods rely on sophisticated processors or security hardware, and cannot be applied to many embedded systems due to cost, energy consumption, and inability of update. Furthermore, embedded systems are often small computers on a single chip, making it more difficult to verify integrity without invasive access to the hardware. In this work, we propose “side-channel programming”, a novel method to assist with non-intrusive software integrity checking by transforming code in a functionality-preserving manner while making it possible to verify the internal state of a running device via side-channels. To do so, we first need to accurately profile the side-channel emanations of an embedded device. Using new black-box side-channel profiling techniques, we show that it is possible to build accurate side-channel models of a PIC microcontroller with no prior knowledge of the detailed microcontroller architecture. It even allows us to uncover undocumented behavior of the microcontroller. Then we show how to “side-channel program” the target device in a way that we can verify its internal state from simply measuring the passive side-channel emanations.

Keywords
Security, Embedded systems, Software integrity, Side-channel analysis
Received
2021-03-23
Accepted
2021-05-27
Published
2021-06-02
Publisher
EAI
http://dx.doi.org/10.4108/eai.2-6-2021.170013

Copyright © 2021 Liu and Vasserman, licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.

EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL