sesa 21(28): e2

Research Article

Side-channel Programming for Software Integrity Checking

Download77 downloads
  • @ARTICLE{10.4108/eai.2-6-2021.170013,
        author={Hong Liu and Eugene Y. Vasserman},
        title={Side-channel Programming for Software Integrity Checking},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={8},
        number={28},
        publisher={EAI},
        journal_a={SESA},
        year={2021},
        month={6},
        keywords={Security, Embedded systems, Software integrity, Side-channel analysis},
        doi={10.4108/eai.2-6-2021.170013}
    }
    
  • Hong Liu
    Eugene Y. Vasserman
    Year: 2021
    Side-channel Programming for Software Integrity Checking
    SESA
    EAI
    DOI: 10.4108/eai.2-6-2021.170013
Hong Liu1,*, Eugene Y. Vasserman2,*
  • 1: Work performed while at Kansas State University
  • 2: Department of Computer Science, Kansas State University, Manhattan, KS 66506 USA
*Contact email: hxdc77@163.com, eyv@ksu.edu

Abstract

Verifying software integrity for embedded systems, especially legacy and deployed systems, is very challenging. Ordinary integrity protection and verification methods rely on sophisticated processors or security hardware, and cannot be applied to many embedded systems due to cost, energy consumption, and inability of update. Furthermore, embedded systems are often small computers on a single chip, making it more difficult to verify integrity without invasive access to the hardware. In this work, we propose “side-channel programming”, a novel method to assist with non-intrusive software integrity checking by transforming code in a functionality-preserving manner while making it possible to verify the internal state of a running device via side-channels. To do so, we first need to accurately profile the side-channel emanations of an embedded device. Using new black-box side-channel profiling techniques, we show that it is possible to build accurate side-channel models of a PIC microcontroller with no prior knowledge of the detailed microcontroller architecture. It even allows us to uncover undocumented behavior of the microcontroller. Then we show how to “side-channel program” the target device in a way that we can verify its internal state from simply measuring the passive side-channel emanations.