Go to DBLP homepageIndependent Boot Process Verification using Side-Channel Power Analysis
Abstract: Firmware attacks on embedded systems can have disastrous security implications. Through the firmware update mechanism, an attacker can tamper with the firmware to open known vulnerabilities, change security settings, or deploy custom backdoors, to pave the way for subsequent attacks or gain complete machine control. Firmware protection solutions often share the flaw of requiring the cooperation of the machine they aim to protect. If the machine gets compromised, the results from the protection mechanism become untrustworthy. One solution to this problem is to leverage an independent source of information to assess the integrity of the firmware and the boot-up sequence. In this paper, we propose a physics-based Intrusion Detection System called the Boot Process Verifier that only relies on side-channel power consumption measurement to verify the integrity of the boot-up sequence. The BPV works in complete independence from the machine to protect and requires only a few nominal training samples to establish a baseline of nominal behaviour. The range of application of this approach potentially extends to any embedded systems. We present three test cases that illustrate the performances of the BPV on micro-PC, network equipment (switches and wireless access points), and a drone.
Loading