All digital devices leak information through unintended emissions into analog side channels. The RF side channel enables passive collection of high-bandwidth information about the digital state of the device. We collected these RF emissions with a 500-MHz Riscure probe placed in the nearfield of the device under test (DuT) and applied machine learning to detect what program is running on the processor to identify malware intrusions. We explored the applicability of a generalized algorithm classification infrastructure built from a training set of similar DuTs to a similar device from a different production batch (same model number, different serial number.) We collected RF-SC data for five programs running on 28 distinct Arduino Unos (and 28 MSP430 processors.) We trained program classifiers on RF data from all but one DuT and tested the classifiers on the device withheld from the training set. The high-SNR signal provided by the Riscure probe enabled almost perfect classification results when we trained and tested on the same device. Our classification results remained above 99% when we generalized testing to the new DuT of the same model but a different serial number. The classifier was trained on 27 of the devices and tested to determine its ability to detect deviations from a baseline algorithm on a withheld device. The worst misclassification rate was a mere 0.08%.
Ronald Riley, James T. Graham, Ryan M. Fuller, Rusty O. Baldwin, and Ashwin Fisher, "Generalization of algorithm recognition in RF side channels between devices," Proc. SPIE 10630, Cyber Sensing 2018, 106300C (Presented at SPIE Defense + Security: April 17, 2018; Published: 3 May 2018); https://doi.org/10.1117/12.2304468.
Conference Presentations are recordings of oral presentations given at SPIE conferences and published as part of the proceedings. They include the speaker's narration with video of the slides and animations. Most include full-text papers. Interactive, searchable transcripts and closed captioning are now available for 2018 presentations, with transcripts for prior recordings added daily.
Search our growing collection of more than 16,000 conference presentations, including many plenaries and keynotes.