3 May 2018 Generalization of algorithm recognition in RF side channels between devices
Author Affiliations +
All digital devices leak information through unintended emissions into analog side channels. The RF side channel enables passive collection of high-bandwidth information about the digital state of the device. We collected these RF emissions with a 500-MHz Riscure probe placed in the nearfield of the device under test (DuT) and applied machine learning to detect what program is running on the processor to identify malware intrusions. We explored the applicability of a generalized algorithm classification infrastructure built from a training set of similar DuTs to a similar device from a different production batch (same model number, different serial number.) We collected RF-SC data for five programs running on 28 distinct Arduino Unos (and 28 MSP430 processors.) We trained program classifiers on RF data from all but one DuT and tested the classifiers on the device withheld from the training set. The high-SNR signal provided by the Riscure probe enabled almost perfect classification results when we trained and tested on the same device. Our classification results remained above 99% when we generalized testing to the new DuT of the same model but a different serial number. The classifier was trained on 27 of the devices and tested to determine its ability to detect deviations from a baseline algorithm on a withheld device. The worst misclassification rate was a mere 0.08%.
Conference Presentation
© (2018) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Ronald Riley, Ronald Riley, James T. Graham, James T. Graham, Ryan M. Fuller, Ryan M. Fuller, Rusty O. Baldwin, Rusty O. Baldwin, Ashwin Fisher, Ashwin Fisher, } "Generalization of algorithm recognition in RF side channels between devices", Proc. SPIE 10630, Cyber Sensing 2018, 106300C (3 May 2018); doi: 10.1117/12.2304468; https://doi.org/10.1117/12.2304468

Back to Top