Utilization of Impedance Disparity Incurred from Switching Activities to Monitor and Characterize Firmware Activities

TL;DR

This paper introduces a novel impedance-based side channel to monitor firmware activities in embedded systems, achieving over 90% accuracy in distinguishing different firmware operations through machine learning classifiers.

Contribution

It presents a new physical side channel method using impedance changes to detect firmware activities, addressing limitations of existing security and monitoring techniques in resource-constrained embedded systems.

Findings

Impedance changes can reliably indicate different firmware operations.

Machine learning classifiers achieve over 90% accuracy in activity detection.

The method offers potential for hardware authentication in embedded systems.

Abstract

The massive trend toward embedded systems introduces new security threats to prevent. Malicious firmware makes it easier to launch cyberattacks against embedded systems. Systems infected with malicious firmware maintain the appearance of normal firmware operation but execute undesirable activities, which is usually a security risk. Traditionally, cybercriminals use malicious firmware to develop possible back-doors for future attacks. Due to the restricted resources of embedded systems, it is difficult to thwart these attacks using the majority of contemporary standard security protocols. In addition, monitoring the firmware operations using existing side channels from outside the processing unit, such as electromagnetic radiation, necessitates a complicated hardware configuration and in-depth technical understanding. In this paper, we propose a physical side channel that is formed by detecting the overall impedance changes induced by the firmware actions of a central processing unit. To demonstrate how this side channel can be exploited for detecting firmware activities, we experimentally validate it using impedance measurements to distinguish between distinct firmware operations with an accuracy of greater than 90%. These findings are the product of classifiers that are trained via machine learning. The implementation of our proposed methodology also leaves room for the use of hardware authentication.