Out-of-Band Power Side-Channel Detection for Semiconductor Supply Chain Integrity at Scale

TL;DR

This paper presents a non-destructive, machine learning-based method using power side-channel measurements and generative models to detect tampering in microcontrollers, enhancing supply chain security at scale.

Contribution

It introduces a novel, scalable approach combining power analysis and GANs for anomaly detection in commodity microcontrollers without trusted hardware.

Findings

Effective detection of tampering scenarios

Non-destructive and scalable screening method

Potential to serve as an intermediate assurance layer

Abstract

Out-of-band screening of microcontrollers is a major gap in semiconductor supply chain security. High-assurance techniques such as X-ray and destructive reverse engineering are accurate but slow and expensive, hindering comprehensive detection for hardware Trojans or firmware tampering. Consequently, there has been increased interest in applying machine learning techniques to automate forensic examination, enabling rapid, large-scale inspection of components without manual oversight. We introduce a non-destructive screening method that uses power side-channel measurements and generative modeling to detect tampering in commodity microcontrollers without trusted hardware. As a proof-of-concept, differential power analysis (DPA) traces are collected from the ChipWhisperer and a generative adversarial network (GAN) is trained only on benign measurements to learn nominal power behavior. The trained discriminator then serves as a one-class anomaly detector. We report detection performance on multiple tampering scenarios and discuss how this technique can serve as an intermediate screening tier between basic functional tests and high-cost forensic analysis. The proposed method is evaluated in the context of semiconductor supply chain practice and policy to assess its suitability as an intermediate assurance mechanism.