Leveraging side-channel signals for security and trust

Thumbnail Image
Sehatbakhsh, Nader
Prvulovic, Milos
Zajić, Alenka
Associated Organization(s)
Organizational Unit
Organizational Unit
Supplementary to
This decade has already seen a significant surge in the number of cyber attacks. With the exponential growth of computers in numbers, due to the rise of cyber-physical systems (CPS) and internet-of-things (IoT) devices, and their ever-increasing importance in controlling critical tasks, it is expected that cybersecurity and data privacy become even more serious problems in the next decade. To this end, this dissertation presents our methods and findings in designing secure computing systems using two main themes: 1) by discovering, modeling, and mitigating side-channels, and 2) by leveraging side-channels for useful purposes such as debugging and security monitoring. Specifically, in this dissertation, I will first present our novel method on debugging and securing resource-limited devices such as embedded systems, CPSs, and IoTs by externally monitoring these devices using analog side-channels (e.g., electromagnetic emanations, power fluctuations, etc.) that are unintentionally created by these devices. I will describe how analog side-channel signals can be also leveraged for profiling, intrusion detection, and establishing a trusted execution environment (TEE) on resource-constrained devices without incurring any overhead or requiring any hardware-support on the monitored device and/or any intrusion to its functionality. In the second part of this dissertation, I will demonstrate how we can mitigate information leakage vulnerabilities by accurately modeling analog side-channels. I will first present our findings in discovering a new side-channel vulnerability on modern computers. I finally present our approach in designing an open-source microarchitectural simulator that can accurately simulate analog side-channel signals (electromagnetic and power side-channels) in a variety of low-end processors.
Date Issued
Resource Type
Resource Subtype
Rights Statement
Rights URI