{QTtext} {font:Tahoma} {plain} {size:20} {timeScale:30} {width:160} {height:32} {timestamps:absolute} {language:0} [00:00:00.12] [00:00:02.13] [00:00:36.05] this is a what signal they're actually exceeding these icons also called micro [00:01:22.16] [00:01:22.16] oppositional for channels and essentially it's created because we were [00:01:26.14] [00:01:26.14] sharing different part of the hardware computer for example you have two [00:01:31.21] [00:01:31.21] different processes each of which for example componentry memory and then [00:01:39.06] [00:01:39.06] because of activity of one the other can actually personal information there are [00:01:44.07] [00:01:44.07] multiple different components in my career that you can actually look [00:01:47.21] [00:01:47.21] actually so on and so forth another important part are in the [00:01:54.14] [00:01:54.14] reporting category of cycles are and all physical cycle which I'm gonna focus [00:01:58.23] [00:01:58.23] more at this part in the song and there are essentially female the way that's us [00:02:04.10] [00:02:04.10] the footprint of the completing when you are trying to focus on the friction and [00:02:08.17] [00:02:08.17] that could be different output princesses changes in electromagnet [00:02:12.23] [00:02:12.23] invitations could be changing power temperatures sound so on other second [00:02:20.03] [00:02:20.03] main use this for side channels is exploiting this items to leave some [00:02:24.22] [00:02:24.22] information about the system the main are inside here is that given that there [00:02:30.13] [00:02:30.13] is some correlation between the program execution of instructions and data in [00:02:34.21] [00:02:34.21] growth process and signal that we generated on the system you can actually [00:02:39.08] [00:02:39.08] reverse engineer this signal to go back and point what the exact key or back [00:02:44.00] [00:02:44.00] take the values have fingers right but the what a question is that [00:02:49.02] [00:02:49.02] well given that there is this inherent correlation between the signal and the [00:02:54.09] [00:02:54.09] data being processed and actually use this correlation for monetary system for [00:02:59.08] [00:02:59.08] example you can use it to know what exactly the application trying to do [00:03:03.22] [00:03:03.22] whether it's doing something you don't want two or more more [00:03:08.18] [00:03:08.18] importantly that they thought I'm going to discuss here it is I'll never use it [00:03:12.17] [00:03:12.17] for monitor system for example if there is an actress if they devices this [00:03:18.05] [00:03:18.05] particular instructions can we actually by looking at the site level signals [00:03:23.06] [00:03:23.06] understand that there is display something else going on the system and [00:03:27.15] [00:03:27.15] then also I'm going to talk about how we can actually use this for establishing [00:03:31.09] [00:03:31.09] some little trust and confidence about the integrity of the device ah [00:03:36.01] [00:03:36.01] so this approach has three main advantages at that point it's good to [00:03:42.00] [00:03:42.00] use something like this the main thing is that the operating cycle there is no [00:03:46.21] [00:03:46.21] overhead on the system so the system so really there is no additional overhead [00:03:54.10] [00:03:54.10] to the system when you are for example for security the second thing is that [00:03:59.15] [00:03:59.15] these signals or physics the monitoring system is typically separated from the [00:04:04.05] [00:04:04.05] device itself so you can for example have an antenna pick up the signal [00:04:08.01] [00:04:08.01] outside the system and then have an external monitor to the system this [00:04:13.01] [00:04:13.01] gives you an extra layer of security so in order to be successful in tackling [00:04:17.14] [00:04:17.14] your system not only you have to attack the device but you also have to attack [00:04:21.23] [00:04:21.23] the monetary system so and the third one is that there is no observer effect on [00:04:26.11] [00:04:26.11] the system which means that you don't have to interrupt the execution of the [00:04:30.01] [00:04:30.01] activity there is no inclusion on the system and then you can just are [00:04:34.12] [00:04:34.12] wirelessly monitor like the system where in many industrial settings this is as a [00:04:41.12] [00:04:41.12] requirement so you don't want to invade the actual application of the system [00:04:48.15] [00:04:48.15] which is as possible vegetables and then put the [00:04:54.06] [00:04:54.06] oldest together the main uses for this site house was security and Trust is [00:04:58.18] [00:04:58.18] really good for original constrained devices such as amended Systems PLC I [00:05:03.09] [00:05:03.09] the devices cyber-physical system in general and so on because this device is [00:05:08.15] [00:05:08.15] power is moving has neat required all of these readings at the same time in honor [00:05:14.16] [00:05:14.16] for you cannot afford to have a really sophisticated monitoring system funded [00:05:20.03] [00:05:20.03] by the system because it creates more cos it creates lots of overhead [00:05:24.15] [00:05:24.15] you only need a battery power system so you cannot really spend extra power on [00:05:30.08] [00:05:30.08] like for example running a novel detector on the system itself so going [00:05:35.04] [00:05:35.04] to get a little bit deeper into the system security in general and what the [00:05:38.10] [00:05:38.10] problem here is that you can you know that there are lots of a million devices [00:05:43.08] [00:05:43.08] right now in the market and it's actually growing much more rapidly [00:05:46.15] [00:05:46.15] hundred billion devices in a few years they may probably live in the system and [00:05:52.04] [00:05:52.04] these devices are mainly operating in the public so generally they are really [00:05:57.09] [00:05:57.09] horrible type of size angles the tax so it's important to actually making sure [00:06:03.07] [00:06:03.07] that this device proverbs Q and as I said given that [00:06:07.15] [00:06:07.15] there are lots of constraint on this devices because of the possible energy [00:06:13.14] [00:06:13.14] you really so so what is a channel that it is rich is the electromagnetic side [00:06:28.15] [00:06:28.15] channel and the majority of my park and framework that we have used in this sock [00:06:34.13] [00:06:34.13] until our project was how we can actually leverage to like you - I chose [00:06:39.08] [00:06:39.08] well many of these states as I described today is also such as power so for the [00:06:47.20] [00:06:47.20] electromagnet is normally what we what it happens is that we have a device and [00:06:51.23] [00:06:51.23] we have another software here to divide and you picked up this signal of [00:06:56.02] [00:06:56.02] electromagnetic signal and then you do the babies are for generating the [00:07:01.15] [00:07:01.15] electromagnetic signals unintentional switching of can gesture than just [00:07:05.23] [00:07:05.23] changing this to the current to actually you to creation of electromagnetics the [00:07:12.17] [00:07:12.17] main advantage of the electromagnet is patch are completely other taboos and we [00:07:17.22] [00:07:17.22] can measure it from this necessar is a physical signal so you can have require [00:07:24.14] [00:07:24.14] another report in May about the electromagnetic signal a staff you can [00:07:28.22] [00:07:28.22] actually localize the sources of [00:07:33.05] [00:07:41.02] memory and then based on which of these signal or more stronger of which of them [00:07:45.18] [00:07:45.18] passing formation you can kind of tell what sort of activities being done [00:07:49.16] [00:07:49.16] whereas for example it for the power if you measured the VDD of the of the fire [00:07:54.20] [00:07:54.20] board you can actually it's hard to pinpoint where exactly the source of [00:08:00.11] [00:08:00.11] leakage is similar to other type of cycles as I said there is no overhead on [00:08:06.03] [00:08:06.03] the system because no matter whether you use this cycle or not this is a bus is [00:08:11.15] [00:08:11.15] going to generate this this cycle signal so you essentially you've not really any [00:08:16.14] [00:08:16.14] awareness in the system it's so and then another important thing about this item [00:08:21.08] [00:08:21.08] is really hard to mimic right so so and this it's completely unintentional so as [00:08:26.19] [00:08:26.19] the device is executing instruction is created so you cannot really personally [00:08:33.20] [00:08:33.20] Oh giving you a little bit background and [00:08:37.21] [00:08:37.21] how the inside channels has been used before the very first discovery of [00:08:44.05] [00:08:44.05] en5 channel was around 50 and 60s and this confidential documents from US [00:08:50.01] [00:08:50.01] government ania observed some some activities from different electric [00:08:54.21] [00:08:54.21] devices and then they found that there is actually some correlation [00:08:58.07] [00:08:58.07] they're receiving and the activity being done they call the tempest as a [00:09:03.14] [00:09:03.14] transient ultimately descended and there is also right now standard later on the [00:09:10.20] [00:09:10.20] sixties and seventies and eighties now there were lots of this activities that [00:09:15.03] [00:09:15.03] later on the quintus cover that all people have used this for for spying on [00:09:20.18] [00:09:20.18] different countries and then what our previous in fact I've actually gotten to [00:09:26.09] [00:09:26.09] the general public knowledge both of this up this is discovery that are if [00:09:31.02] [00:09:31.02] you have some independent and then you may hear the signal from the display you [00:09:35.03] [00:09:35.03] can actually kind of figure out what sort of cactus has been this way and [00:09:40.19] [00:09:40.19] then the timing has a very important use because people start to think about that [00:09:45.21] [00:09:45.21] actually more recently with the production of credit cards and then [00:09:56.16] [00:09:56.16] literally in the system in general there was this notion of correlation analysis [00:10:04.07] [00:10:06.21] what it does is that at the beginning given that people have not noticed that [00:10:13.06] [00:10:13.06] inspectors can be information you can actually have seen some very clear and [00:10:18.20] [00:10:18.20] own patterns when you're for example doing some transaction and then you can [00:10:23.03] [00:10:23.03] use it with some correlation to see for example which he has been used and you [00:10:27.08] [00:10:27.08] went to the figure out what the key was more after them [00:10:31.21] [00:10:31.21] as people get more and more educated the model cycles there were some methods [00:10:39.10] [00:10:39.10] were actually try to apply this but there is this notion of differential [00:10:43.01] [00:10:43.01] analysis or EPO ei worry they make a deal here was of Allah all the [00:10:50.04] [00:10:50.04] activities that we do the most other if you are if you measure this over [00:10:56.18] [00:10:56.18] final try to average it given that all the other things are kind of random and [00:11:01.12] [00:11:01.12] noon all the other news are random and so it's zero mean activities the average [00:11:08.07] [00:11:08.07] of the activity is really only keep n so you can actually at the end of the day [00:11:13.10] [00:11:13.10] if you have lots of these measurements you can only find those activities that [00:11:18.14] [00:11:18.14] are related to the key and that's how you can actually make manage to finding [00:11:22.11] [00:11:22.11] these and now state-of-the-art is based on this profile this analysis where you [00:11:29.04] [00:11:29.04] can assume that now you have the replicas of the device and then you can [00:11:33.08] [00:11:33.08] actually change your system based on the activity that the device has and then [00:11:38.08] [00:11:38.08] you bring the monitoring or viewing it back you can actually you can have this [00:11:57.09] [00:11:57.09] you have [00:12:01.14] [00:12:12.10] from all this different type of methods there are two major limitation verses [00:12:19.21] [00:12:19.21] normally there is these signals that you're receiving are really prone to [00:12:27.03] [00:12:27.03] transient ambient noise so even the single Bron multiple clients has a [00:12:31.18] [00:12:31.18] different altitude and has a project because this actually the noise has a [00:12:36.19] [00:12:36.19] significant impact on the signal itself and the second problem is that when you [00:12:41.14] [00:12:41.14] are trying to match the signal bits of non-single to confer these two signals [00:12:46.14] [00:12:46.14] although that there are like small points that are actually different and [00:12:50.06] [00:12:50.06] you can can we do is saw the difference but you really end up doing the doing [00:12:56.00] [00:12:56.00] our analysis is that because of the limited sampling rate you have only few [00:13:02.01] [00:13:02.01] samples to compare so instead of like being able to convert these same numbers [00:13:06.21] [00:13:06.21] signals you are actually by doing only a few samples together and then add it to [00:13:11.18] [00:13:11.18] that problem these samples are very noisy so really what you are doing is [00:13:16.08] [00:13:16.08] you're comparing very to small things that are very prone to errors so really [00:13:22.06] [00:13:22.06] it's not very all off variable methods to actually find the difference right so [00:13:29.04] [00:13:29.04] it's very challenging to figure out what the differences are so here what we are [00:13:35.19] [00:13:35.19] proposing is that we can leverage to two things to actually simplify these two [00:13:41.07] [00:13:41.07] problem and then our being able to leverages its sights on signal [00:13:48.01] [00:13:48.01] Jase's the first thing is that you to leverage periodic activity [00:13:52.15] [00:13:52.15] well they what I mean by that is that also that you have this very complicated [00:13:57.19] [00:13:57.19] signal but it's actually being repeated over and over let's say that's in the [00:14:02.01] [00:14:02.01] loop so what you see in the time limit is the signal but if you look at the [00:14:07.14] [00:14:07.14] frequency domain is is it's fine because it's a periodic signal FFT from a [00:14:12.08] [00:14:12.08] periodic signal so it has the frequency component and the frequency of that [00:14:17.02] [00:14:17.02] really activity is one case unit so I think go through this program and then [00:14:25.00] [00:14:25.00] look at the other activities in your program to you see other other periodic [00:14:30.21] [00:14:30.21] activity each of which has a different frequency f1 f2 and f3 each of which is [00:14:36.23] [00:14:36.23] execution so now let's look at the whole the program as a whole and see how does [00:14:43.02] [00:14:43.02] this work for for example tracking the code so as the program starts probably [00:14:48.06] [00:14:48.06] starting doing some solute loop activity first so you see up so what about 104 [00:14:55.02] [00:14:55.02] thank you is the frequency over times at each point here is one of these are [00:14:59.20] [00:14:59.20] spikes that are showing here so you see a line that corresponds to the activity [00:15:05.12] [00:15:05.12] of that loop and it takes some time for this loops to finish and then you [00:15:09.19] [00:15:09.19] probably start to do they threw the next part of the program [00:15:12.09] [00:15:12.09] and the next particle Korpela so on and so forth so uh and then another thing [00:15:16.22] [00:15:16.22] that you will see here is that not only you see that the frequency off of 1 [00:15:21.04] [00:15:21.04] which is correspond to death loop you also see a harmonics of multiples of [00:15:25.16] [00:15:25.16] this frequency as well because these are not perfect sinusoidal activities right [00:15:31.02] [00:15:31.02] they're more rectangular shaky so you see also harmonics of badly but the [00:15:36.22] [00:15:36.22] important thing here is that you can actually categorize your application [00:15:42.04] [00:15:42.04] execution into multiple regions and each mediums have very well-defined [00:15:47.23] [00:15:47.23] signatures that if you manage to extract those signatures we can actually tell ok [00:15:52.23] [00:15:52.23] I see this signature at this part and later I'm going to discuss how we [00:15:58.15] [00:15:58.15] can actually use this for detecting education and then you also can see that [00:16:04.14] [00:16:04.14] there are person really not in this loop on download which is basically the [00:16:10.13] [00:16:10.13] combinational part of the program what he the main inside here is that you can [00:16:15.14] [00:16:15.14] imagine that most of your application execution time is being consumed so I [00:16:26.04] [00:16:26.04] talked about two different limitations the sampling rate and the effect of [00:16:31.13] [00:16:31.13] noise the third problem is that naturally these signals has very low SNR [00:16:37.02] [00:16:37.02] and the reason for that is that as I said [00:16:41.23] [00:16:43.16] and you think about different point with the application really what is [00:16:49.13] [00:16:49.13] responsible for generating that's part of the signal is really small portion of [00:16:54.11] [00:16:54.11] the transistor being switched so essentially these signals are very big [00:16:59.12] [00:16:59.12] source of emanations which leads to a very low SNR and then if you want to [00:17:04.18] [00:17:04.18] actually measure this from some distance it will be very hard problem to solve [00:17:09.13] [00:17:09.13] so all together to actually solve this problem to you can actually look at this [00:17:18.07] [00:17:18.07] the second thing that we're hoping and that is like if you can imagine how we [00:17:23.00] [00:17:23.00] actually use our send messages over communication systems such as a [00:17:28.05] [00:17:28.05] modulations what we do is that we using a message like this and then we also [00:17:33.09] [00:17:33.09] using it through your signal and then we modulate the man with the message [00:17:36.23] [00:17:36.23] because your signal so let's see how we can actually use this for inspection so [00:17:40.23] [00:17:40.23] if you have an activity that is as I said could be in a square shape activity [00:17:45.09] [00:17:45.09] and then in the perfect word we have the part that is perfect this way [00:17:49.15] [00:17:49.15] what will they end up happening is that and this is the y axis here is the [00:17:54.13] [00:17:54.13] average for interference human system what end up having you'll see in the [00:18:00.10] [00:18:00.10] actual execution is that we the amplitude of the clock is changing [00:18:05.00] [00:18:05.00] because the activity that you're running which means are given that you had some [00:18:09.13] [00:18:09.13] part of the program you're actually consuming more [00:18:13.12] [00:18:13.12] consuming less pirate the envelope of clock is also modulated by this activity [00:18:19.11] [00:18:19.11] so going back to the concept of a a modulation you have this since we go to [00:18:25.11] [00:18:25.11] here and then you have this single message after doing the the modulation [00:18:30.14] [00:18:30.14] you actually will get a signal that is part of the career but the envelope of [00:18:35.11] [00:18:35.11] the carriage actually modulated by the best bread so this is actually happening [00:18:39.20] [00:18:39.20] for for four sites on signals too because if you look at the clock the [00:18:45.02] [00:18:45.02] envelope of the clock is actually modulated by the activity that you're [00:18:48.11] [00:18:48.11] doing so essentially what's happening is that you have it per year which is [00:18:52.18] [00:18:52.18] frequency as frequency of plus a FC and then you have this alternation at some [00:18:58.14] [00:18:58.14] frequency let's say at all what you end up seeing after the modulation is that [00:19:03.11] [00:19:03.11] you will see the two side bands which are F of apart from the decree so [00:19:10.21] [00:19:10.21] putting this in perspective of side channels this actual measurements that [00:19:14.23] [00:19:14.23] we had for a forearm device that has around one Universal clock frequency and [00:19:20.00] [00:19:20.00] then we have this loop that's goon is very installation pine was around one [00:19:25.21] [00:19:25.21] over thirty megahertz what it was a period C was around 30 minutes so what [00:19:32.20] [00:19:32.20] we observed was that we saw the heart frequency which is a great signal [00:19:37.19] [00:19:37.19] because the majority of this was done network but we also sought to [00:19:44.02] [00:19:44.02] sign hands and then the position of these spies was exactly at 13 megahertz [00:19:50.14] [00:19:50.14] to the right at 15 o'clock so what this gives us is that now instead of being [00:19:56.04] [00:19:56.04] just measuring the signals in this life and in in the basement where you have [00:20:01.11] [00:20:01.11] only a small fraction of the circuit being responsible for generating the [00:20:06.02] [00:20:06.02] inside Channel now you can actually look at the quad and around the clock signal [00:20:11.17] [00:20:11.17] but this gives you a much more stronger signal and a much more better [00:20:17.06] [00:20:17.06] SNR so you can actually move it from much more distance so adding these two [00:20:23.14] [00:20:23.14] things together first is you can leverage the period velocity in the [00:20:27.20] [00:20:27.20] program and second you can actually look at the modulated signal instead of [00:20:32.11] [00:20:32.11] debate based on signal you can have this concept which we call spectral profile [00:20:37.19] [00:20:37.19] so what fucking here is that again I'm cutting this frequency over time which [00:20:43.17] [00:20:43.17] for spectrogram and the beginning of the program when you're not running anything [00:20:47.15] [00:20:47.15] what you will see is this probably the clock because your task is a Community [00:20:52.13] [00:20:52.13] Health do you see this very strong log for the quad and as you study computing [00:20:57.00] [00:20:57.00] application you will see this once as you progress through the application you [00:21:02.01] [00:21:02.01] push for example 0 1 & 2 so by Alison by looking at the signature [00:21:08.02] [00:21:08.02] that is each region of the program you can actually tell where you are the [00:21:11.19] [00:21:11.19] program the multiple interesting things that we can see here first of all as I [00:21:15.22] [00:21:15.22] said these are not perfect sinusoidal signal so you not only see the [00:21:19.14] [00:21:19.14] fundamental frequency but you also see the harmonics of the frequency and I [00:21:24.09] [00:21:24.09] think that you are seeing here is that this is not the perfect straight line [00:21:28.06] [00:21:28.06] but it's actually kind of like wobbly and the reason for that is that you can [00:21:32.15] [00:21:32.15] imagine that registration time of the loop is not always the same slightly [00:21:36.19] [00:21:36.19] changing from one iteration to another iteration because you have different Oh [00:21:41.10] [00:21:41.10] having your loop or you have to finish it and as this becomes more and more [00:21:52.02] [00:21:52.02] thicker it means that the dissipation is actually ordered Oh Lord so you can [00:21:57.13] [00:21:57.13] actually avoid looking at the variation you can tell how much by using you have [00:22:01.19] [00:22:01.19] in your education plan that you can actually use this information for you [00:22:06.06] [00:22:06.06] can say okay this loops have lots of cache misses because you're seeing that [00:22:10.06] [00:22:10.06] the very recent time is changing a lot so you can go back as a software [00:22:14.08] [00:22:14.08] developer for example and look at this while your your code is actually [00:22:19.23] [00:22:19.23] performing differently that what you would expect so we actually ended up [00:22:24.11] [00:22:24.11] probably bunch of different applications mainly for our foreign visit system [00:22:29.04] [00:22:29.04] benchmark given that the majority of our focus was on [00:22:33.23] [00:22:33.23] system given that this cyclamen analysis is really good for for these type of [00:22:38.21] [00:22:38.21] devices and then we actually were able to for 595 more than 95% of the programs [00:22:48.02] [00:22:48.02] with very good accuracy and nvidia habilis less than 3% errors that we [00:22:53.21] [00:22:53.21] actually misclassified program and then we also the versatile program that we [00:22:59.19] [00:22:59.19] had low confidence about what exactly which region there are what under sent [00:23:03.18] [00:23:03.18] mean on average we have more than 90% accuracy on clothing [00:23:07.16] [00:23:07.16] what would party to the application if you are at this time each time and as I [00:23:11.20] [00:23:11.20] said we can actually use more information about the various [00:23:14.11] [00:23:14.11] traditional flute vessel this also so going back to the initial of sentence [00:23:22.09] [00:23:22.09] that I said that we can actually use silence versatility let's say how we can [00:23:26.14] [00:23:26.14] actually use the same idea for for finding a potential of malicious [00:23:32.06] [00:23:32.06] activity in the system so on the left you will see same kind of similar [00:23:36.23] [00:23:36.23] execution [00:23:39.20] [00:23:40.04] reusing the code you have a look that has f1 frequency in there too people see [00:23:46.00] [00:23:46.00] after that and then the program continues up there are two well now [00:23:50.18] [00:23:50.18] that's not imagine that this program starts to executing a show goes so you [00:23:54.11] [00:23:54.11] have for example hijacking and the program sort of what you would see in [00:24:00.08] [00:24:00.08] these frequency domains that now you have seen this extra man here which is [00:24:05.09] [00:24:05.09] which is generating some different signature that what you would expect you [00:24:09.16] [00:24:09.16] will see so basically by looking at this signal and knowing what you should be [00:24:14.08] [00:24:14.08] seeing you in a few shows this application you can actually deviation [00:24:22.12] [00:24:22.12] and if you do some signal processing and then being able to extract these [00:24:27.04] [00:24:27.04] signatures from different part of the application you actually end up being [00:24:30.18] [00:24:30.18] able to detect any deviation from that execution so let me give you an example [00:24:36.09] [00:24:36.09] of how we can use this for them on the case that there isn't time so let's say [00:24:41.02] [00:24:41.02] that you have two different runs one is with the malicious code which in this [00:24:45.17] [00:24:45.17] case would be a shellcode and indeed of actor example and then normal code which [00:24:50.19] [00:24:50.19] is showing breath and the beginning of spectrum you have a loop that as you see [00:24:55.11] [00:24:55.11] it's not a perfect line is taking over five but so these two match perfectly [00:25:00.02] [00:25:00.02] together because they're doing exactly the same thing now assume that there is [00:25:04.18] [00:25:04.18] no malicious activity inside these filters for example a stock supply act [00:25:09.09] [00:25:09.09] where you are adding an extra of comparison or I think it makes injecting [00:25:14.17] [00:25:14.17] an extra code to you through your program what will happen is that now [00:25:18.15] [00:25:18.15] you'll see a frequency shift into your spectral lines and the reason for that [00:25:23.05] [00:25:23.05] is that you are now reading more in charge [00:25:26.02] [00:25:26.02] so the execution time the registration Honolulu now is larger so one or that [00:25:32.05] [00:25:32.05] which is the frequency down slower so basically if you can detect this shift [00:25:36.18] [00:25:36.18] you can say okay now the 60 more instruction it means that something has [00:25:40.07] [00:25:40.07] been addicted to my phone you can also imagine that instead of indicting [00:25:45.01] [00:25:45.01] something inside the loop approvement and as i said in the previous example [00:25:49.02] [00:25:49.02] have something between those two loops start doing something like this so you [00:25:59.23] [00:25:59.23] will see either a delay between different regions of the code or a [00:26:04.07] [00:26:04.07] completely different signatures from the program so essentially what you will do [00:26:08.23] [00:26:08.23] is that we can have a framework that you train the system you model the signature [00:26:13.17] [00:26:13.17] and then you constantly monitor the signal and then if you start seeing a [00:26:17.13] [00:26:17.13] deviation from this method you can actually report it as possible now [00:26:22.22] [00:26:22.22] before that part here is that you can have you need to extract signatures for [00:26:28.02] [00:26:28.02] different part of the program and in the signatures that you are extracting out [00:26:31.18] [00:26:31.18] basically the artists voice and this monitoring what you need to what we need [00:26:40.07] [00:26:40.07] is a kind of a metric to to understand when the program is actually can be so [00:26:44.15] [00:26:44.15] you need to be able to tolerate service um so very little but not what being [00:26:50.20] [00:26:50.20] able to also detect the agents so so the main question becomes a little how you [00:26:56.13] [00:26:56.13] detect the deviation and the obvious answer for is the minute and distance [00:27:00.16] [00:27:00.16] metric to measure the similarity or dissimilarity between to execution or to [00:27:05.16] [00:27:05.16] sound so oh and the known data here is that we have features that are this [00:27:14.02] [00:27:14.02] vector of samples so it may be that as a vector [00:27:17.16] [00:27:17.16] numbers each of which is the frequency of this slice at that region and then [00:27:22.17] [00:27:22.17] you also have noise because there is interference from other devices there's [00:27:27.05] [00:27:27.05] also all different execution paths so you might know is a different part of [00:27:32.13] [00:27:32.13] the program so if you look at for example the yard the program one of [00:27:37.01] [00:27:37.01] these loops or regions in the code you'll end up say something like this [00:27:40.22] [00:27:40.22] where the majority of these bikes are around one one specific frequency in [00:27:46.05] [00:27:46.05] this case about and then there are also a long tail of different different [00:27:53.05] [00:27:53.05] iteration time as well so I really want to be able to detect if there is an [00:27:59.18] [00:27:59.18] activity that shift this distribution to a lower valence right so what we end up [00:28:05.11] [00:28:05.11] doing is using a statistical test the reason for that was all nonparametric [00:28:15.12] [00:28:15.12] tests are good when you have a statistical distribution that falls a [00:28:20.05] [00:28:20.05] known distribution like a normal distribution [00:28:22.13] [00:28:22.13] what would he loves you you can imagine that there is no where it goes the final [00:28:27.17] [00:28:27.17] distribution software might be very short software might be very very wide [00:28:33.15] [00:28:33.15] different depending on which path you are taking your program or which type of [00:28:37.22] [00:28:37.22] cache misses activity you have you can actually have two district different [00:28:44.18] [00:28:44.18] distributions so what we what we use is this nonparametric this contest called [00:28:51.22] [00:28:51.22] ESS what the cases does is trust you are fine to CDF [00:28:59.00] [00:28:59.00] so what we are trying to do here is a very we're trying to compare at a [00:29:03.23] [00:29:03.23] reference model versus a signal giving the monitoring fish right so you can [00:29:07.20] [00:29:07.20] have two different distribution and we want to see whether these two [00:29:10.20] [00:29:10.20] distribution are similar or not so what you do is you start finding the cdf for [00:29:17.14] [00:29:17.14] both of them let's say that the blue one is near is the reference of distribution [00:29:22.02] [00:29:22.02] and the yellow and the red one is the one that's giving you've collected your [00:29:26.21] [00:29:26.21] in the monitoring phase the cases the cases starts the first thing that cases [00:29:32.06] [00:29:32.06] does is it tries to find the maximum distance between these two this is [00:29:37.15] [00:29:37.15] actually showing up so let's say in this example is at this point and then it's [00:29:42.06] [00:29:42.06] tries to see whether this distance is the man is larger than some threshold on [00:29:47.08] [00:29:47.08] so essentially intuitively what does say it's a start is that let's try to see [00:29:52.10] [00:29:52.10] whether there are majority the odd number of the doubt [00:29:55.16] [00:29:55.16] basically penetration execution that are very different from what you would [00:30:00.01] [00:30:00.01] should expect and that is exactly what you want to do you want to detect [00:30:03.14] [00:30:03.14] whether there is an injection or there's a deviation in the execution and then [00:30:08.17] [00:30:08.17] you can actually come we can control this amount of special but using this [00:30:14.12] [00:30:14.12] sensitivity or significant value so you can put tempo change the alpha two [00:30:21.01] [00:30:21.01] different numbers so that be more or less [00:30:24.09] [00:30:24.09] you are trying to take them out and you think they say you ever actually end up [00:30:30.05] [00:30:30.05] getting really rhythm we lost an accurate we lost four for the [00:30:34.23] [00:30:34.23] application of this complainer so all so the measurement setup we had for doing [00:30:41.23] [00:30:41.23] that the analysis is leaves an art board that had a 8 on in order for the on pork [00:30:52.09] [00:30:52.09] and actually one Vivian's Linux on it and then we use an antenna on top of it [00:30:57.03] [00:30:57.03] about like ten fingers off the processor itself to collect the signals and the [00:31:02.08] [00:31:02.08] signals are collected way signal acquisition device in this case and off [00:31:08.09] [00:31:08.09] the bench what can be used for evaluation was and this is my bench [00:31:13.16] [00:31:13.16] which is a standard benchmark for under the system for operative application in [00:31:18.13] [00:31:18.13] the mortgage application suit for doing basic basic duty or networking is so on [00:31:27.13] [00:31:27.13] so forth that you don't really see why and in the mouth or in this case we used [00:31:33.07] [00:31:33.07] to synthetic numbers one was we we try to inject some instruction small [00:31:38.16] [00:31:38.16] instruction in the loop to see what how long we can actually take the injection [00:31:44.05] [00:31:44.05] the rationale for this was something like Stuxnet will do basically what you [00:31:50.13] [00:31:50.13] end up doing is than you adding a small if and all [00:31:55.07] [00:31:55.07] to your program to check for example if the speed of the motor is larger or [00:32:00.10] [00:32:00.10] something do something about the program or you can think about this as if the [00:32:04.17] [00:32:04.17] temperature gets fired with this shoots a little of that and then for the [00:32:10.01] [00:32:10.01] outside the loop the the the larger activity that you want to eject we use a [00:32:15.03] [00:32:15.03] simple energy cell phone which is like trucks who actually walk the show and [00:32:19.12] [00:32:19.12] then decide to show you and do whatever you want right you can do because the [00:32:24.01] [00:32:24.01] package and ransomware attacks you can do also the face once you have the show [00:32:28.04] [00:32:28.04] so these are basically the smallest things that you can do in order to him [00:32:32.23] [00:32:32.23] do any malicious activity in something like this [00:32:36.23] [00:32:37.15] it's also a for information that this is a control flow in tribute II type of [00:32:41.18] [00:32:41.18] detection right so you cannot effect something like they don't attack where [00:32:45.03] [00:32:45.03] you change the value your code if the value is not changing you control flow [00:32:49.16] [00:32:49.16] basically given that there is no changing the signatures we won't be able [00:32:54.03] [00:32:54.03] to do that so it's important to know that these are mainly contributed that [00:33:01.05] [00:33:01.05] we are proposing so here are the results so there are two type of results that [00:33:05.21] [00:33:05.21] are important among those that were labeled as malware how many of them were [00:33:14.14] [00:33:14.14] actually wrong and you can see for the bro application that we tested the the [00:33:19.15] [00:33:19.15] maximum was less than 2% in the app also listen to percent which is a good number [00:33:25.00] [00:33:25.00] for foramina system but normally you use [00:33:27.19] [00:33:27.19] this on the control system where you like raise a flag that potential [00:33:32.22] [00:33:32.22] malicious activity and then you know the system can take like actions and then [00:33:44.07] [00:33:44.07] the second thing we record is the true positive rate which is among those that [00:33:48.13] [00:33:48.13] video report as month now what how many of them are to correctly label and then [00:33:55.15] [00:33:55.15] average we have more than 95% accuracy because we are able to actually detect [00:34:01.03] [00:34:01.03] this small changes and you're mad we have really good as sent over and we [00:34:05.18] [00:34:05.18] also did the analysis actually using SPICE and then we also did some bunch of [00:34:16.07] [00:34:16.07] us and also them that I'm showing here is that the the true positive rate [00:34:23.02] [00:34:23.02] versus the number of instruction that we rejected so assuming that you're [00:34:27.13] [00:34:27.13] injecting different number of instruction inside the loop you can see [00:34:31.23] [00:34:31.23] how we are the true positive rate as you reduce the number of instructions the [00:34:37.01] [00:34:37.01] important thing here is that in all those cases we were able to detect the [00:34:42.03] [00:34:42.03] malware the only extra thing that we need to pay what actually you need to [00:34:48.13] [00:34:48.13] waste much more longer so that would take some ecstasy actually goes up what [00:34:53.07] [00:34:53.07] does he say that if you look if you think about what we are actually trying [00:34:56.17] [00:34:56.17] to do is that we are trying to compare two statistical distribution so add this [00:35:02.14] [00:35:02.14] two or less and less different from each other we need more and more [00:35:07.04] [00:35:07.04] to try to to find the differences so the reason that you need actually more time [00:35:11.21] [00:35:11.21] is that to ascertain who these two this statistical distributions not that [00:35:17.09] [00:35:17.09] different from each other but I think in more and more samples you see this [00:35:20.20] [00:35:20.20] difference so you middle of this confidence that now these two [00:35:24.02] [00:35:24.02] distributions are of separate each other but again you can actually give it an [00:35:29.12] [00:35:29.12] even single instruction incredibly moved in distribution through the lab you can [00:35:33.23] [00:35:33.23] actually detect even a single instruction we also had a demo for this [00:35:42.07] [00:35:42.07] a lot of demo for this to show that we can actually use it on a real [00:35:46.02] [00:35:46.02] cyber-physical system in this case we had this device called strange one this [00:35:51.09] [00:35:51.09] rich Punk is a medical device for injecting and be drawing a specific [00:35:55.12] [00:35:55.12] amount of medicine to a patient and then these actually controlled by a [00:36:00.06] [00:36:00.06] microcontroller edges faces in our genome and then the idea can actually be [00:36:05.09] [00:36:05.09] program and you can use the primary things like that who inject specific [00:36:11.10] [00:36:11.10] amounts of medicine at each time interval and so on so forth as there is [00:36:15.08] [00:36:15.08] more than we are they are being actually controls to be injected the medicine [00:36:20.16] [00:36:20.16] there are what we use is that we are using this antenna that shown here on [00:36:26.19] [00:36:26.19] top of this or in the system to collect the signals and then we use the signal [00:36:31.15] [00:36:31.15] processing super lotto yet after what the attacker [00:36:36.16] [00:36:36.16] can do here is that controlling this device to move this range to arbitrary [00:36:41.16] [00:36:41.16] direction right or the arm is really amount of medicine so each of these two [00:36:45.22] [00:36:45.22] actually can be very detrimental to the patient's body so you want to be able to [00:36:50.23] [00:36:50.23] detect this possible change and then being able to immediately solve the [00:36:56.20] [00:36:56.20] movement of strain as you see there's a potential malicious activity oh so this [00:37:02.05] [00:37:02.05] is a but you know I want to show to you what I'm going to show is that this is a [00:37:07.15] [00:37:07.15] large spectrum of the signal and this is the interface from this and then the [00:37:24.23] [00:37:24.23] first I'm gonna show how it works generally with the commands and then I'm [00:37:29.05] [00:37:29.05] gonna show an impact which in this case it was a hack but the assumption was [00:37:34.15] [00:37:34.15] that the packet can actually send a really awesome glow the buffer and then [00:37:42.20] [00:37:42.20] actually what they does is that actually jumps to move syringe part of the [00:37:47.23] [00:37:47.23] application which moves this range through the arbitration but basically by [00:37:51.16] [00:37:51.16] sending you believe by sending a buffer overflow commandeered it can move the [00:37:57.01] [00:37:57.01] stage to arbitration and then finally I'm gonna show how our detection [00:38:01.16] [00:38:01.16] algorithm can actually detect this and the system so so person so what what you [00:38:09.09] [00:38:09.09] see here is that when the program is either basically you're not executing [00:38:14.03] [00:38:14.03] any from can you see bunch of different lies and these are neither actually make [00:38:18.07] [00:38:18.07] is not part of the program so you see interference anomaly and then you send a [00:38:23.07] [00:38:23.07] positive or minus and then the motor starts to move and then you [00:38:27.08] [00:38:27.08] not see the signature you see to sing to one is this small line here and in this [00:38:32.06] [00:38:32.06] larger line here which are which are responsible for all through singing the [00:38:37.16] [00:38:37.16] command and also moving the string now the attacker actually do some dark area [00:38:43.05] [00:38:43.05] of numbers plus some return address which is mostly a buffer overflow attack [00:38:47.17] [00:38:47.17] here and then you see that I knew as we're sending this there is also most [00:38:52.23] [00:38:52.23] what you see a difference here instead of actually receiving the command and [00:38:57.11] [00:38:57.11] then moving this range to see first removing the syringe and then the [00:39:01.06] [00:39:01.06] receiving the command which means that you are jumping over there the check [00:39:06.12] [00:39:06.12] check checking part of the are the instruction so now what we're going to [00:39:11.17] [00:39:11.17] do is that we're going to use our detection algorithm to actually detect [00:39:16.05] [00:39:16.05] this and then you see that either you send this instruction one more time we [00:39:22.14] [00:39:22.14] need to be stopped me a movement of strength because we see the difference [00:39:28.11] [00:39:28.11] in the signatures that we we shown it will be the previous part and then we [00:39:33.10] [00:39:33.10] can actually protect the system from illuminating there the rest of moving [00:39:39.13] [00:39:39.13] this so the last part of the talk is can we use this cycle signal not only for [00:39:50.01] [00:39:50.01] detecting malware but also for establishing a fast [00:39:54.12] [00:39:54.12] additional Authority so all you can imagine that out the work be living [00:40:00.11] [00:40:00.11] right now is that you're surrounded by this devices age devices that are [00:40:05.06] [00:40:05.06] literally uh executing in the wild and then normally is devices on patrol in [00:40:12.02] [00:40:12.02] this specific needed industrial scenario there are controlled by some centralized [00:40:17.23] [00:40:17.23] control unit and then once you want to execute the different instructions or [00:40:23.13] [00:40:23.13] their reporting in this devices you want to get some confidence that whether this [00:40:28.16] [00:40:28.16] is what or a compromise but not on whether whether this the previous state [00:40:33.19] [00:40:33.19] of this of us has been up the device actually being used properly before or [00:40:40.16] [00:40:40.16] not so if you need some sort of establishing some level of confidence [00:40:44.09] [00:40:44.09] from the server through this devices to know whether this devices is a it's [00:40:50.12] [00:40:50.12] secure them so the main of the base solution for this problem is rely on [00:40:58.03] [00:40:58.03] this security protocol for attestation what the decision does is that it [00:41:03.19] [00:41:03.19] divides there are the warning to trust even on from support where the very [00:41:10.11] [00:41:10.11] order or in this case the server wants to find whether this device is [00:41:15.09] [00:41:15.09] compromised or not so this device becomes the prover and the server verify [00:41:21.05] [00:41:21.05] and then the very part is actually sending some challenge and getting some [00:41:26.07] [00:41:26.07] response and the challenge and response period actually completing some tricks [00:41:30.15] [00:41:30.15] from over the this device and given that the very [00:41:34.15] [00:41:34.15] white also has a copy of this device the content of the memory of this device it [00:41:39.15] [00:41:39.15] can actually nobody computer does the checksum response there too and then [00:41:44.06] [00:41:44.06] compare this response with the one that he actually himself created and then if [00:41:49.08] [00:41:49.08] these matching means that the content of the memory here has not been compromised [00:41:53.13] [00:41:53.13] right oh the big problem here is that most of us can create the correct [00:42:00.23] [00:42:00.23] response but what if this was actually being ported in other words the devices [00:42:07.13] [00:42:07.13] the memory content of the device might be modified what the device can manage [00:42:13.05] [00:42:13.05] to forge the response to correct the correct response right between for [00:42:17.12] [00:42:17.12] example I saved the correct content of the memory somewhere else and then [00:42:21.22] [00:42:21.22] what's their response attain you can actually use that to code to compute the [00:42:27.02] [00:42:27.02] response so they may want to be a decision is not only relying on the [00:42:31.04] [00:42:31.04] response but you need to also make sure that the response complete patient or [00:42:35.10] [00:42:35.10] the checksum computation is not so so there are two different in a solution [00:42:40.23] [00:42:40.23] for this the main one is the hardware of the station where this something is that [00:42:45.23] [00:42:45.23] the response computation or the tricks on computation is done on the secure [00:42:49.20] [00:42:49.20] partner so you have heard about SGX or are passed on so on so forth if [00:42:55.16] [00:42:55.16] something is that once you send the risk send the challenge the challenge is [00:43:00.01] [00:43:00.01] being computed the tricks of it being computed on the Russell Carter so so [00:43:05.23] [00:43:05.23] once you get the response you not only get the response will also get the [00:43:09.09] [00:43:09.09] assurance that the device responds compromise because it has been completed [00:43:15.01] [00:43:15.01] on the trusted partner so of course this works really great but on many devices [00:43:21.08] [00:43:21.08] such as admitted systems you really don't have the luxury of having I [00:43:26.15] [00:43:26.15] dedicate this through Harvard so if you need to really find a way or they mean [00:43:31.11] [00:43:31.11] anything the need for relying on secure hardware quite still have some [00:43:35.09] [00:43:35.09] confidence that the response computation is not compromised so here were these [00:43:38.23] [00:43:38.23] software at the station Memphis comes in and the software the station says that [00:43:44.08] [00:43:44.08] you can actually use a timer or use the time and the side channel in order to [00:43:49.11] [00:43:49.11] get some confidence about the computation so what it does is that is [00:43:54.14] [00:43:54.14] started timer when you're sending a challenge and ends the primary when you [00:43:57.22] [00:43:57.22] receive the response and then compare this time with some threshold and if [00:44:02.23] [00:44:02.23] this is smaller than threshold it means that the victim is not compromised and [00:44:07.13] [00:44:07.13] the domaine insight is that the algorithm and the particle is so [00:44:12.12] [00:44:12.12] optimized so that if the attacker tries to for the tricks of competition it has [00:44:18.01] [00:44:18.01] to pay a lot of the time overhead and natural wire like this this petition [00:44:24.06] [00:44:24.06] right so obviously the problem will be software this vision for unique you need [00:44:30.20] [00:44:30.20] to have two requirements for thread one is that this ratio should be larger than [00:44:37.03] [00:44:37.03] the actual of the session x plus some variation because you can even imagine [00:44:41.12] [00:44:41.12] that this is an L this is also a program it's a session itself is a program right [00:44:45.23] [00:44:45.23] so it might have a different different activity during the execution of the [00:44:52.12] [00:44:52.12] so sometimes can get longer and sometimes it should be shorter [00:44:56.12] [00:44:56.12] you have cache misses and different markers digital activities during [00:44:59.17] [00:44:59.17] attestation protocol and the enormity of the ways just work is that you are [00:45:04.00] [00:45:04.00] sending it over some network so the network variations also has to be [00:45:08.06] [00:45:08.06] considered so essentially this original time should be larger than the decision [00:45:14.01] [00:45:14.01] time for some variation on the other hand the threshold time should be [00:45:18.03] [00:45:18.03] smaller than the attack so if the attacker tries to add something for [00:45:23.12] [00:45:23.12] support the ticks on computation the person should be small enough that that [00:45:28.06] [00:45:28.06] extra time should be much more larger than pretty so so you say you can see [00:45:33.08] [00:45:33.08] that they're naturally there is this trade-off between how much variation we [00:45:37.05] [00:45:37.05] can tolerate versus how much small attack that we can detect [00:45:41.20] [00:45:41.20] so really it's kind of limit us into this into this trade-off between [00:45:47.14] [00:45:47.14] variation versus the attack and then the problem it really is that what it be [00:45:52.12] [00:45:52.12] time for attacking is much more smaller than the variation and then really for [00:45:57.19] [00:45:57.19] this RT device nowadays that are connected to a network this is big this [00:46:01.13] [00:46:01.13] becomes this problem becomes even more challenging because now the time for [00:46:05.23] [00:46:05.23] forwarding requests faster device is only an order of milliseconds where the [00:46:11.15] [00:46:11.15] variation for these devices over the tens of milliseconds and then what [00:46:16.09] [00:46:16.09] forwarding is important is that once you receive as a challenge you can actually [00:46:21.10] [00:46:21.10] contact other devices that is that are already in the network and then you can [00:46:27.05] [00:46:27.05] ask them for computing the checksum for you for example if the other device is [00:46:31.03] [00:46:31.03] also including red here you can actually forward the request to the fashion [00:46:35.14] [00:46:35.14] device and that device may compute the checksum in much more smaller time and [00:46:39.15] [00:46:39.15] then give you the response back and then you can forward it back to be very quiet [00:46:43.16] [00:46:43.16] so essentially being able to forward this request [00:46:47.23] [00:46:47.23] very short time in able to forge new checks on pretty easily so the big [00:46:53.03] [00:46:53.03] question is can we use other sources of information or for making sure that [00:46:58.19] [00:46:58.19] recession is not this is uncompromised and get some confidence about the [00:47:03.06] [00:47:03.06] Association and as you might have guessed yes you can use other side [00:47:07.18] [00:47:07.18] channels such as electromagnet ease of power for for monitoring the system [00:47:12.03] [00:47:12.03] during the DSS station so not only just relying on time but you can also rely on [00:47:17.17] [00:47:17.17] other channels to get some confidence about the system so what we're proposing [00:47:22.19] [00:47:22.19] is that we are following the same software decision method where we [00:47:27.13] [00:47:27.13] prepare the challenge we send the challenge and then the checksum [00:47:31.12] [00:47:31.12] calculation has been done on the prover and an approver sent back the response [00:47:36.01] [00:47:36.01] or the answer and then we also locally compute the checksum and then compare [00:47:40.20] [00:47:40.20] this answer with our locally computed checksum while the top of that we have [00:47:45.10] [00:47:45.10] this experiment reading a framework where we once the device is actually [00:47:51.10] [00:47:51.10] computing the checksum we also wanted her to device to see whether there are [00:47:55.11] [00:47:55.11] some anomaly during the execution of the system or not and with that we actually [00:48:00.03] [00:48:00.03] can monitor the system during the checksum computation and that will [00:48:04.14] [00:48:04.14] eliminate this need of only relying on how much time it takes for sending this [00:48:09.09] [00:48:09.09] challenge to resuming this answer we can actually have some good idea of what's [00:48:14.19] [00:48:14.19] happening in all these four five and six steps right and then as I said it's [00:48:19.10] [00:48:19.10] important to say that we use inside tunnel but generally any other type of [00:48:23.17] [00:48:23.17] analog substance can be used here essentially anything and it's more [00:48:27.06] [00:48:27.06] related with the execution of the checksum can be leveraged for for doing [00:48:31.19] [00:48:31.19] something like that so the algorithm is basically what it [00:48:37.10] [00:48:37.10] does is it they are the proof of our dear so I'm [00:48:43.02] [00:48:43.02] talking about these three cells so you you receive this and they you know the [00:48:49.04] [00:48:49.04] the challenge and the challenge normally is a random see that you will use to [00:48:55.04] [00:48:55.04] generate the checksum and each time the device sent a different scene a [00:49:00.18] [00:49:00.18] different random number so basically each time that you're completing the [00:49:04.10] [00:49:04.10] checksum the checksum value would be different and that will prevent this [00:49:08.14] [00:49:08.14] type of attacks that you report the checks on somewhere and then each time [00:49:12.05] [00:49:12.05] that you receive that challenge you just forward that people's right and [00:49:17.13] [00:49:17.13] then the majority of the checksum computation the decision is this [00:49:22.04] [00:49:22.04] checksum computation which essentially is an iterative process where you wrote [00:49:27.01] [00:49:27.01] through part of the memory read the memory content and then update the [00:49:31.05] [00:49:31.05] checksum and then you are use relative different in use memory address use the [00:49:36.03] [00:49:36.03] concept of the memory use PC and all the states to make sure that the device [00:49:41.03] [00:49:41.03] cannot afford this checksum unless it changed via the completely different [00:49:47.05] [00:49:47.05] activity in the program so also to look at what's how we can actually monitor [00:49:53.10] [00:49:53.10] the system on what are the steps that needs to be if you look at the the [00:49:58.05] [00:49:58.05] algorithm is essentially there are three parts to the receiving this challenge [00:50:04.00] [00:50:04.00] and initialization part will be put the seed into so forth and then the main [00:50:09.17] [00:50:09.17] loop which is the checksum calculation [00:50:13.01] [00:50:13.10] every finally what's the response is computed you send it back to the actual [00:50:18.19] [00:50:18.19] device so as you can tell that this mate part is actually very similar to what it [00:50:24.19] [00:50:24.19] was proposing before that you can actually have a really good nice spice [00:50:30.23] [00:50:30.23] for for different activities because it's very repetitive and periodic so you [00:50:35.12] [00:50:35.12] can use similar frequency domain analysis for this and that the good [00:50:40.01] [00:50:40.01] thing about this is that even a single is certain change in the checksum [00:50:43.12] [00:50:43.12] calculation here can be easily detected by our for our method and then our and [00:50:49.07] [00:50:49.07] then for the second party that we can actually use in this part which are [00:50:54.05] [00:50:54.05] short and and non-community and actually use fundament analysis in this one so [00:50:59.16] [00:50:59.16] what you're not having is that you have this monitoring algorithm where you [00:51:03.20] [00:51:03.20] decide that you want to use time domain or frequency domain [00:51:07.04] [00:51:07.04] depending on which part of the application you are and then what it [00:51:10.21] [00:51:10.21] does each and each aspect of this monitoring aluminum is that we are going [00:51:16.00] [00:51:16.00] to extract some signatures from the signal in the frequency domain based [00:51:20.10] [00:51:20.10] essentially the piece and in time domain is chopping the signal into two small [00:51:24.22] [00:51:24.22] pieces and then what we'll do is that we are comparing this using the similar [00:51:30.15] [00:51:30.15] physical dimension report and then if the execution is complete this is [00:51:38.04] [00:51:38.04] significantly different from the reference model that we normally expect [00:51:43.02] [00:51:43.02] to see when you are completing the texture you can be pulling this anomaly [00:51:46.17] [00:51:46.17] so basically this gives you that extra layer of guarantee that you want to have [00:51:51.23] [00:51:51.23] when you are computing the checksum so you see the signal you see that the [00:51:55.23] [00:51:55.23] response and you also monitor the system human nap and if these two also both [00:52:01.11] [00:52:01.11] agrees that the device is not compromised now you have enough [00:52:05.12] [00:52:05.12] confidence about the security of the month so there are two type of the taxi [00:52:11.08] [00:52:11.08] being you can implement to attack the systems essentially depending on where [00:52:17.06] [00:52:17.06] you are going to attack the system you can either type the system before or [00:52:22.14] [00:52:22.14] after the tricks on computation or you can actually dynamically change the [00:52:26.13] [00:52:26.13] choice of computation so essentially the types of either attacking to epilogue or [00:52:31.13] [00:52:31.13] parallel or erect or now all you can attack the checksum computation move it [00:52:37.13] [00:52:37.13] so so to give you one example of how we can actually conduct in this foxy [00:52:45.23] [00:52:45.23] attacks with you as I said instead of actually computing the checksum on the [00:52:50.15] [00:52:50.15] device itself you find another colluding device on the networks and then you are [00:52:55.11] [00:52:55.11] trying to send the checks are equal to that to that device and then the main [00:53:01.06] [00:53:01.06] reason that you want to do that is that the other device is for example much [00:53:05.11] [00:53:05.11] more faster processor so it can actually compute the trick somewhat more faster [00:53:09.18] [00:53:09.18] and then you back the response and then you can forward the response back to e [00:53:13.13] [00:53:13.13] to the verifier and with this you actually don't boil in the time final [00:53:18.05] [00:53:18.05] requirement y1 you can actually [00:53:21.19] [00:53:21.19] so looking at the signal for this proxy attack what you will see the lot is that [00:53:27.10] [00:53:27.10] the normal execution of a checksum computation at the beginning that they [00:53:31.09] [00:53:31.09] said we see some news some some spikes has definitely related to what we're [00:53:36.22] [00:53:36.22] trying to do what's the actual the request has been has been received you [00:53:44.03] [00:53:44.03] see this small part here which is responsible for initializing the [00:53:50.00] [00:53:50.00] competition request and then you see this large which is responsible for [00:53:55.08] [00:53:55.08] completing the checksum this is the process when you see actually a line [00:54:00.02] [00:54:00.02] that is similar to doing in the activity and now look at that when we are trying [00:54:05.16] [00:54:05.16] to actually do a poxy attack when we are trying to forward it to another device [00:54:10.22] [00:54:10.22] what you will see the difference between these two are this small part here where [00:54:15.20] [00:54:15.20] the device is actually trying to send the request another twice so what it [00:54:20.04] [00:54:20.04] does is actually start executing different instructions that you would [00:54:25.05] [00:54:25.05] not see here so you see a different signature here so you can actually [00:54:29.08] [00:54:29.08] detect that the important thing here is at this party only takes a few [00:54:33.20] [00:54:33.20] millisecond so if you measure this time from here to here this extra overhead is [00:54:39.23] [00:54:39.23] like less than a few percent of the the entire initiation time what will the [00:54:46.09] [00:54:46.09] actual using using something like iam so I'll monitor you can actually even [00:54:51.09] [00:54:51.09] smaller extract is you can see it because it's fun with the couple from [00:54:56.23] [00:54:56.23] the excitation time right so even smaller changes here you can be able to [00:55:01.18] [00:55:01.18] detect it because you are monitoring the process [00:55:06.18] [00:55:07.15] and yeah yeah decision you can actually do the other attacks o'clock I'm not [00:55:13.16] [00:55:13.16] going to go through it because of the time but essentially all of these what [00:55:17.17] [00:55:17.17] they do is try to execute or do something other than actually to give [00:55:22.21] [00:55:22.21] you the original text and computation and all of these crates and different [00:55:26.20] [00:55:26.20] signatures that we would expect and then you can actually able to take all of [00:55:30.17] [00:55:30.17] those and then also if you compare this with the state of the art you can see [00:55:37.04] [00:55:37.04] that we can actually inspect only relying on the time you're relying on [00:55:42.01] [00:55:42.01] the same in the signature during that cessation so this gives us a much more [00:55:47.07] [00:55:47.07] smaller granularity so we can actually detect much more smaller attack with [00:55:51.23] [00:55:51.23] much more higher actors so we also did a lot of sensitivity analysis on for [00:55:58.04] [00:55:58.04] example what if we change the platform or what if we use a more complex if I [00:56:02.21] [00:56:02.21] said what sort of the impact of environmental variation of the all those [00:56:06.18] [00:56:06.18] states so I so there are lots of different things that when you're [00:56:11.00] [00:56:11.00] working with a physical signal you need to consider so I encourage you to go and [00:56:16.18] [00:56:16.18] read the paper l if you're interested I'll talk more about that but generally [00:56:22.22] [00:56:22.22] what we did was trying to make this more robust to be able to detect and [00:56:28.17] [00:56:28.17] difference of variations so to join my time result thank you all for listening [00:56:36.21] [00:56:36.21] to my talk also wants to talk about collaborators in the in our lab and so [00:56:43.20] [00:56:43.20] the project is Maria has different parts because we have everything that we had [00:56:50.14] [00:56:50.14] of the four measurements about we did lots of security analysis [00:56:56.22] [00:56:56.22] signal processing in machine learning so there were lots of different disciplines [00:57:01.13] [00:57:01.13] that has to be used to actually double up such a framework and in summary [00:57:07.02] [00:57:07.02] actually what I try to say this talk was we can actually use analog go inside [00:57:13.14] [00:57:13.14] hello signals for security and Trust and the main idea was oh there is this [00:57:19.09] [00:57:19.09] natural correlation between the signal that you're receiving and the actual [00:57:24.16] [00:57:24.16] execution so instead of looking at this as potential bright music for for [00:57:30.23] [00:57:30.23] monitoring the system or stopping the troughs or profiling the application and [00:57:34.20] [00:57:34.20] there are multiple other things that we can actually do which I didn't mention [00:57:38.17] [00:57:38.17] but there are lots of potentials that in use [00:57:42.23] [00:58:08.01] it's also the assumption here is that all so there's a control so going back [00:58:18.15] [00:58:18.15] to the initial picture that I had so you have this centralized system right which [00:58:26.14] [00:58:26.14] controls the whole thing so essentially this is the one that all this devices so [00:58:33.09] [00:58:33.09] it's natural to assume that this survive this controller you need has the content [00:58:38.20] [00:58:38.20] of the memory of the program but you don't want to go higher than the content [00:58:43.03] [00:58:43.03] you want to for example see whether that specific application and you have [00:58:46.13] [00:58:46.13] program to the device is going to break yeah so once you send those the [00:58:52.21] [00:58:52.21] challenge we can also look at me all the outer is interior so if you look at the [00:59:02.05] [00:59:02.05] algorithm you also not only send the C but you also said that the address range [00:59:06.06] [00:59:06.06] that you want to check so you do not move you have the adversary and also us [00:59:13.09]