Two's Complement: Monitoring Software Control Flow using Both Power and Electromagnetic Side Channels
Authors: Michael Amar , Lojenaa Navanesan , Asanka P. Sayakkara , Yossi Oren
Appeared in: 27th Euromicro Conference on Digital System Design, 2024
Abstract
Embedded devices leak information about their inner activity through power and EM side channels. A defender who measures this leakage can thus use it to monitor the device and ensure its control-flow integrity. Previous works have investigated the use of power and EM side channels for control-flow monitoring, but they have only used a single side channel at a time. In this paper, we propose an approach that integrates both power and EM side channels to detect deviations from the device’s normal behavior. Our model takes inspiration from multimodal machine learning used in image and speech recognition, and uses an intermediate integration design which passes multiple input modalities in parallel through a single self-attention transformer network. We evaluate our model on an off-the-shelf device at multiple noise levels, and show that it outperforms models that use only a single channel as input. In particular, we show how the multimodal approach can improve trace classification and anomaly detection accuracies by up to 18% and 11%, respectively, compared to power/EM-only approaches. Additionally, we show that our approach is superior over the early and late integration approaches currently used in multimodal side channel analysis work. We release our machine-learning architecture, including trained models based on real-world data, as an open-source repository. Our work highlights how advances in the wider field of machine learning can be used to improve the security of embedded systems.
Draft version
Artifact Repository