Using Analog Side-Channel Signals for Malware and Hardware Trojan Detection

This talk will provide an overview of our research on understanding the relationship between the program execution, hardware implementation, and the resulting analog side channel signal. The talk will first focus on explaining how side-channels are created and how to quickly identify side-channel related signals. Then, the talk will present how to use electromagnetic (EM) emanations to externally monitor program performance (profiling) and detect anomalies (zero-day malware detection). Next, the talk will discuss our recent results where we use our insights and fine-grained EM-based execution tracking to extract individual bits of the private exponents during RSA encryption in OpenSSL, which has allowed us to completely reconstruct 2048-bit RSA private keys from the signal that corresponds to only one use (a single instance of encryption) of the key. The insights from this attack have allowed us to implement mitigation that thwarts this and similar attacks and has since been merged into OpenSSL’s source code. Finally, the talk will discuss our recent work where we construct a new side channel, which relies on backscattering of EM signals, and use it to detect hardware Trojans even when they are dormant.