Title:  Securing Cyber-physical Systems by Improving snd Optimizing Measurement of the Electromagnetic Backscattering Side-channel

Committee: 

Dr. Zajic, Advisor

Dr. Prvulovic, Co-Advisor       

Dr. Peterson, Chair

Dr. Durgin

Abstract: The objective of the proposed research is to present side-channel analysis methods, tools, and techniques with the capabilities to meet the growing threat of malicious hardware alterations made to integrated circuitry. Using the electromagnetic, acoustic, thermal, power, and timing side-channels, researchers have demonstrated a number of hardware characterization schemes with various applications including device fingerprinting and Hardware Trojan (HT) detection. HTs are malicious hardware alterations to digital devices and can come in many forms including the addition or removal of circuitry, the thinning or thickening of traces, or even the alteration of dopant levels within transistors. HT detection in particular greatly benefits from the use of side-channels because many HTs are initially in a dormant state where they are virtually undetectable, only interacting with the larger system to listen for a trigger signal of some kind.  he trigger circuitry is often much smaller than the actual attack payload circuitry and can be extremely small relative to the entire circuit design. Traditionally, the only way to be completely confident that a device was un-altered required a level of investigation that essentially destroyed the device, or left it in an inoperable state. Side-channel research however provides a number of non-destructive methods, in particular the Electromagnetic (EM) backscattering side-channel, with the ability to detect the presence of a HT within a device, even if the HT is in a dormant state. Our research proposes a systematic development of hardware and software tools designed to improve the collection, analysis, monitoring, and ultimately, decision making based on circuit activity harmonics of the EM backscattering side-channel. Specifically, the first objective of our proposed work is to enable circuit activity harmonics measured with the EM backscattering side channel to be compared with circuit activity simulations, eliminating the need for golden reference measurements. The second proposed objective is twofold: first we will analyze and improve upon existing near-field probe designs used to capture the EM backscattering side-channel, developing a novel probe with improved directivity and H-Field sensitivity. Second, we will analyze and improve upon our measurement capture methodology by creating a circuit agnostic pre-filtering tool to optimally reduce our  measurement space. Finally, our third aim recognizes that no detection method can provide 100% confidence, and therefore critical systems will require real-time monitoring of multiple side-channels to detect if there is hardware activity that does not align with software instructions, indicating the presence of a HT.