Date of Award
Todd R. Andel, Ph.D.
Over the last two decades, side-channel vulnerabilities have shown to be a major threat to embedded devices. Most side-channel research has developed our understanding of the vulnerabilities to cryptographic devices due to their implementation and how we can protect them. However, side-channel leakage can yield useful information about many other processes that run on the device. One promising area that has received little attention is the side-channel leakage due to the execution of assembly instructions. There has been some work in this area that has demonstrated the idea’s potential, but so far, this research has assumed the adversary has physical access to the device. In recent years, researchers have developed methods for remote side-channel attacks using power monitors implemented in reprogrammable hardware.
In this work, we test if similar power monitors are capable of disassembling code running on a general purpose processor on the same chip die as the reconfigurable hardware fabric. We train a sequence of decision tree classifiers to first predict which group an instruction belongs to, then its type, and finally, the individual instruction.
Our results demonstrate that our field-programmable gate array-based power monitors are correlated to the executed instructions and correctly classify individual instructions at about 13-15% depending on the clock rate. This is better than randomly guessing but far from being useful in practice. We also train coarse-grain models for classifying instructions based on their functional unit utilization. This approach improves the accuracy to about 20-30% depending on the clock rate and grouping used.
Baggett, Brandon R., "Remote Side-Channel Disassembly on Field-Programmable Gate Arrays" (2023). Theses and Dissertations. 169.