Global ETD Search

11	Far Field Electromagnetic Side Channel Analysis of AES Zhao, Zihao January 2020 (has links) Side-Channel Attacks (SCAs) have become a realistic threat to implementations of cryptographic algorithms. By utilizing the unintentionally leaked side-channel information during the execution of a cryptographic algorithm, it is possible to bypass the theoretical strength of the algorithm and extract its secret key. Recently, far-field electromagnetic (EM) emissions have been used in SCAs to extract keys from mixed- signal chips used in wireless communication protocols (such as Bluetooth). In such type of chips, the EM leakage is mixed with radio carrier and accidentally amplified by the antenna. Attacks exploiting such far-field EM side-channels may succeed over a much longer distance than the attacks based on near-field EM side-channels. Therefore, it is necessary to further investigate far-field EM side channels.In this thesis, we perform far-field EM side-channel attacks using two techniques: correlation and template analysis. We analyse an Arm Cortex-M4 microprocessor implementation of Advanced Encryption Standard (AES)-128 with a Bluetooth module on different distances up to 50cm. We first evaluate how the inter-chip diversity and the distance can affect the attack efficiency of template analysis. Our current results show that a template constructed using traces from one device captured at distance d can recover the secret key from 4,000 traces from the d device captured at the same distance d. However, if the distance is changed, or if traces are captured from different devices, the attack fails. This shows that it is not sufficient to build a template based on traces captured from a single device at a fixed distance. In addition, we present a pre- processing technique for allocating leakage points, which can significantly improve the attack efficiency of correlation analysis. / Side channel attacks har blivit ett realistiskt hot mot implementering av kryptografiska algoritmer. Genom att använda den oavsiktligt läckta sidokanalinformationen under exekveringen av en kryptografisk algoritm är det möjligt att kringgå algoritmens teoretiska styrka och extrahera dess hemliga nyckel. Nyligen har EM-utsläpp från fältfält använts i SCAsför att extrahera nycklar från blandade signalchips som används i trådlösa kommunikationsprotokoll (t.ex. Bluetooth). I en sådan typ av chips blandas EM-läckan med radiobäraren och förstärks av misstag av antennen. Attacker som utnyttjar sådana långtgående EM-sidokanaler kan lyckas på mycket längre avstånd än attackerna baserade på EM-sidokanaler nära fältet. Därför är det nödvändigt att ytterligare undersöka EM-sidokanalanalyser från fältet. I denna avhandling utför vi EM-sidokanalanalys med fältfält med två tekniker: korrelationsanalys och mallanalys. Vi analyserar en Arm Cortex-M4-mikroprocessorimplementering av AES med en Bluetooth-modul inbäddad på kortet på olika avstånd upp till 50 cm från den mottagande antennen. Vi utvärderar först hur mångfalden mellan chip och avståndet kan påverka attackeffektiviteten för mallanalys. Våra nuvarande resultat visar att en mall konstruerad med spår från en enhet fångad på avstånd d från den mottagande antennen kan återställa den hemliga nyckeln från 4K spår från samma enhet som fångats på samma avstånd d från den mottagande antennen. Om avståndet ändras eller om spår från en annan enhet analyseras misslyckas dock attacken. Detta visar att det inte är tillräckligt att bygga en mall baserad på spår från en enda enhet fångad på ett fast avstånd från den mottagande antennen. Dessutom presenterar vi en förbehandlingsteknik för allokering av läckagepunkter i spåren och visar att den kan förbättra attackeffektiviteten för korrelationsanalysen betydligt. Side-channel analysis far-feild electromagnetic emission AES Computer and Information Sciences Data- och informationsvetenskap
12	Testing and Verification Strategies for Enhancing Trust in Third Party IPs Banga, Mainak 17 December 2010 (has links) Globalization in semiconductor industry has surged up the trend of outsourcing component design and manufacturing process across geographical boundaries. While cost reduction and short time to market are the driving factors behind this trend, the authenticity of the final product remains a major question. Third party deliverables are solely based on mutual trust and any manufacturer with a malicious intent can fiddle with the original design to make it work otherwise than expected in certain specific situations. In case such a backfire happens, the consequences can be disastrous especially for mission critical systems such as space-explorations, defense equipments such as missiles, life saving equipments such as medical gadgets where a single failure can translate to a loss of lives or millions of dollars. Thus accompanied with outsourcing, comes the question of trustworthy design - "how to ensure that integrity of the product manufactured by a third party has not been compromised". This dissertation aims towards developing verification methodologies and implementing non-destructive testing strategies to ensure the authenticity of a third party IP. This can be accomplished at various levels in the IC product life cycle. At the design stage, special testability features can be incorporated in the circuit to enhance its overall testability thereby making the otherwise hard to test portions of the design testable at the post silicon stage. We propose two different approaches to enhance the testability of the overall circuit. The first allows improved at-speed testing for the design while the second aims to exaggerate the effect of unwanted tampering (if present) on the IC. At the verification level, techniques like sequential equivalence checking can be employed to compare the third-party IP against a genuine specification and filter out components showing any deviation from the intended behavior. At the post silicon stage power discrepancies beyond a certain threshold between two otherwise identical ICs can indicate the presence of a malicious insertion in one of them. We have addressed all of them in this dissertation and suggested techniques that can be employed at each stage. Our experiments show promising results for detecting such alterations/insertions in the original design. / Ph. D. Design for Testability Side-Channel Analysis Sequential Equivalence Checking Trojans Third party IP
13	Méthodologie et outils pour la mise en pratique des attaques par collision et attaques horizontales sur l'exponentiation modulaire / From theory to practice of collision based attacks and horizontal attacks applied on protected implementation of modular exponentiation. Diop, Ibrahima 11 April 2017 (has links) Dans cette thèse, nous étudions deux sous-familles d'attaques par canaux cachés sur l'exponentiation modulaire appelées respectivement attaques par collision et attaques horizontales. Cette étude est faite selon deux axes : leurs mises en pratique et les possibles contremesures.Dans un premier temps, nous étudions les attaques par canaux cachés sur un simulateur développé durant cette thèse. Ce simulateur permet de vérifier la bonne implémentation d'une attaque par canaux cachés avant sa mise en pratique dans un environnement réel. Dans un deuxième temps, nous étudions les attaques par collision dans un environnement réel. Pour cela, nous nous sommes intéressés à l'automatisation de la détection effective de collision. Ainsi, nous proposons un nouveau critère de détection de collision.Dans un troisième temps, nous étudions l'estimation du rapport signal à bruit d'un jeu de traces dans le contexte des attaques par canaux cachés. Ainsi, nous proposons une nouvelle façon d'estimer le rapport signal à bruit lors d'une attaque par canaux cachés. En outre, nous montrons que cette estimation du rapport signal à bruit peut être exploitéepour l'analyse des fuites d'un canal caché mais aussi pour effectuer un filtrage adaptatif ne nécessitant pas la connaissance de certains paramètres du composant analysé.Dans un quatrième temps, au travers d'une étude détaillée des principales étapes d'une attaque horizontale, nous montrons les problèmes pouvant intervenir dans la pratique et comment les résoudre. Ainsi des solutions génériques sont proposées. Nous proposons finalement de possibles contremesures aux attaques horizontales sur l'exponentiation modulaire / This thesis is focused on the study of two sub-families of side channel attacks applied on modular exponentiation called respectively, collision based attacks and horizontal (or single shot) attacks. This study is made according to two axes: their applications and the possible countermeasures.Firstly, we study side channel attacks on a simulator developed during this thesis. This simulator allows to validate the good implementation of a any side channel attack before its application in a real environment.Secondly, we study collision based attacks in a real environment. For this purpose, we study the automation of collision detection in practice. Then, we introduce a new collision detection criterion and show its practical interest. Afterwards, we study the estimation of the signal to noise ratio in the context of side channel attacks. So, we introduce a fast and accurate method for its estimation during a side channel analysis. From our method we derive pragmatic and efficient methods for the daily tasks of evaluators. Among them the analysis of the electrical activity of integrated circuit or the identification of the frequencies carrying usable information or information leakage.Finally, through a detailed description of the main stages of an horizontal attack, we propose effective and practical solutions to improve secret information extraction in real environment and on the other hand possible countermeasures against the horizontal attacks applied on modular exponentiation. Analyse par canaux cachés Attaques par collision Attaques horizontales Side channel analysis Collision based attacks Horizontal attacks
14	A Deep Learning Approach to Side-Channel Analysis of Cryptographic Hardware Ramezanpour, Keyvan 08 September 2020 (has links) With increased growth of the Internet of Things (IoT) and physical exposure of devices to adversaries, a class of physical attacks called side-channel analysis (SCA) has emerged which compromises the security of systems. While security claims of cryptographic algorithms are based on the complexity of classical cryptanalysis attacks, they exclude information leakage by implementations on hardware platforms. Recent standardization processes require assessment of hardware security against SCA. In this dissertation, we study SCA based on deep learning techniques (DL-SCA) as a universal analysis toolbox for assessing the leakage of secret information by hardware implementations. We demonstrate that DL-SCA techniques provide a trade-off between the amount of prior knowledge of a hardware implementation and the amount of measurements required to identify the secret key. A DL-SCA based on supervised learning requires a training set, including information about the details of the hardware implementation, for a successful attack. Supervised learning has been widely used in power analysis (PA) to recover the secret key with a limited size of measurements. We demonstrate a similar trend in fault injection analysis (FIA) by introducing fault intensity map analysis with a neural network key distinguisher (FIMA-NN). We use dynamic timing simulations on an ASIC implementation of AES to develop a statistical model for biased fault injection. We employ the model to train a convolutional neural network (CNN) key distinguisher that achieves a superior efficiency, nearly $10times$, compared to classical FIA techniques. When a priori knowledge of the details of hardware implementations is limited, we propose DL-SCA techniques based on unsupervised learning, called SCAUL, to extract the secret information from measurements without requiring a training set. We further demonstrate the application of reinforcement learning by introducing the SCARL attack, to estimate a proper model for the leakage of secret data in a self-supervised approach. We demonstrate the success of SCAUL and SCARL attacks using power measurements from FPGA implementations of the AES and Ascon authenticated ciphers, respectively, to recover entire 128-bit secret keys without using any prior knowledge or training data. / Doctor of Philosophy / With the growth of the Internet of Things (IoT) and mobile devices, cryptographic algorithms have become essential components of end-to-end cybersecurity. A cryptographic algorithm is a highly nonlinear mathematical function which often requires a secret key. Only the user who knows the secret key is able to interpret the output of the algorithm to find the encoded information. Standardized algorithms are usually secure against attacks in which in attacker attempts to find the secret key given a set of input data and the corresponding outputs of the algorithm. The security of algorithms is defined based on the complexity of known cryptanalysis attacks to recover the secret key. However, a device executing a cryptographic algorithm leaks information about the secret key. Several studies have shown that the behavior of a device, such as power consumption, electromagnetic radiation and the response to external stimulation provide additional information to an attacker that can be exploited to find the secret key with much less effort than cryptanalysis attacks. Hence, exposure of devices to adversaries has enabled the class of physical attacks called side-channel analysis (SCA). In SCA, an attacker attempts to find the secret key by observing the behavior of the device executing the algorithm. Recent government and industry standardization processes, which choose future cryptographic algorithms, require assessing the security of hardware implementations against SCA in addition to the algorithmic level security of the cryptographic systems. The difficulty of an SCA attack depends on the details of a hardware implementation and the form of information leakage on a particular device. The diversity of possible hardware implementations and platforms, including application specific integrated circuits (ASIC), field programmable gate arrays (FPGA) and microprocessors, has hindered the development of a unified measure of complexity in SCA attacks. In this research, we study SCA with deep learning techniques (DL-SCA) as a universal methodology to evaluate the leakage of secret information by hardware platforms. We demonstrate that DL-SCA based on supervised learning can be considered as a generalization of classical SCA techniques, and is able to find the secret information with a limited size of measurements. However, supervised learning techniques require a training set of data that includes information about the details of hardware implementation. We propose unsupervised learning techniques that are able to find the secret key even without knowledge of the details of the hardware. We further demonstrate the ability of reinforcement learning in estimating a proper model for data leakage in a self-supervised approach. We demonstrate that DL-SCA techniques are able to find the secret information even if the timing of data leakage in measurements are random. Hence, traditional countermeasures are unable to protect a hardware implementation against DL-SCA attacks. We propose a unified countermeasure to protect the hardware implementations against a wide range of SCA attacks. Autoencoder Deep learning (Machine learning) Fault Injection Analysis Power Analysis Reinforcement Learning Side-Channel Analysis Unsupervised Learning
15	Side-Channel Analysis: Countermeasures and Application to Embedded Systems Debugging Moreno, Carlos January 2013 (has links) Side-Channel Analysis plays an important role in cryptology, as it represents an important class of attacks against cryptographic implementations, especially in the context of embedded systems such as hand-held mobile devices, smart cards, RFID tags, etc. These types of attacks bypass any intrinsic mathematical security of the cryptographic algorithm or protocol by exploiting observable side-effects of the execution of the cryptographic operation that may exhibit some relationship with the internal (secret) parameters in the device. Two of the main types of side-channel attacks are timing attacks or timing analysis, where the relationship between the execution time and secret parameters is exploited; and power analysis, which exploits the relationship between power consumption and the operations being executed by a processor as well as the data that these operations work with. For power analysis, two main types have been proposed: simple power analysis (SPA) which relies on direct observation on a single measurement, and differential power analysis (DPA), which uses multiple measurements combined with statistical processing to extract information from the small variations in power consumption correlated to the data. In this thesis, we propose several countermeasures to these types of attacks, with the main themes being timing analysis and SPA. In addition to these themes, one of our contributions expands upon the ideas behind SPA to present a constructive use of these techniques in the context of embedded systems debugging. In our first contribution, we present a countermeasure against timing attacks where an optimized form of idle-wait is proposed with the goal of making the observable decryption time constant for most operations while maintaining the overhead to a minimum. We show that not only we reduce the overhead in terms of execution speed, but also the computational cost of the countermeasure, which represents a considerable advantage in the context of devices relying on battery power, where reduced computations translates into lower power consumption and thus increased battery life. This is indeed one of the important themes for all of the contributions related to countermeasures to side- channel attacks. Our second and third contributions focus on power analysis; specifically, SPA. We address the issue of straightforward implementations of binary exponentiation algorithms (or scalar multiplication, in the context of elliptic curve cryptography) making a cryptographic system vulnerable to SPA. Solutions previously proposed introduce a considerable performance penalty. We propose a new method, namely Square-and-Buffered- Multiplications (SABM), that implements an SPA-resistant binary exponentiation exhibiting optimal execution time at the cost of a small amount of storage --- O(\sqrt(\ell)), where \ell is the bit length of the exponent. The technique is optimal in the sense that it adds SPA-resistance to an underlying binary exponentiation algorithm while introducing zero computational overhead. We then present several new SPA-resistant algorithms that result from a novel way of combining the SABM method with an alternative binary exponentiation algorithm where the exponent is split in two halves for simultaneous processing, showing that by combining the two techniques, we can make use of signed-digit representations of the exponent to further improve performance while maintaining SPA-resistance. We also discuss the possibility of our method being implemented in a way that a certain level of resistance against DPA may be obtained. In a related contribution, we extend these ideas used in SPA and propose a technique to non-intrusively monitor a device and trace program execution, with the intended application of assisting in the difficult task of debugging embedded systems at deployment or production stage, when standard debugging tools or auxiliary components to facilitate debugging are no longer enabled in the device. One of the important highlights of this contribution is the fact that the system works on a standard PC, capturing the power traces through the recording input of the sound card. cryptography embedded systems embedded systems security side-channel analysis timing attacks power analysis spa-resistant implementations embedded systems debugging Electrical and Computer Engineering
16	Side Channel Analysis of a Java-based Contactless Smart Card Mateos Santillan, Edgar January 2012 (has links) Smart cards are widely used in different areas of modern life including identification, banking, and transportation cards. Some types of cards are able to store data and process information as well. A number of them can run cryptographic algorithms to enhance the security of their transactions and it is usually believed that the information and values stored in them are completely safe. However, this is generally not the case due to the threat of the side channel. Side channel analysis is the process of obtaining additional information from the internal activity of a physical device beyond that allowed by its specifications. There exist different techniques to attempt to obtain information from a cryptosystem using other ways than the normally permitted. This thesis presents a series of experiments intended to study the side channel from a particular type of smart card, known as Java Cards. This investigation uses the well known technique, Correlation Analysis, and a new type of side channel attack called fast correlation in the frequency domain to study the side channel of Java Cards. This research presents a giant magnetoresistor (GMR) probe and for the first time, this type of sensor is used to investigate the side channel. A novel setup designed for studying the side channel of smart cards is described and two metrics used to evaluate the analysis results are presented. After testing the GMR probe and methodology on electronic devices executing the Advanced Encryption Standard (AES), such as 8 bit microcontrollers and 128 bit AES implementations on FPGAs, these techniques were applied to analyse two different models of Java Cards working in the contactless mode. The results show that successful attacks on a software implementation of AES running on both models of Java Cards are possible. Side channel fast correlation in the frequency domain Correlation Analysis Java Card Giant magnetoresistance GMR EM analysis smart card Side Channel Analysis Electrical and Computer Engineering
17	Side Channel Analysis of a Java-based Contactless Smart Card Mateos Santillan, Edgar January 2012 (has links) Smart cards are widely used in different areas of modern life including identification, banking, and transportation cards. Some types of cards are able to store data and process information as well. A number of them can run cryptographic algorithms to enhance the security of their transactions and it is usually believed that the information and values stored in them are completely safe. However, this is generally not the case due to the threat of the side channel. Side channel analysis is the process of obtaining additional information from the internal activity of a physical device beyond that allowed by its specifications. There exist different techniques to attempt to obtain information from a cryptosystem using other ways than the normally permitted. This thesis presents a series of experiments intended to study the side channel from a particular type of smart card, known as Java Cards. This investigation uses the well known technique, Correlation Analysis, and a new type of side channel attack called fast correlation in the frequency domain to study the side channel of Java Cards. This research presents a giant magnetoresistor (GMR) probe and for the first time, this type of sensor is used to investigate the side channel. A novel setup designed for studying the side channel of smart cards is described and two metrics used to evaluate the analysis results are presented. After testing the GMR probe and methodology on electronic devices executing the Advanced Encryption Standard (AES), such as 8 bit microcontrollers and 128 bit AES implementations on FPGAs, these techniques were applied to analyse two different models of Java Cards working in the contactless mode. The results show that successful attacks on a software implementation of AES running on both models of Java Cards are possible. Side channel fast correlation in the frequency domain Correlation Analysis Java Card Giant magnetoresistance GMR EM analysis smart card Side Channel Analysis Electrical and Computer Engineering
18	Side-Channel Analysis: Countermeasures and Application to Embedded Systems Debugging Moreno, Carlos January 2013 (has links) Side-Channel Analysis plays an important role in cryptology, as it represents an important class of attacks against cryptographic implementations, especially in the context of embedded systems such as hand-held mobile devices, smart cards, RFID tags, etc. These types of attacks bypass any intrinsic mathematical security of the cryptographic algorithm or protocol by exploiting observable side-effects of the execution of the cryptographic operation that may exhibit some relationship with the internal (secret) parameters in the device. Two of the main types of side-channel attacks are timing attacks or timing analysis, where the relationship between the execution time and secret parameters is exploited; and power analysis, which exploits the relationship between power consumption and the operations being executed by a processor as well as the data that these operations work with. For power analysis, two main types have been proposed: simple power analysis (SPA) which relies on direct observation on a single measurement, and differential power analysis (DPA), which uses multiple measurements combined with statistical processing to extract information from the small variations in power consumption correlated to the data. In this thesis, we propose several countermeasures to these types of attacks, with the main themes being timing analysis and SPA. In addition to these themes, one of our contributions expands upon the ideas behind SPA to present a constructive use of these techniques in the context of embedded systems debugging. In our first contribution, we present a countermeasure against timing attacks where an optimized form of idle-wait is proposed with the goal of making the observable decryption time constant for most operations while maintaining the overhead to a minimum. We show that not only we reduce the overhead in terms of execution speed, but also the computational cost of the countermeasure, which represents a considerable advantage in the context of devices relying on battery power, where reduced computations translates into lower power consumption and thus increased battery life. This is indeed one of the important themes for all of the contributions related to countermeasures to side- channel attacks. Our second and third contributions focus on power analysis; specifically, SPA. We address the issue of straightforward implementations of binary exponentiation algorithms (or scalar multiplication, in the context of elliptic curve cryptography) making a cryptographic system vulnerable to SPA. Solutions previously proposed introduce a considerable performance penalty. We propose a new method, namely Square-and-Buffered- Multiplications (SABM), that implements an SPA-resistant binary exponentiation exhibiting optimal execution time at the cost of a small amount of storage --- O(\sqrt(\ell)), where \ell is the bit length of the exponent. The technique is optimal in the sense that it adds SPA-resistance to an underlying binary exponentiation algorithm while introducing zero computational overhead. We then present several new SPA-resistant algorithms that result from a novel way of combining the SABM method with an alternative binary exponentiation algorithm where the exponent is split in two halves for simultaneous processing, showing that by combining the two techniques, we can make use of signed-digit representations of the exponent to further improve performance while maintaining SPA-resistance. We also discuss the possibility of our method being implemented in a way that a certain level of resistance against DPA may be obtained. In a related contribution, we extend these ideas used in SPA and propose a technique to non-intrusively monitor a device and trace program execution, with the intended application of assisting in the difficult task of debugging embedded systems at deployment or production stage, when standard debugging tools or auxiliary components to facilitate debugging are no longer enabled in the device. One of the important highlights of this contribution is the fact that the system works on a standard PC, capturing the power traces through the recording input of the sound card. cryptography embedded systems embedded systems security side-channel analysis timing attacks power analysis spa-resistant implementations embedded systems debugging Electrical and Computer Engineering
19	Cryptographie à base de courbes elliptiques et sécurité de composants embarqués / Elliptic curve cryptography and security of embedded devices Verneuil, Pierre 13 June 2012 (has links) Les systèmes cryptographiques à base de courbes elliptiques sont aujourd'hui de plus en plus employés dans les protocoles utilisant la cryptographie à clef publique. Ceci est particulièrement vrai dans le monde de l'embarqué qui est soumis à de fortes contraintes de coût, de ressources et d'efficacité, car la cryptographie à base de courbes elliptiques permet de réduire significativement la taille des clefs utilisées par rapport aux systèmes cryptographiques précédemment employés tels que RSA (Rivest-Shamir-Adleman). Les travaux qui suivent décrivent dans un premier temps l'implantation efficace et sécurisée de la cryptographie à base de courbes elliptiques sur des composants embarqués, en particulier des cartes à puce. La sécurisation de ces implantations nécessite de prendre en compte les attaques physiques dont un composant embarqué peut être la cible. Ces attaques incluent notamment les analyses par canaux auxiliaires qui consistent à observer le comportement d'un composant pendant qu'il manipule une valeur secrète pour en déduire de l'information sur celle-ci, et les analyses par faute dans lesquelles un attaquant peut perturber un composant dans le même but.Dans la seconde partie de ce mémoire de thèse, nous étudions ces attaques et leurs implications concernant l'implantation des systèmes cryptographiques à clef publique les plus répandus. De nouvelles méthodes d'analyse et de nouvelles contre-mesures sont en particulier proposées. Une étude spécifique de certaines attaques appliquées à l'algorithme de chiffrement par bloc AES est également présentée. / Elliptic curve based cryptosystems are nowadays increasingly used in protocols involving public-key cryptography. This is particularly true in the context of embedded devices which is subject to strong cost, resources, and efficiency constraints, since elliptic curve cryptography requires significantly smaller key sizes compared to other commonly used cryptosystems such as RSA.The following study focuses in a first time on secure and efficient implementation of elliptic curve cryptography in embedded devices, especially smart cards. Designing secure implementations requires to take into account physical attacks which can target embedded devices. These attacks include in particular side-channel analysis which may infer information on a secret key manipulated by a component by monitoring how it interacts with its environment, and fault analysis in which an adversary can disturb the normal functioning of a device in the same goal.In the second part of this thesis, we study these attacks and their impact on the implementation of the most used public-key cryptosystems. In particular, we propose new analysis techniques and new countermeasures for these cryptosystems, together with specific attacks on the AES block cipher. Cryptographie Analyse par canaux auxilliaires Courbes elliptiques Rsa Multiplication scalaire Exponentiation Cryptography Side-channel analysis Elliptic curves Rsa Scalar multiplication Exponentiation
20	Detecting Unauthorized Activity in Lightweight IoT Devices January 2020 (has links) abstract: The manufacturing process for electronic systems involves many players, from chip/board design and fabrication to firmware design and installation. In today's global supply chain, any of these steps are prone to interference from rogue players, creating a security risk. Manufactured devices need to be verified to perform only their intended operations since it is not economically feasible to control the supply chain and use only trusted facilities. It is becoming increasingly necessary to trust but verify the received devices both at production and in the field. Unauthorized hardware or firmware modifications, known as Trojans, can steal information, drain the battery, or damage battery-driven embedded systems and lightweight Internet of Things (IoT) devices. Since Trojans may be triggered in the field at an unknown instance, it is essential to detect their presence at run-time. However, it isn't easy to run sophisticated detection algorithms on these devices due to limited computational power and energy, and in some cases, lack of accessibility. Since finding a trusted sample is infeasible in general, the proposed technique is based on self-referencing to remove any effect of environmental or device-to-device variations in the frequency domain. In particular, the self-referencing is achieved by exploiting the band-limited nature of Trojan activity using signal detection theory. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, the malicious activity can differentiate without using a golden reference or any knowledge of the Trojan activity attributes. The proposed technique's effectiveness is demonstrated through experiments with collecting and processing side-channel signals, such as involuntarily electromagnetic emissions and power consumption, of a wearable electronics prototype and commercial system-on-chip under a variety of practical scenarios. / Dissertation/Thesis / Doctoral Dissertation Electrical Engineering 2020 Electrical engineering Computer engineering Engineering Flexible Electronic Security Hardware/Firmware Trojan Detection IoT Security Malicious Activity Detection Side-Channel Analysis Wearable Electronic Device Security

Search results