Hardware Intrusion Detection for Supply-Chain Threats to Critical Infrastructure Embedded System
Along with an increase in cyber security concerns for critical infrastructure applications, there is a growing concern and lack of solutions for cyber-based supply chain and device life-cycle threats. The challenge for this application space is that cost-driven engineering and market viability requires the use of commercially available off-the-shelf (COTS) components or just-in-time (JIT) manufacturing processes for sub-assemblies most of which originate from unsecured foreign facilities. In addition, many of the deployed embedded system devices are easily accessible (i.e. poor physical security) and can easily be tampered with or altered during their life-cycle such that the authentication or integrity of the devices cannot be assured. In this research I propose the foundations of a new technology that helps address these growing issues with a hardware-based intrusion detection system. This technology combines the use of an analog signal response from a resistor-capacitor circuit and machine learning techniques to not only identify the presence of a hardware Trojan on an inter-chip communication bus at 100% accuracy for the dataset of over 2000 measurements, but which also correctly distinguishes between several types of implanted Trojans at 89% accuracy. And while this research has focused on the security of inter-chip communication, it demonstrates the possibility of using low-power analog signals for device-level information assurance.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
- The following copyright notice applies to all of the above items that appear in IEEE publications: "Personal use of this material is permitted. However, permission to reprint/publish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from IEEE."
- The following copyright notice applies to all of the above items that appear in ACM publications: "© ACM, effective the year of publication shown in the bibliographic information. This file is the author’s version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in the journal or proceedings indicated in the bibliographic data for each item."
- The following copyright notice applies to all of the above items that appear in IFAC publications: "Document is being reproduced under permission of the Copyright Holder. Use or reproduction of the Document is for informational or personal use only."