Attestation is a strong tool to verify the integrity of an untrusted system. However, in recent years, different attacks have appeared that are able to mislead the attestation process with treacherous practices as memory copy, proxy, and rootkit attacks, just to name a few. A successful attack leads to systems that are considered trusted by a verifier system, while the prover has bypassed the challenge. To mitigate these attacks against attestation methods and protocols, some proposals have considered the use of side-channel information that can be measured externally, as it is the case of electromagnetic (EM) emanation. Nonetheless, these methods require the physical proximity of an external setup to capture the EM radiation. In this paper, we present the possibility of performing attestation by using the side-channel information captured by a sensor or peripheral that lives in the same System-on-Chip (SoC) than the processor system (PS) which executes the operation that we aim to attest, by only sharing the Power Distribution Network (PDN). In our case, an analog-to-digital converter (ADC) that captures the voltage fluctuations at its input terminal while a certain operation is taking place is suitable to characterize itself and to distinguish it from other binaries. The resultant power traces are enough to clearly identify a given operation without the requirement of physical proximity.
翻译:然而,近年来,不同的攻击似乎能够误导验证过程,其方法包括记忆复制、代理和根基特攻击等背信弃义的做法。成功的攻击导致一种被验证系统信任的系统,而验证者却绕过了挑战。为了减轻这些针对证明方法和协议的攻击,一些提案考虑使用可以外部测量的侧道信息,例如电磁(EM)电子manation。然而,这些方法要求外部装置实际接近外部装置,以捕捉EM辐射。在本文件中,我们提出有可能通过使用一个传感器或外围所捕捉的侧道信息进行验证,该传感器或外围人生活在同一个系统上(SoC)而不是处理系统(PS)执行我们想要证明的操作,仅分享电力分配网络(PDN)。就我们而言,一个模拟数字转换器(ADC)需要从外部装置实际靠近外部装置,以捕捉到电磁辐射辐射。在不使用电流和电流运行结果的同时,在特定位置上明确测量电流和电流流的运行结果,而在特定位置上明确辨别电流的运行结果。