IEEE Consumer Electronics Magazine - July 2017 - 93

Interestingly, the assembly-level program executing within
a device can be reconstructed only through power sidechannel observations. This instruction-level disassembly is
an emerging power side-channel threat.
Traditional power side-channel attacks target secret data or
keys within crypto hardware or algorithms. Instruction disassembly through power side channels is a significantly more difficult problem than side-channel data leakage for the following
reasons: 1) The problem dimensionality for disassembly is on
the order of thousands as opposed to an order of 128 or data
size for data leakage. The execution time for the statistical classifiers is a function of the dimensionality of the classification
problem. 2) Data are at rest, and hence it is not unusual for sidechannel data attacks to conduct thousands of experiments with
the same secret data. An instruction is in flight within a processor, taking only a fraction of a nanosecond. This leaves little
time for a classifier to function. The power side-channel instruction disassembly creates a new kind of digital rights management threat for software-based intellectual property. It also
threatens the privacy of user data on these devices.
On 21 October 2016, the recent Dynamic Domain Name
System (Dyn DNS) infrastructure was attacked with a distributed denial-of-service (DDoS) assault through the Mirai
botnet. As the Dyn DNS DDoS attack demonstrated, IoT
devices such as set-top digital video recorders (DVRs),
home routers, and personal surveillance cameras can be provisioned for botnet attacks. The instruction disassembly side
channel offers another way to probe a device for vulnerabili-

ties against DDoS attacks by future adversaries, even when it
is designed as a closed system. In this article, we introduce
side-channel analysis tools, instruction-level disassembly
issues, and our preliminary experiences with instruction-level
disassembly through power side channels.

ASPECTS OF POWER SIDE-CHANNEL THREATS
For many decades, CE devices were designed primarily in an
analog manner. Within the last ten years, however, the digitization of CE has caused the resulting products to inherit the digital
world's security vulnerabilities. Traditional cyberattacks will
probe for the operating system and other software weaknesses
through the network. But in the modern CE landscape, physical
side-channel attacks exist that are not mounted through the Internet interface. These attacks require physical possession of the
device, and they extract private data hosted by these devices
through side channels such as power. Such secret-data leakage
can compromise private keys embedded within a device. This, in
turn, either can violate access rights within an embedded device
(unauthorized firmware upgrades or unauthorized content
access) or, for networked devices, can enable forged identities.
The problem is exacerbated for IoT-class CE devices that
contain sensitive private information. Side-channel vulnerabilities are especially pronounced for this class of devices. The
secret-data leakage through power side channels has been studied quite extensively over the last decade [1]-[3]. An emerging
threat, however, is assembly-level disassembly solely through
power side channels [4]-[8]. Figure 1 illustrates these threats.

Profile
Key = 0: 011...101
Key = 1: 100....110
.
Key = 127:010...010
Extract Secret Data

Power Channel
GND

Statistical Classifier/
Decision:
Is Digital Sample ==
Profile?

Digital Sample:
1100.......1011

00000000
00000001
00000003
00000007
00000008
0000000C
0000000F
00000011
00000014
00000016
00000019
0000001B
0000001D
0000001F
00000022
00000025

push
mov
movzx
pop
movzx
lea
add
shl
add
shr
sub
shr
add
shr
movzx
retn

ebp
ebp, esp
ecx, [ebp+arg_0]
ebp
dx, c1
eax, [edx+edx]
eax, edx
eax, 2
eax, edx
eax, 8
c1, a1
c1, 1
a1, c1
a1, 5
eax, a1

Disassemble Instruction Code
FIGURE 1. The mobile device is under a power channel attack. The current flow through the GND terminal is correlated with secret data
or instructions within the device. The current profile is sampled at high frequency to create a digital signature of the data or instruction.
This sampled signature is matched against predetermined data-value or instruction-specific signatures. The presence of noise makes the
matching statistical rather than deterministic.

JULY 2017

^

IEEE ConsumEr
Consumer ElECtronICs
Electronics magazInE
Magazine

93
Table of Contents for the Digital Edition of IEEE Consumer Electronics Magazine - July 2017
