Skip to main content
SpringerLink
Log in

Detecting Similar Code Segments Through Side Channel Leakage in Microcontrollers

  • Conference paper
  • First Online:
Information Security and Cryptology – ICISC 2017 (ICISC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10779))

Included in the following conference series:

Abstract

We present new methods for detecting plagiarized code segments using side-channel leakage of microcontrollers. Our approach uses the dependency of side-channel leakage on processed data and requires that the implementation under test accepts varying known input data. Detection tools are built upon a similarity matrix that contains the absolute correlation coefficient for each combination of time samples of the two possibly different implementations as result of side channel measurements. These methods are evaluated on smartcards with ATMega163 microcontroller using different test applications written in assembly language. We show that our methods are highly robust even against a skilled adversary who modifies the original assembly code in various ways. Our approach is non-intrusive, so that the application does not need to be additionally watermarked in order to be protected—the resulting pattern of data leakage of the microcontroller executing the code is considered as its own watermark.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Becker, G.T., Burleson, W., Paar, C.: Side-channel watermarks for embedded software. In: 9th IEEE NEWCAS Conference (NEWCAS 2011) (2011)

    Google Scholar 

  2. Becker, G., Strobel, D., Paar, C., Burleson, W.: Detecting software theft in embedded systems: a side-channel approach. IEEE Trans. Inf. Forensics Secur. 7(4), 1144–1154 (2012)

    Article  Google Scholar 

  3. Strobel, D., Bache, F., Oswald, D., Schellenberg, F., Paar, C.: SCANDALee: a side-ChANnel-based DisAssembLer using local electromagnetic emanations. In: Design, Automation, and Test in Europe (DATE), 9–13 March 2015 (2015)

    Google Scholar 

  4. Durvaux, F., Gérard, B., Kerckhof, S., Koeune, F., Standaert, F.-X.: Intellectual property protection for integrated systems using soft physical hash functions. In: Lee, D.H., Yung, M. (eds.) WISA 2012. LNCS, vol. 7690, pp. 208–225. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35416-8_15

    Chapter  Google Scholar 

  5. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Google Scholar 

  6. Kerckhof, S., Durvaux, F., Standaert, F.-X., Gerard, B.: Intellectual property protection for FPGA designs with soft physical hash functions: first experimental results. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 7–12, June 2013

    Google Scholar 

  7. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks Revealing the Secrets of Smart Cards. Springer, New York (2007). https://doi.org/10.1007/978-0-387-38162-6

    MATH  Google Scholar 

  8. Atmel: ATmega163(L) Datasheet (revision E), February 2003

    Google Scholar 

  9. Atmel: Atmel AVR 8-bit Instruction Set Manual (revision 0856J), July 2014

    Google Scholar 

  10. Otte, D.: Avr-crypto-lib. https://www.das-labor.org/wiki/AVR-Crypto-Lib/en. Accessed Sept 2017

  11. Poettering, B.: AVRAES: the AES block cipher on AVR controllers. http://point-at-infinity.org/avraes/. Accessed Sept 2017

  12. Couroussé, D., Barry, T., Robisson, B., Jaillon, P., Potin, O., Lanet, J.-L.: Runtime code polymorphism as a protection against side channel attacks. In: Foresti, S., Lopez, J. (eds.) WISTP 2016. LNCS, vol. 9895, pp. 136–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45931-8_9

    Chapter  Google Scholar 

Download references

Acknowledgement

This work has been supported in parts by the German Federal Ministry of Education and Research (BMBF) through the project DePlagEmSoft, FKZ 03FH015I3.

Author information

Authors and Affiliations

  1. Bonn-Rhein-Sieg University of Applied Sciences, Sankt Augustin, Germany

    Peter Samarin & Kerstin Lemke-Rust

  2. Ruhr-Universität Bochum, Bochum, Germany

    Peter Samarin

Authors
  1. Peter Samarin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kerstin Lemke-Rust
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Peter Samarin or Kerstin Lemke-Rust .

Editor information

Editors and Affiliations

  1. Pusan National University, Busan, Korea (Republic of)

    Howon Kim

  2. Kookmin University, Seoul, Korea (Republic of)

    Dong-Chan Kim

6 Appendix

6 Appendix

Fig. 7.
figure 7

Maximum projection of Furious onto all other AES implementations.

Full size image
Fig. 8.
figure 8

Assembly macros used to insert dummy smart instructions. Macros 1, 2, 3 change the content of a chosen register in one clock cycle, and change it back in the next one. Macro 8 is used to remove Hamming-distance leakage between consecutive SRAM reads or writes by performing a dummy read in the SRAM at some constant address. Macro 5 is used before some of the sbox lookups in the flash memory. Macro 6 is applied to an unused register and leaks data from preceding operations that have use the ALU (arithmetic-logic unit). Macro 4 loads a random constant value chosen at compile time into a register and restores the register right after that. Macro 7 uses XORs on three selected registers and immediately restores them to their respective original values.

Full size image
Fig. 9.
figure 9

Maximum projection of genuine Furious onto all modified AES implementations.

Full size image
Fig. 10.
figure 10

Similarity matrix of Furious with itself.

Full size image
Fig. 11.
figure 11

Similarity matrix of addr and the genuine Furious AES implementations.

Full size image
Fig. 12.
figure 12

Similarity matrix of swap and the genuine Furious AES implementations.

Full size image
Fig. 13.
figure 13

Similarity matrix of addr+swap and the genuine Furious AES implementations.

Full size image
Fig. 14.
figure 14

Similarity matrix of dummy NOPs and the genuine Furious AES implementations.

Full size image
Fig. 15.
figure 15

Similarity matrix of dummy smart and the genuine Furious AES implementations.

Full size image
Fig. 16.
figure 16

Similarity matrix of dummy smart+addr+swap and the genuine Furious AES implementations.

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Samarin, P., Lemke-Rust, K. (2018). Detecting Similar Code Segments Through Side Channel Leakage in Microcontrollers. In: Kim, H., Kim, DC. (eds) Information Security and Cryptology – ICISC 2017. ICISC 2017. Lecture Notes in Computer Science(), vol 10779. Springer, Cham. https://doi.org/10.1007/978-3-319-78556-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-78556-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-78555-4

  • Online ISBN: 978-3-319-78556-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation