Abstract
The penetration of embedded devices in networks that support critical
applications has rendered them a lucrative target for attackers and evildoers.
However, traditional protection mechanisms may not be supported due to the
memory and computational limitations of these systems. Recently, the analysis
of electromagnetic (EM) emanations has gathered the interest of the research
community. Thus, analogous protection systems have emerged as a viable solution
e.g., for providing external, non-intrusive control-flow attestation for
resource-constrained devices. Unfortunately, the majority of current work fails
to account for the implications of real-life factors, predominantly the impact
of environmental noise. In this work, we introduce a framework that integrates
singular value decomposition (SVD) along with outlier detection for discovering
malicious modifications of embedded software even under variable conditions of
noise. Our proposed framework achieves high detection accuracy i.e., above 93\%
AUC score for unknown attacks, even for extreme noise conditions i.e., -10 SNR.
To the best of our knowledge, this is the first time this realistic limiting
factor, i.e., environmental noise, is successfully addressed in the context of
EM-based anomaly detection for embedded devices.