Malicious Activity Detection in Lightweight Wearable and IoT Devices Using Signal Stitching
Abstract
1. Introduction
- A methodology for time-domain signal switching to collect side channel signal information on repetitive primary activity to reduce test duration,
- A limited-bin spectral analysis technique for detecting unauthorized activity to reduce the computational burden of the detection technique,
- A self-referenced malicious activity detection technique applicable to not only sinusoidal excitation but also to repetitive patterns to remove the process and environmental variation effects,
- Evaluation of the proposed approach while running gesture recognition and Wi-Fi applications without requiring a trusted sample.
2. Threat Model
3. Related Work
4. Malicious Activity Detection
4.1. Run-Time Testing and Signal Stitching Technique
4.2. Optimized Fast Fourier Transform (FFT) Algorithm for Zero-Padded Data
| Algorithm 1: Optimized recursive fast Fourier transform for zero-padded data | 
|  | 
4.3. Proposed Detection Technique Overview
5. Experimental Evaluation
5.1. Experimental Setup
5.2. Malicious Activity
5.3. Comparisons to Existing Trojan Detection Methods
5.4. Proposed Detection Algorithm Optimization
5.5. Gesture Recognition Application
5.6. Wi-Fi Application
6. Results and Discussion
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Deb, R.; Bhat, G.; An, S.; Shill, H.; Ogras, U.Y. Trends in Technology Usage for Parkinson’s Disease Assessment: A Systematic Review. medRxiv 2021. [Google Scholar] [CrossRef]
- Karabacak, F.; Ogras, U.Y.; Ozev, S. Detection of malicious hardware components in mobile platforms. In Proceedings of the 17th International Symposium on Quality Electronic Design, ISQED 2016, Santa Clara, CA, USA, 15–16 March 2016. [Google Scholar]
- Shila, D.M.; Geng, P.; Lovett, T. I can detect you: Using intrusion checkers to resist malicious firmware attacks. In Proceedings of the 2016 IEEE Symposium on Technologies for Homeland Security (HST), Waltham, MA, USA, 10–11 May 2016; pp. 1–6. [Google Scholar]
- Hamdioui, S.; Danger, J.L.; Di Natale, G.; Smailbegovic, F.; van Battum, G.; Tehranipoor, M. Hacking and protecting IC hardware. In Proceedings of the 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 24–28 March 2014; pp. 1–7. [Google Scholar]
- Rostami, M.; Koushanfar, F.; Rajendran, J.; Karri, R. Hardware security: Threat models and metrics. In Proceedings of the 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), San Jose, CA, USA, 18–21 November 2013; pp. 819–823. [Google Scholar]
- Gupta, U.; Park, J.; Joshi, H.; Ogras, U.Y. Flexibility-Aware System-on-Polymer (SoP): Concept to Prototype. IEEE Trans. Multi-Scale Comput. Syst. 2017, 3, 36–49. [Google Scholar] [CrossRef]
- Platforms, ODROID-XU3. Available online: http://www.hardkernel.com/main/products/prdt_info.php?g_code=G140448267127 (accessed on 15 May 2016).
- Lin, L.; Burleson, W.; Paar, C. MOLES: Malicious off-chip leakage enabled by side-channels. In Proceedings of the 2009 IEEE/ACM International Conference on Computer-Aided Design-Digest of Technical Papers, San Jose, CA, USA, 2–5 November 2009; pp. 117–122. [Google Scholar]
- Shiyanovskii, Y.; Wolff, F.; Rajendran, A.; Papachristou, C.; Weyer, D.; Clay, W. Process reliability based trojans through NBTI and HCI effects. In Proceedings of the 2010 NASA/ESA Conference on Adaptive Hardware and Systems, Anaheim, CA, USA, 15–18 June 2010; pp. 215–222. [Google Scholar]
- Wolff, F.; Papachristou, C.; Bhunia, S.; Chakraborty, R.S. Towards Trojan-free trusted ICs: Problem analysis and detection scheme. In Proceedings of the 2008 Design, Automation and Test in Europe, Munich, Germany, 10–14 March 2008; pp. 1362–1365. [Google Scholar]
- Kovah, X.; Kallenberg, C. Are you giving firmware attackers a free pass? In Proceedings of the RSA Conference, San Francisco, CA, USA, 20–24 April 2015; pp. 20–24. [Google Scholar]
- Bettayeb, M.; Nasir, Q.; Talib, M.A. Firmware update attacks and security for IoT devices: Survey. In Proceedings of the ArabWIC 6th Annual International Conference Research Track, Rabat, Morocco, 7–9 March 2019; pp. 1–6. [Google Scholar]
- Antonopoulos, A.; Kapatsori, C.; Makris, Y. Hardware Trojans in Analog, Mixed-Signal, and RF ICs. In The Hardware Trojan War; Springer: Berlin/Heidelberg, Germany, 2018; pp. 101–123. [Google Scholar]
- Subramani, K.; Volanis, G.; Bidmeshki, M.M.; Antonopoulos, A.; Makris, Y. Trusted and Secure Design of Analog/RF ICs: Recent Developments. In Proceedings of the 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS), Rhodes, Greece, 1–3 July 2019; pp. 125–128. [Google Scholar]
- McGuire, M.; Ogras, U.; Ozev, S. PCB Hardware Trojans: Attack Modes and Detection Strategies. In Proceedings of the 2019 IEEE 37th VLSI Test Symposium (VTS), Monterey, CA, USA, 23–25 April 2019; pp. 1–6. [Google Scholar]
- Elshamy, M.; Di Natale, G.; Pavlidis, A.; Louërat, M.M.; Stratigopoulos, H.G. Hardware Trojan Attacks in Analog/Mixed-Signal ICs via the Test Access Mechanism. In Proceedings of the IEEE European Test Symposium, Tallinn, Estonia, 25–29 May 2020. [Google Scholar]
- Kocher, P.; Lee, R.; McGraw, G.; Raghunathan, A.; Moderator-Ravi, S. Security as a new dimension in embedded system design. In Proceedings of the 41st Annual Design Automation Conference, San Diego, CA, USA, 7–11 June 2004; pp. 753–760. [Google Scholar]
- Tehranipoor, M.; Koushanfar, F. A survey of hardware trojan taxonomy and detection. IEEE Des. Test Comput. 2010, 27, 10–25. [Google Scholar] [CrossRef]
- Xiao, K.; Forte, D.; Tehranipoor, M. A Novel Built-In Self-Authentication Technique to Prevent Inserting Hardware Trojans. Comput. Aided Des. Integr. Circuits Syst. IEEE Trans. 2014, 33, 1778–1791. [Google Scholar] [CrossRef]
- Bidmeshki, M.M.; Makris, Y. Toward automatic proof generation for information flow policies in third-party hardware IP. In Proceedings of the 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, USA, 5–7 May 2015; pp. 163–168. [Google Scholar]
- Park, J.; Rahman, F.; Vassilev, A.; Forte, D.; Tehranipoor, M. Leveraging Side-Channel Information for Disassembly and Security. ACM J. Emerg. Technol. Comput. Syst. (JETC) 2019, 16, 1–21. [Google Scholar] [CrossRef]
- Kim, L.W.; Villasenor, J.D.; Koç, C.K. A Trojan-resistant system-on-chip bus architecture. In Proceedings of the MILCOM 2009-2009 IEEE Military Communications Conference, Boston, MA, USA, 18–21 October 2009; pp. 1–6. [Google Scholar]
- Yu, Q.; Frey, J. Exploiting error control approaches for Hardware Trojans on Network-on-Chip links. In Proceedings of the 2013 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS), New York, NY, USA, 2–4 October 2013; pp. 266–271. [Google Scholar]
- Agrawal, D.; Baktir, S.; Karakoyunlu, D.; Rohatgi, P.; Sunar, B. Trojan detection using IC fingerprinting. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP ’07), Berkeley, CA, USA, 20–23 May 2007; pp. 296–310. [Google Scholar]
- Banga, M.; Hsiao, M.S. A novel sustained vector technique for the detection of hardware Trojans. In Proceedings of the 2009 22nd International Conference on VLSI Design, New Delhi, India, 5–9 January 2009; pp. 327–332. [Google Scholar]
- Cha, B.; Gupta, S.K. Trojan detection via delay measurements: A new approach to select paths and vectors to maximize effectiveness and minimize cost. In Proceedings of the 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France, 18–22 March 2013; pp. 1–4. [Google Scholar]
- Ravi, S.; Raghunathan, A.; Kocher, P.; Hattangady, S. Security in embedded systems: Design challenges. ACM Trans. Embed. Comput. Syst. (TECS) 2004, 3, 461–491. [Google Scholar] [CrossRef]
- O’Neill, M. Insecurity by Design: Today’s IoT Device Security Problem. Engineering 2016, 2, 48–49. [Google Scholar] [CrossRef]
- Keoh, S.L.; Kumar, S.S.; Tschofenig, H. Securing the internet of things: A standardization perspective. IEEE Internet Things J. 2014, 1, 265–275. [Google Scholar] [CrossRef]
- Sadeghi, A.R.; Wachsmann, C.; Waidner, M. Security and privacy challenges in industrial internet of things. In Proceedings of the 52nd Annual Design Automation Conference, San Francisco, CA, USA, 8–12 June 2015; p. 54. [Google Scholar]
- Miller, C. Battery firmware hacking. In Proceedings of the Black Hat USA, Las Vegas Nevada, NV, USA, 27 July 2011; pp. 3–4. [Google Scholar]
- Cui, A.; Costello, M.; Stolfo, S.J. When Firmware Modifications Attack: A Case Study of Embedded Exploitation. In Proceedings of the 20th Annual Network & Distributed System Security Symposium, San Diego, CA, USA, 24–27 February 2013. [Google Scholar]
- Bachy, Y.; Basse, F.; Nicomette, V.; Alata, E.; Kaâniche, M.; Courrège, J.C.; Lukjanenko, P. Smart-TV security analysis: Practical experiments. In Proceedings of the 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, Brazil, 22–25 June 2015; pp. 497–504. [Google Scholar]
- Bletsch, T.; Jiang, X.; Freeh, V.W.; Liang, Z. Jump-oriented programming: A new class of code-reuse attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, 22–24 March 2011; pp. 30–40. [Google Scholar]
- Rieck, J. Attacks on Fitness Trackers Revisited: A Case-Study of Unfit Firmware Security. arXiv 2016, arXiv:1604.03313. [Google Scholar]
- Konstantinou, C.; Maniatakos, M. Impact of firmware modification attacks on power systems field devices. In Proceedings of the 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm), Miami, FL, USA, 2–5 November 2015; pp. 283–288. [Google Scholar]
- McLaughlin, S.; Konstantinou, C.; Wang, X.; Davi, L.; Sadeghi, A.R.; Maniatakos, M.; Karri, R. The Cybersecurity Landscape in Industrial Control Systems. Proc. IEEE 2016, 104, 1039–1057. [Google Scholar] [CrossRef]
- Alam, M.; Sinha, S.; Bhattacharya, S.; Dutta, S.; Mukhopadhyay, D.; Chattopadhyay, A. Rapper: Ransomware prevention via performance counters. arXiv 2020, arXiv:2004.01712. [Google Scholar]
- Wang, X.; Konstantinou, C.; Maniatakos, M.; Karri, R. ConFirm: Detecting firmware modifications in embedded systems using hardware performance counters. In Proceedings of the 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Austin, TX, USA, 2–6 November 2015; pp. 544–551. [Google Scholar]
- Duflot, L.; Perez, Y.A. Can You Still Trust Your Network Card. In Proceedings of the CanSecWest, Vancouver, BC, Canada, 24–26 March 2010; pp. 24–26. [Google Scholar]
- Duflot, L.; Perez, Y.A.; Morin, B. What if you can’t trust your network card? In Proceedings of the International Workshop on Recent Advances in Intrusion Detection, Menlo Park, CA, USA, 20–21 September 2011; pp. 378–397. [Google Scholar]
- Jayakumar, H.; Lee, K.; Lee, W.S.; Raha, A.; Kim, Y.; Raghunathan, V. Powering the Internet of Things. In Proceedings of the 2014 IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED), La Jolla, CA, USA, 11–13 August 2014; pp. 375–380. [Google Scholar] [CrossRef]
- Cheng, Z.; Li, P.; Wang, J.; Guo, S. Just-in-Time Code Offloading for Wearable Computing. IEEE Trans. Emerg. Top. Comput. 2015, 3, 74–83. [Google Scholar] [CrossRef]
- Leabman, M.A.; Brewer, G.S. Battery Life of Portable Electronic Devices. U.S. Patent 14/586,062, 19 June 2018. [Google Scholar]
- Narasimhan, S.; Wang, X.; Du, D.; Chakraborty, R.S.; Bhunia, S. TeSR: A robust temporal self-referencing approach for hardware trojan detection. In Proceedings of the 2011 IEEE International Symposium on Hardware-Oriented Security and Trust, San Diego, CA, USA, 5–6 June 2011; pp. 71–74. [Google Scholar]
- Hu, K.; Nowroz, A.N.; Reda, S.; Koushanfar, F. High-sensitivity hardware trojan detection using multimodal characterization. In Proceedings of the 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France, 18–22 March 2013; pp. 1271–1276. [Google Scholar]
- Karabacak, F.; Ogras, U.; Ozev, S. Remote detection of unauthorized activity via spectral analysis. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 2018, 23, 1–21. [Google Scholar] [CrossRef]
- Karabacak, F.; Ogras, U.; Ozev, S. Remote detection of unauthorized activity via spectral analysis: Work-in-progress. In Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis Companion, Seoul, Korea, 15–20 October 2017; pp. 1–2. [Google Scholar]
- Bhat, G.; Park, J.; Ogras, U.Y. Near optimal energy allocation for self-powered wearable systems. In Proceedings of the 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Irvine, CA, USA, 13–16 November 2017. [Google Scholar]
- Bhunia, S.; Tehranipoor, M. Chapter 16-System Level Attacks & Countermeasures. In Hardware Security; Morgan Kaufmann: Burlington, MA, USA, 2019; pp. 419–448. [Google Scholar] [CrossRef]
- Jin, Y.; Makris, Y. Hardware Trojans in Wireless Cryptographic ICs. IEEE Des. Test Comput. 2010, 27, 26–35. [Google Scholar] [CrossRef]
- Park, J.; Bhat, G.; Geyik, C.S.; Ogras, U.Y.; Lee, H.G. Energy-Optimal Gesture Recognition using Self-Powered Wearable Devices. In Proceedings of the 2018 IEEE Biomedical Circuits and Systems Conference (BioCAS), Cleveland, OH, USA, 17–19 October 2018; pp. 1–4. [Google Scholar]
- Solutions, M. Power Monitor. 2019. Available online: http://www.msoon.com/LabEquipment (accessed on 18 June 2019).













| Trojan Type | Activity Duration (~ms) | Trojan/Total Energy (%) | 
|---|---|---|
| Type I | 5 | 1 | 
| Type II | 10 | 2 | 
| Type III | 15 | 3 | 
| Type IV | 30 | 6 | 
| Test Mode | Signal Stitching | Min Monitoring Time (s) | Computation Time (s) | FFT | 
|---|---|---|---|---|
| Mode 1 | No | 20 | 60 | Regular | 
| Mode 2 | Yes | 0.8 | 60 | Regular | 
| Mode 3 | Yes | 0.8 | 14 | Optimized | 
| 0.5 % Threshold | w/Trojan (%) | w/outTrojan (%) | False (%) | |||||
|---|---|---|---|---|---|---|---|---|
| Max | Min | Ave | Max | Min | Ave | Pos. | Neg. | |
| DS1 | 54.42 | 36.97 | 46.99 | 0.21 | 0.0 | 0.12 | 0.0 | 0.0 | 
| DS2 | 45.87 | 39.25 | 42.32 | 0.12 | 0.09 | 0.10 | 0.0 | 0.0 | 
| DS3 | 58.38 | 38.62 | 49.23 | 0.38 | 0.0 | 0.09 | 0.0 | 0.0 | 
| DS4 | 49.48 | 37.17 | 42.85 | 0.95 | 0.0 | 0.17 | 0.0 | 0.0 | 
| DS5 | 47.50 | 38.36 | 43.37 | 0.21 | 0.0 | 0.11 | 0.0 | 0.0 | 
| Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. | 
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Karabacak, F.; Ogras, U.; Ozev, S. Malicious Activity Detection in Lightweight Wearable and IoT Devices Using Signal Stitching. Sensors 2021, 21, 3408. https://doi.org/10.3390/s21103408
Karabacak F, Ogras U, Ozev S. Malicious Activity Detection in Lightweight Wearable and IoT Devices Using Signal Stitching. Sensors. 2021; 21(10):3408. https://doi.org/10.3390/s21103408
Chicago/Turabian StyleKarabacak, Fatih, Umit Ogras, and Sule Ozev. 2021. "Malicious Activity Detection in Lightweight Wearable and IoT Devices Using Signal Stitching" Sensors 21, no. 10: 3408. https://doi.org/10.3390/s21103408
APA StyleKarabacak, F., Ogras, U., & Ozev, S. (2021). Malicious Activity Detection in Lightweight Wearable and IoT Devices Using Signal Stitching. Sensors, 21(10), 3408. https://doi.org/10.3390/s21103408
 
        

 
       