Power fluctuations spot malware in embedded systems

Power fluctuations in embedded systems are being tracked to detect a form of malware that uses a system’s architecture to side-step security measures.

embedded systems
Power fluctuations are monitored to mitigate against micro-architectural attacks (Image by Gerd Altmann, Pixabay)

The advance from North Carolina State University and the University of Texas at Austin detects micro-architectural attacks, a type of malware that takes over hardware and hands control of the system – and access to its data – to an outside source.

“Embedded systems are used in everything from the voice-activated virtual assistants in our homes to industrial control systems like those used in power plants,” said Aydin Aysu, co-author of a paper on the work and an assistant professor of electrical and computer engineering at NC State. “And malware that targets those systems can be used to seize control of these systems or to steal information.”

Spectre and Meltdown are high-profile examples of micro-architectural malware.

“The nature of micro-architectural attacks makes them very difficult to detect – but we have found a way to detect them,” Aysu said. “We have a good idea of what power consumption looks like when embedded systems are operating normally. By looking for anomalies in power consumption, we can tell that there is malware in a system – even if we can’t identify the malware directly.”

According to NC State, the power-monitoring solution can be incorporated into smart batteries for use with new embedded systems technologies. New “plug and play” hardware would be needed to apply the detection tool with existing embedded systems.

There is one other limitation in that the new detection technique relies on an embedded system’s power reporting. In lab testing, researchers found that – in some instances – the power monitoring detection tool could be misled if the malware modifies its activity to mimic “normal” power usage patterns.

“However, even in these instances our technique provides an advantage,” Aysu said. “We found that the effort required to mimic normal power consumption and evade detection forced malware to slow down its data transfer rate by between 86 and 97 per cent. In short, our approach can still reduce the effects of malware, even in those few instances where the malware is not detected.

“This paper demonstrates a proof of concept. We think it offers an exciting new approach for addressing a widespread security challenge.”

The paper, ‘Using Power-Anomalies to Detect Evasive Micro-Architectural Attacks in Embedded Systems,’ will be presented at the IEEE International Symposium on Hardware Oriented Security and Trust (HOST), in May 2019.