Using photonic emission to develop electromagnetic emission models
US-2018027003-A1 · Jan 25, 2018 · US
Determining an aspect of behavior of an embedded device such as, for example, detecting unauthorized modifications of the code and/or behavior of an embedded device
US10783248B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10783248-B2 |
| Application number | US-201815874786-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 18, 2018 |
| Priority date | Jan 18, 2017 |
| Publication date | Sep 22, 2020 |
| Grant date | Sep 22, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The goal of detecting modifications, such as unauthorized modifications for example, of the code and/or behavior of an embedded device (e.g., unexpected/unauthorized remote reprogramming, re-flashing), changes to code at run-time (e.g., code injection, software parameter changes due to run-time reconfiguration commands), execution of unauthorized code, activation of hardware Trojans, and other attacks on the hardware and/or software of embedded devices (or more generally, for determining an aspect of behavior of an embedded device and/or an embedded system) is solved by (1) injecting at least one of (A) code and/or (B) inputs into the embedded system to cause the embedded system, when functioning as desired, to exhibit an identifiable baseline behavior determined from a sequence of patterns (also referred to as “fiduciary markers”) in observable side channel emissions of the embedded system; (2) measuring side channel emissions generated by the embedded system when the at least one of (A) code and/or (B) inputs is injected; (3) extracting features from the measured side channel emissions; and (4) determining the aspect of the behavior of the embedded system by analyzing the extracted features with respect to features of the baseline behavior.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for determining an aspect of behavior of an embedded system, the method comprising: a) injecting at least one of (A) code and/or (B) inputs into the embedded system to cause the embedded system, when functioning as desired, to exhibit an identifiable baseline behavior determined from a sequence of patterns in observable side channel emissions of the embedded system; b) measuring side channel emissions generated by the embedded system when the at least one of (A) code and/or (B) inputs is injected; c) extracting features from the measured side channel emissions; and d) determining the aspect of the behavior of the embedded system by analyzing the extracted features with respect to features of the baseline behavior, wherein the injected code and/or inputs are changed dynamically at run-time. 2. The computer-implemented method of claim 1 wherein the dynamic change of the injected code and/or inputs is according to an unpredictable pseudo-random pattern. 3. The computer-implemented method of claim 1 wherein the observable side channel emissions are analog emissions. 4. The computer-implemented method of claim 3 wherein the analog emissions include at least one of (a) power, (b) thermal, (c) acoustic, (d) vibration, (e) electro-magnetic, (f) visual, (g) odor, and (h) mechanical effects. 5. The computer-implemented method of claim 1 wherein the embedded system consists of at least one embedded device. 6. The computer-implemented method of claim 1 wherein the embedded system includes at least one embedded device and at least one peripheral device. 7. The computer-implemented method of claim 6 wherein the at least one peripheral device is selected from a group of devices consisting of (a) sensors, (b) actuators, (c) displays, and (d) storage devices. 8. The computer-implemented method of claim 1 wherein determining the aspect of the behavior of the embedded system by analyzing the extracted features with respect to features of the baseline behavior uses at least one of a trained machine learning classifier and statistical analysis. 9. The computer-implemented method of claim 1 wherein the embedded system includes at least one of a general purpose computer, an embedded microprocessor, or a specialized machine running code. 10. The computer-implemented method of claim 1 wherein the act of injecting at least one of (A) code and/or (B) inputs into the embedded system to cause the embedded system, when functioning as desired, to exhibit an identifiable baseline behavior determined from a sequence of patterns in observable side channel emissions of the embedded system includes injecting code in a temporal pattern designed to generate discernable event sequences. 11. The computer-implemented method of claim 1 wherein the aspect of behavior determined is whether the embedded system is functioning as desired. 12. The computer-implemented method of claim 1 wherein the aspect of behavior determined is whether code in the embedded system has been subject to an unauthorized modification. 13. The computer-implemented method of claim 1 wherein code is injected into the embedded system. 14. Apparatus for determining an aspect of behavior of an embedded system, the apparatus comprising: a) an injection module configured to inject at least one of (A) code and/or (B) inputs into the embedded system to cause the embedded system, when functioning as desired, to exhibit an identifiable baseline behavior determined from a sequence of patterns in observable side channel emissions of the embedded system; b) at least one sensor for measuring side channel emissions generated by the embedded system when the at least one of (A) code and/or (B) inputs is injected; c) a feature extraction module for extracting features from the measured side channel emissions; and d) an analyzer adapted to determine the aspect of the behavior of the embedded system by analyzing the extracted features with respect to features of the baseline behavior, wherein injection module changes the injected code and/or inputs dynamically at run-time. 15. The apparatus of claim 14 wherein the dynamic change of the injected code and/or inputs by the injection module is according to an unpredictable pseudo-random pattern. 16. The apparatus of claim 14 wherein the observable side channel emissions are analog emissions and the at least one sensor is an analog sensor. 17. The apparatus of claim 16 wherein the analog emissions include at least one of (a) power, (b) thermal, (c) acoustic, (d) vibration, (e) electro-magnetic, (f) visual, (g) odor, and (h) mechanical effects. 18. The apparatus of claim 14 wherein the embedded system consists of at least one embedded device. 19. The apparatus of claim 14 wherein the embedded system includes at least one embedded device and at least one peripheral device. 20. The apparatus of claim 19 wherein the at least one peripheral device is selected from a group of devices consisting of (a) sensors, (b) actuators, (c) displays, and (d) storage devices. 21. The apparatus of claim 14 wherein the analyzer is least one of a trained machine learning classifier and a statistical analyzer. 22. The apparatus of claim 14 wherein the embedded system includes at least one of a general purpose computer, an embedded microprocessor, or a specialized machine running code. 23. The apparatus of claim 14 wherein the aspect of behavior determined is whether the embedded system is functioning as desired. 24. The apparatus of claim 14 wherein the aspect of behavior determined is whether code in the embedded system has been subject to an unauthorized modification. 25. The apparatus of claim 14 wherein the injection module injects code into the embedded system.
Assignees
Inventors
Classifications
where the computing system is an embedded system, i.e. a combination of hardware and software dedicated to perform a certain function in mobile devices, printers, automotive or aircraft systems (testing or monitoring of control systems or parts thereof G05B23/02) · CPC title
- G06F21/566Primary
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
involving event detection and direct action · CPC title
Configuration details thereof, e.g. installation, enabling, spatial arrangement of the probes · CPC title
Monitoring arrangements for monitoring environmental properties or parameters of the computing system or of the computing system component, e.g. monitoring of power, currents, temperature, humidity, position, vibrations (thermal management in cooling arrangements of a computing system G06F1/206) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10783248B2 cover?
- The goal of detecting modifications, such as unauthorized modifications for example, of the code and/or behavior of an embedded device (e.g., unexpected/unauthorized remote reprogramming, re-flashing), changes to code at run-time (e.g., code injection, software parameter changes due to run-time reconfiguration commands), execution of unauthorized code, activation of hardware Trojans, and other …
- Who is the assignee on this patent?
- Univ New York
- What technology area does this patent fall under?
- Primary CPC classification G06F21/566. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 22 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).