NSF Award
1143129
This Small Business Innovation Research (SBIR) Phase I project aims to demonstrate the technical and<br/>commercial feasibility of a novel approach called Power Fingerprinting (PFP) for integrity assessment<br/>and intrusion detection in critical embedded and wireless systems based on side-channel analysis by an<br/>external monitor. Such integrity assessment approach is fundamental for protecting critical<br/>systems from cyber attacks in government agencies, financial institutions, military command,<br/>and industrial control. PFP treats cyber security as a signal detection and classification problem and<br/>introduces tangible quantitative metrics for security and trust. Phase I objectives include: (1) demonstrate<br/>the feasibility of characterizing kernel modules and core applications for embedded systems; 2) extract<br/>behavioral signatures to improve performance; 3) develop techniques to compensate for variations in<br/>power consumption due to manufacturing and environmental variations; and 4) create a general<br/>architecture for the application of PFP. The research will be performed using Angstrom Linux on a<br/>Beagleboard embedded platform, from which PFP signatures will be extracted and used to detect<br/>malicious intrusions in blind tests. The expected result is to achieve over 95% accuracy in detecting<br/>execution anomalies during blind tests and provide a baseline to develop a commercial PFP monitor<br/>prototype in Phase II.<br/><br/>The broader impact/commercial potential of this project includes the development of an innovative<br/>mechanism for early detection of cyber attacks to critical infrastructure from well-funded adversaries.<br/>Such attacks, if not promptly discovered, that can steal state secrets and intellectual property with<br/>devastating consequences to national security. PFP brings a new perspective to cyber security treating it<br/>as a signal detection and classification problem and introducing tangible quantitative metrics for integrity<br/>and trust. PFP addresses a growing need to secure critical embedded systems. PFP is very difficult to<br/>evade, adds little overhead in the processor being monitored, and is effective against zero-day attacks. In<br/>comparison, traditional cyber security monitoring approaches are susceptible to evasion and ineffective<br/>against new attacks because they depend on known malware signatures. These features make PFP capable<br/>of detecting sophisticated covert attacks and rootkits, such as the recent Stuxnet worm. PFP has dual<br/>application in the commercial and government markets, particularly for resource-constrained and<br/>embedded platforms, including smart phones, smart grid, critical industrial control, and tactical<br/>communication devices. PFP has the potential to become a fundamental player in cyber-security by<br/>protecting the nation?s infrastructure and promoting further development of the economic base and<br/>employment.
