Side-channel analysis (SCA) provides an independent, non-invasive remote monitoring solution to determine the digital state of a programmable electronic device. In our work, we have conducted near-field SCA on various devices to determine how well different programs running on devices can be differentiated. We have tested devices ranging from the relatively simple Arduino Uno to the much more complex Samsung Galaxy S8. The antennas used for radio frequency (RF) collection have also varied from the self-contained ~500MHz Riscure probe to a 40mm Triarchy Loop antenna with attached amplifier. Our study implemented various collection techniques; however, all of them relied on the constraint of a trigger signal. The trigger signal was needed to initiate the data collection process and to act as a reference for sequencing the various blocks within a code execution. However, a trigger signal is not always available or even feasible to obtain from a device for remote monitoring applications. This work investigates potential methods for triggerless detection and alignment of digital code blocks on measured analog RF data. Methods for performing the detection range from boosting codes that generate easily aligned RF pulses, to correlation methods for signal alignment. The varying quality of RF data generated between the devices and the amount of noise embedded in the signals from the measurement schemes negatively impact triggerless collection. We estimate our probability of success at aligning signals to exceed 90% for the devices tested.
Side-channel analysis covers several methods for determining the state of a device without directly interacting with the device. In previous work, we collected near-field radio frequency emanations from simple programs to assess how various code operations could be differentiated at the instruction level. However, detecting operations in large blocks of instructions in more complicated programs have proven difficult due to the high dimensionality of the data. In this research, we examine methods to differentiate common operations using RF emanations. We use a series of example codes useful for Two Factor Authentication on an Arduino Mega. Some examples are coded with extra operations to simulate malware such as intentionally leaking the key, nuisance operations, or substituting a weaker hash function. After collecting RF data, approximation techniques are used to reduce the data dimensionality and identify motifs in the time series. The motifs are correlated with the operations taking place by use of a uniquely identifiable triggering mechanism. Several exemplary motifs are then used together as templates that can be used to search for a connected series of operations. These templates are compared with an RF time series of unknown operations using a minimum distance metric. We evaluate the quality of templates available from an RF data collection and examine the usefulness of templates as features for classification.
Projection-based chromotomographic spectrometers are sensors that collect both spatial and spectral information
with fairly simple optical as well as electronic hardware. Efforts to utilize them for remote sensing applications have met with obstacles primarily due to the fact that the impulse response of the imaging system as a function of wavelength must be know in order to reconstruct the spatial/spectral content of the scene under study. This paper
reports a blind deconvolution algorithm specifically designed to reconstruct the spectrum of the scene under study as
well as an estimate of the wavelength dependent atmospheric transfer function of the system. The method is tested using simulated data with realistic turbulence and noise factors in order to demonstrate its effectiveness.
In recent work, the resolution limits of two variations of chromo-tomographic hyperspectral imaging sensors were discussed.
In this paper, we examine another variation of this type of hyperspectral sensor the present a reconstruction method
using computed tomography to estimate a hyperspectral data cube and examine the limits of resolution. The resolution
analysis is then compared with a simulation to determine the validity of the calculated resolution bounds. The simulation
setup is discussed and results are presented.
We describe a simple optical system for generating atmospheric-like turbulence in the laboratory which allows for well-controlled testing of advanced adaptive-optical components and concepts. The system models a two-layer atmosphere using static phase plates and is capable of simulating a wide range of atmospheric conditions. The design of the hardware is presented along with results from the initial system modelling describing the theory of operation.