Your search keyword '"Alenka Zajic"' showing total 69 results

1. Side-Channel Propagation Measurements and Modeling for Hardware Security in IoT Devices

Author

Chia-Lin Cheng, Elvan Mert Ugurlu, Baki Berkay Yilmaz, Alenka Zajic, Nader Sehatbakhsh, Seun Sangodoyin, Frank T. Werner, and Milos Prvulovic

Subjects

Hardware security module, Computer science, business.industry, Electrical engineering, 020206 networking & telecommunications, 02 engineering and technology, Signal, Gate array, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, Electrical and Electronic Engineering, Antenna (radio), Shadow mapping, business, Wireless sensor network, Leakage (electronics)

Abstract

The ubiquitous interconnectivity of electronic devices offered by Internet-of-Things (IoT) networks has been increasingly embraced in a wide range of applications. In IoT networks, threats to hardware security are often not perceived as serious, with the assumption that an attack could only be carried out at close proximity. However, in this article, we show that through electromagnetic (EM) side-channel signal leakage, operational information and program activities of IoT devices and field-programmable gate array (FPGA) modules can be garnered from approximately 200 m away in an outdoor line-of-sight (LOS) environment. We describe an extensive measurement campaign conducted to investigate the aforementioned leakage and provide propagation models that can be used to predict the power (and corresponding variation i.e., shadowing gain) of the EM side-channel signal emanation at various distances, scenarios, and environments. With a circularly polarized receiver antenna, our results show that the received power of the emanated EM side-channel (carrier) signal varies from about −61 dBm at 1 m to about −112 dBm at 200 m in the outdoor LOS environment. Furthermore, a received signal power of about −73 dBm was observed at 1 m and −88 dBm was recorded at 10 m in an indoor LOS environment. Power variation (shadowing gain) of about 3.6 and 2.0 dB was observed in the outdoor and indoor environments, respectively. This work is relevant for EM side-channel leakage countermeasure development and provides pertinent information to embedded systems and wireless network security engineers.

Published

2021

2. Leveraging EM Side-Channels for Recognizing Components on a Motherboard

Author

Frank T. Werner, Baki Berkay Yilmaz, Alenka Zajic, and Milos Prvulovic

Subjects

Ethernet, Authentication, business.industry, Motherboard, Computer science, Process (computing), 020206 networking & telecommunications, 02 engineering and technology, Integrated circuit, Condensed Matter Physics, Atomic and Molecular Physics, and Optics, law.invention, law, Component (UML), visual_art, Electronic component, 0202 electrical engineering, electronic engineering, information engineering, visual_art.visual_art_medium, Electrical and Electronic Engineering, Transceiver, business, Computer hardware

Abstract

This article proposes leveraging EM side-channels to recognize/authenticate electronic components integrated onto a motherboard. By focusing on components on a motherboard, our method provides an opportunity to authenticate devices assembled by third parties. This method identifies components based on the modulated signals emanated while they are excited in a controlled manner. When testing an unknown component, the spectrum is compared to previously recorded training signatures. To improve efficiency, the size of the spectrum is reduced by projecting it into a vector space generated from training signatures. The identity of the tested component is then determined using a k-nearest neighbors algorithm. This method successfully classified memory, processor, and Ethernet transceiver components integrated on seven types of Internet-of-Things devices. Since manufacturers commonly use the same components in multiple designs, cross-type testing of motherboards is conducted. Collecting the training signatures on one motherboard and testing components from different motherboards speeds up the process and decreases the cost. Using measurements taken while exciting the components for 1 s, our method achieves a classification accuracy greater than 96 $\%$ across all components tested. These results demonstrate that this method can recognize components based on their emanations, even if the components are integrated onto completely different motherboards.

Published

2021

3. Digital Electronics as RFID Tags: Impedance Estimation and Propagation Characterization at 26.5 GHz and 300 GHz

Author

Milos Prvulovic, Chia-Lin Cheng, Luong N. Nguyen, Seun Sangodoyin, and Alenka Zajic

Subjects

Digital electronics, Computer science, business.industry, 020208 electrical & electronic engineering, Organic Chemistry, Spice, Transistor, 020206 networking & telecommunications, 02 engineering and technology, Biochemistry, law.invention, Modulation, law, 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, Electronics, business, Electrical impedance, Electronic circuit, Communication channel

Abstract

This article presents a circuit impedance model and results of propagation characterization at 26.5 GHz and 300 GHz for a new type of RFID tag that is based on digital electronics. This RFID tag leverages the backscatter radio generated from switching of transistors inside digital circuits, which does not need antennas or RF front-end circuits thereby further reducing the device’s form factor. Moreover, the proposed RFID tag is compatible with a wide range of interrogating frequencies and can be implemented on existing electronics without additional cost. The proposed circuit impedance model explains the modulation mechanism of this new backscatter radio and provides an estimation of digital circuits’ impedance using SPICE model parameters. Based on the proposed circuit impedance model, we develop a modified modulation loss factor to estimate the modulation loss resulting from the switching activity of the digital electronics. Furthermore, propagation characterization is conducted at 26.5 GHz and 300 GHz, where the shadowing gain for the carrier power and the backscattered power is characterized as 3.93 dB and 0.96 dB at 26.5 GHz, and 1.01 dB and 0.52 dB at 300 GHz, respectively, showing that the backscatter channel can provide a more reliable link that is resistant to the constructive and destructive interference from the multipaths as compared to the carrier channel.

Published

2021

4. Near-Field Backscattering-Based Sensing for Hardware Trojan Detection

Author

Prateek Juyal, Milos Prvulovic, Sinan Adibelli, Luong N. Nguyen, and Alenka Zajic

Subjects

Physics, Coupling, Frequency band, business.industry, 020206 networking & telecommunications, Topology (electrical circuits), Near and far field, 02 engineering and technology, Signal, Signature (logic), Optics, Hardware Trojan, Logic gate, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business

Abstract

This article presents the near-field measurement setup and the sensor topology used to measure the backscattered signal from a small spot of $\sim 1$ mm on an FPGA to enable hardware Trojan (HT) detection. The novel sensor topology used in the setup contains a combination of $E$ - and $H$ -field probes with a tip diameter of 0.2 mm, which is used to excite a carrier and receive the modulated scattered signal that carries a signature of the inspected logic circuit. As a proof of concept and to develop insight, an EM-circuit co-simulation is presented to show that the received signal contains a signature of the logic circuit under test, which is imprinted on the relative power levels of the modulated scattered clock harmonics. The received modulated scattering signature was successfully used to detect the presence of an HT in the original circuit with 100% accuracy without false positives. The effects of using $E$ - and $H$ -field probes in very close proximity, such as resolution and mutual coupling, are analyzed and discussed. It is shown that there is a 12% decrease in resolution and less than 0.01 dB impact on invasiveness. The frequency band of operation for the measurement setup is 3–5 GHz. The probe combination is shown to have a spot size of ~1 mm, a coupling isolation better than 20 dB over the whole band and 30 dB for the design frequency.

Published

2020

5. Modeling of 300 GHz Chip-to-Chip Wireless Channels in Metal Enclosures

Author

Prateek Juyal, Jinbang Fu, and Alenka Zajic

Subjects

Physics, Terahertz radiation, Applied Mathematics, Acoustics, Channel sounding, 020206 networking & telecommunications, 02 engineering and technology, Chip, Computer Science Applications, Superposition principle, Hardware_INTEGRATEDCIRCUITS, 0202 electrical engineering, electronic engineering, information engineering, Path loss, Electrical and Electronic Engineering, Reference model, Communication channel, Parametric statistics

Abstract

This paper proposes a two dimensional (2-D) statistical channel model for Terahertz (THz) chip-to-chip wireless communication in desktop size metal enclosures. This model differs from traditional statistical channel models as it models both traveling and resonant waves that exist inside metal enclosures. Based on the cavity environment and the statistical properties of the channel inside the metal cavity, the geometrical model which describes propagation in resonant cavity as a superposition of LoS, single bounced (SB), double bounced (DB), and multi-bounced (MB) rays is proposed. Based on the geometrical model, a parametric reference model is proposed. Furthermore, the path loss model that captures signal strength variation in a resonant cavity is proposed. Frequency correlation functions (FCF) and power delay profiles (PDP) for different possible chip-to-chip communication scenarios are derived and compared with the measured ones. The results show a good agreement between the simulated and measured statistics.

Published

2020

6. A Comparison of Backscattering, EM, and Power Side-Channels and Their Performance in Detecting Software and Hardware Intrusions

Author

Chia-Lin Cheng, Alenka Zajic, Luong N. Nguyen, Frank T. Werner, and Milos Prvulovic

Subjects

business.industry, Computer science, Perspective (graphical), 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, 020202 computer hardware & architecture, Power (physics), Software, 0202 electrical engineering, electronic engineering, information engineering, Malware, business, computer, Computer hardware

Abstract

Side-channel analysis is a powerful tool from both an attacker’s and defender’s perspective. Understanding similarities and differences among types of side-channels is a necessary step in better utilization of side-channels. This paper addresses this problem by modeling and quantitatively comparing backscattering, electromagnetic (EM), and power side-channels and discusses the performance of these three side-channels for detecting software malware and hardware Trojans (HT). The results show that for larger changes in the signals, such as those caused by malware intrusions, all three side-channels perform similarly. However, when smaller changes need to be observed, such as those caused by HTs, the backscattering side-channel outperforms EM and power side-channels.

Published

2020

7. Characterization of Propagation Phenomena Relevant for 300 GHz Wireless Data Center Links

Author

Alenka Zajic and Chia-Lin Cheng

Subjects

Computer science, business.industry, Terahertz radiation, Acoustics, Transmitter, 020206 networking & telecommunications, 02 engineering and technology, law.invention, Non-line-of-sight propagation, law, 0202 electrical engineering, electronic engineering, information engineering, Path loss, Wireless, Electrical and Electronic Engineering, business, Waveguide, Coherence bandwidth, Multipath propagation, Communication channel, Ground plane

Abstract

This article presents details about an extensive channel measurement campaign and subsequent statistical channel models for the characterization of 300 GHz channels for wireless rack-to-rack (R2R) and blade-to-blade (B2B) communications in a data center-like environment. Measurements were conducted in various scenarios such as R2R line-of-sight (LoS), R2R obstructed-LoS (OLoS), R2R reflected-non-LoS (RNLoS), R2R obstructed-RNLoS (ORNLoS), B2B RNLoS, B2B ORNLoS, and B2B LoS scenarios. In the aforementioned scenarios, we explored the impact of transmitter (Tx)/receiver (Rx) misalignment and obstructions such as cables, metal cabinets, and mesh structures on terahertz (THz) propagation, as well as feasibility of using existing metal objects as reflectors for NLoS links. For the R2R LoS scenario, an optical lens was used to extend the Tx-Rx separation distance. This led to a waveguide effect in the channels measured thereby resulting into a path loss exponent (PLE) of 1.48 with a shadowing gain of 0.7 dB. When obstructions of cables are present, ORNLoS link outperforms OLoS link with 2.5 dB lower shadowing gain and weaker multipath. Reflector in the RNLoS link has reflection coefficients very close to 1 for all incident angles. For the B2B scenario, a dual-reflector THz transceiver rack system is proposed to enable wireless links across vertically stacked servers and allow easy maintenance and repair of servers. The measured path loss closely follows the Friis values in the LoS link and in the RNLoS link with hollow vertical ground plane. When obstructions of cables are present, the ORNLoS link experiences 5–10 dB higher path loss and on average 0.25 GHz lower coherence bandwidth than the RNLoS link. The measured statistical channel properties show that the shadowing gain caused by cable clusters follows the log-normal distribution.

Published

2020

8. Communication Model and Capacity Limits of Covert Channels Created by Software Activities

Author

Baki Berkay Yilmaz, Milos Prvulovic, Nader Sehatbakhsh, and Alenka Zajic

Subjects

021110 strategic, defence & security studies, Computer Networks and Communications, Computer science, business.industry, Real-time computing, 0211 other engineering and technologies, Covert channel, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Synchronization, Transmission (telecommunications), Key (cryptography), Wireless, Noise (video), Safety, Risk, Reliability and Quality, business, Communication channel

Abstract

It has been shown that digital and/or analog characteristics of electronic devices during executing programs can create a side-channel which an attacker can exploit to extract sensitive information such as cryptographic keys. When the attacker modifies the software application to exfiltrate sensitive information through a channel, this channel is called a covert channel . In this paper, we model this covert channel as a communication channel and derive upper and lower capacity bounds. Because the covert channels are not designed to transmit information, they are exposed not only to the errors created by the transmission, but also by varying the execution time of computer activities, and/or by insertions from other activities such as interrupts, stalls, etc. Combining all of these effects, we propose to model the covert channel as an insertion channel where the transmitted sequence is a pulse amplitude modulated signal with random pulse positions. Utilizing this model, we derive capacity bounds of the covert channel with random insertion and substitution due to the noise and jitter errors, and propose a receiver design that can correctly detect the computer-activity-created signals. To illustrate the severity of leakages, we perform experiments with high clock speed devices at some distance. Further, the theoretical derivations are compared to empirical results, and show good agreement.

Published

2020

9. Electromagnetic Side Channel Information Leakage Created by Execution of Series of Instructions in a Computer Processor

Author

Milos Prvulovic, Baki Berkay Yilmaz, and Alenka Zajic

Subjects

021110 strategic, defence & security studies, Electromagnetics, Computer engineering, Computer Networks and Communications, Computer science, Information leakage, 0211 other engineering and technologies, Code (cryptography), 02 engineering and technology, Side channel attack, Central processing unit, Safety, Risk, Reliability and Quality

Abstract

The side-channel leakage is a consequence of program execution in a computer processor, and understanding relationship between code execution and information leakage is a necessary step in estimating information leakage and its capacity limits. This paper proposes a methodology to relate program execution to electromagnetic side-channel emanations and estimates side-channel information capacity created by execution of series of instructions (e.g., a function, a procedure, or a program) in a processor. To model dependence among program instructions in a code, we propose to use Markov source model, which includes the dependencies among sequence of instructions as well as dependencies among instructions as they pass through a pipeline of the processor. The emitted electromagnetic (EM) signals during instruction executions are natural choice for the inputs into the model. To obtain the channel inputs for the proposed model, we derive a mathematical relationship between the emanated instruction signal power (ESP) and total emanated signal power while running a program. Then, we derive the leakage capacity of EM side channels created by execution of series of instructions in a processor. Finally, we provide experimental results to demonstrate that leakages could be severe and that a dedicated attacker could obtain important information.

Published

2020

10. THz Cluster-Based Modeling and Propagation Characterization in a Data Center Environment

Author

Chia-Lin Cheng, Seun Sangodoyin, and Alenka Zajic

Subjects

General Computer Science, wireless data centers, Terahertz radiation, Computer science, Cloud computing, 02 engineering and technology, Communications system, Delay spread, Non-line-of-sight propagation, 0203 mechanical engineering, Channel measurements, 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, General Materials Science, business.industry, Attenuation, General Engineering, 020206 networking & telecommunications, 020302 automobile design & engineering, channel modeling, terahertz (THz) communications, Scalability, Data center, lcsh:Electrical engineering. Electronics. Nuclear engineering, statistical channel model, business, lcsh:TK1-9971, Communication channel

Abstract

Terahertz (THz) wireless data centers can provide low-latency networks and dynamic scalability that are vital for the next-generation cloud computing infrastructure. The knowledge of THz propagation characteristics in a data center environment is essential to the development of novel THz communication systems. However, a comprehensive characterization and modeling of THz propagation channels, which includes various obstructions in a data center is not available. This paper presents results from a THz channel measurement campaign conducted in a data center environment. Various propagation scenarios such as line-of-sight (LoS) link, non-LoS (NLoS) link using existing materials in a data center to redirect the beam, and obstructed-LoS (OLoS), -NLoS (ONLoS) links with common objects in data centers (cables and server racks’ mesh doors) serving as obstruction were investigated. Propagation channel parameters such as pathloss and root-mean-squared (RMS) delay spread were analyzed in the aforementioned scenarios while cluster-based modeling was implemented for some scenarios. The proposed model for THz propagation in a data center environment was validated with the measured data. The average inter-arrival time of clusters ( $1/\Lambda $ ) and rays ( $1/\lambda $ ) are estimated as 4.4 ns and 0.24 ns, respectively. We find that local scattering objects such as server-rack frames/pillars can be used to assist the NLoS type of link, and that cooling airflow in the data center has a negligible impact on THz propagation. Power cables and mesh doors of the server racks can cause additional attenuation of about 20 dB and 6 dB, respectively. Cluster model and other characterization results provided in this work are pertinent to THz wireless system design for data center environments.

Published

2020

11. THz Channel Characterization of Chip-to-Chip Communication in Desktop Size Metal Enclosure

Author

Prateek Juyal, Alenka Zajic, and Jinbang Fu

Subjects

Physics, Terahertz radiation, Acoustics, Enclosure, 020206 networking & telecommunications, 02 engineering and technology, Chip, 0202 electrical engineering, electronic engineering, information engineering, Path loss, Electrical and Electronic Engineering, Transceiver, Coherence bandwidth, Multipath propagation, Communication channel

Abstract

This article presents characterization of terahertz (THz) wireless channel inside a desktop size metal enclosure with the consideration of several different scenarios. Measurements indicate that both traveling wave and resonating modes exist inside the metal enclosure. Measurements for line-of-sight (LoS) propagation inside the empty metal enclosure show that the path loss significantly changes as a function of the transceiver’s height. It is found that this variation is due the resonant modes, contribution to the received power. Reflected-non-LoS (RNLoS) measurements show that for the same distance, the difference between the mean path loss measured inside the metal box and in a free space is limited to 1 dB, with traveling wave dominating the channel. This indicates that reflectors can be used as wave-guiding objects in metal enclosures. Finally, obstructed-LoS (OLoS) path loss measurements with the parallel dual in-line memory modules (DIMMs) as obstructions show the constructive/destructive effect on the waves due to multipath introduced by the parallel-plate structures. Compared to the free space scenarios, multipath is introduced by the traveling wave bouncing back and forth between the transceiver sides of the cavity, which introduces stronger fluctuations in observed pathloss and reduces the coherence bandwidth of the channel.

Published

2019

12. Terahertz Near-Field Focusing Using a 3-D Printed Cassegrain Configuration for Backscattered Side-Channel Detection

Author

Prateek Juyal, Alenka Zajic, Sinan Adibelli, and Chia-Lin Cheng

Subjects

Physics, Terahertz radiation, business.industry, Antenna aperture, Cassegrain reflector, 020206 networking & telecommunications, Near and far field, 02 engineering and technology, Horn antenna, Optics, Cardinal point, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Antenna gain, Antenna (radio), business

Abstract

This paper presents the use of terahertz near-field focusing for backscatter side-channel detection. Near-field focusing is done by using a Cassegrain reflector configuration. The focuser is designed to produce the focused beam 28 cm away from the antenna aperture. The focusing is done in the near-field region by axially moving the subreflector from the focal point. It is observed that the subreflector position has to shift approximately 11 wavelengths along the axis to create the focus at the required location. The focused antenna gain is 46 dBi, while the 3 dB focus width and depth of the designed antenna is ~4 mm and 10 cm, respectively. It is found that the focal plane position is sensitive to the subreflector shifts and it is observed that 1 mm change in the subreflector position can shift the focal plane by ~2 cm. The simulations are compared with the measurement results of a fabricated prototype and good agreement is observed. The antenna is fabricated by using 3-D printing technology, which allows rapid prototyping. Finally, we have demonstrated the detection of backscatter side channel from the board placed at 28 cm away from the designed antenna. The received power level of the backscatter signal increases by 6 dB as compared to horn antenna.

Published

2019

13. Creating a Backscattering Side Channel to Enable Detection of Dormant Hardware Trojans

Author

Chia-Lin Cheng, Milos Prvulovic, Alenka Zajic, and Luong N. Nguyen

Subjects

Backscatter, Computer science, business.industry, 02 engineering and technology, Integrated circuit, Chip, Signal, 020202 computer hardware & architecture, law.invention, Hardware and Architecture, law, 0202 electrical engineering, electronic engineering, information engineering, Output impedance, Side channel attack, Electrical and Electronic Engineering, business, Electrical impedance, Software, Computer hardware

Abstract

This paper describes a new physical side channel, i.e., the backscattering side channel, created by transmitting a signal toward the integrated circuits (ICs), where the internal impedance changes caused by on-chip switching activity modulate the signal that is backscattered (reflected) from the IC. To demonstrate how this new side channel can be used to detect small changes in circuit impedances, we propose a new method for nondestructively detecting hardware Trojans (HTs) from outside the chip. We experimentally confirm, using measurements on one physical instance for training and nine other physical instances for testing, that the new side channel, when combined with an HT detection method, allows detection of a dormant HT in 100% of the HT-afflicted measurements for a number of different HTs while producing no false positives in HT-free measurements. Furthermore, additional experiments are conducted to compare the backscattering-based detection to one that uses the traditional EM-emanation-based side channel. These results show that backscattering-based detection outperforms the EM side channel, confirm that dormant HTs are much more difficult for detection than HTs that have been activated, and show how detection is affected by changing the HT’s size and physical location on the IC.

Published

2019

14. Exploiting Switching of Transistors in Digital Electronics for RFID Tag Design

Author

Alenka Zajic, Milos Prvulovic, Chia-Lin Cheng, and Luong N. Nguyen

Subjects

Digital electronics, Computer Networks and Communications, Computer science, business.industry, 020208 electrical & electronic engineering, Transistor, 020206 networking & telecommunications, 02 engineering and technology, law.invention, Application-specific integrated circuit, law, 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, business, Field-programmable gate array, Instrumentation, Frequency modulation, Electrical impedance, Leakage (electronics), Electronic circuit

Abstract

Existing analog-signal side-channels, such as EM emanations, are a consequence of current-flow changes that are dependent on activity inside electronic circuits. In this paper, we introduce a new class of side-channels that is a consequence of impedance changes in switching circuits, and we refer to it as an impedance-based side-channel . One example of such a side-channel is when digital logic activity causes incoming EM signals to be modulated as they are reflected (backscattered), at frequencies that depend on both the incoming EM signal and the circuit activity. This can cause EM interference or leakage of sensitive information, but it can also be leveraged for radio-frequency identification (RFID) tag design. In this paper, we first introduce a new class of side-channels that is a consequence of impedance differences in switching circuits, and we refer to it as an impedance-based side-channel . Then, we demonstrate that the impedance difference between transistor gates in the high-state and in the low-state changes the radar cross section and modulates the backscattered signal. Furthermore, we have investigated the possibility of implementing the proposed RFID on ASIC for signal enhancement. Finally, we propose a digital circuit that can be used as a semi-passive RFID tag. To illustrate the adaptability of the proposed RFID, we have designed a variety of RFID applications across carrier frequencies at 5.8 GHz, 17.46 GHz, and 26.5 GHz to demonstrate the flexible carrier frequency selection and bit configuration.

Published

2019

15. Design and Optimization of Nonuniform Helical Antennas With Linearly Varying Geometrical Parameters

Author

Jelena Dinkic, Antonije R. Djordjevic, Alenka Zajic, and Dragan I. Olcan

Subjects

Optimal design, Fabrication, General Computer Science, Optimization algorithm, Computer science, Axial ratio, 05 social sciences, Bandwidth (signal processing), General Engineering, Operating frequency, 050801 communication & media studies, 020206 networking & telecommunications, Analytical equations, 02 engineering and technology, Nonuniform helical antennas, Topology, 0508 media and communications, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, Helical antenna, optimization, lcsh:TK1-9971, Computer Science::Information Theory

Abstract

Nonuniform helical antennas have many degrees of freedom, which makes the search space for the optimal design very challenging. The objective of this paper is to systematically analyze nonuniform helical antennas with linearly varying geometrical parameters and to provide analytical equations that approximate the optimal design and the gain of the designed antennas. Using various optimization algorithms, we made a large database of the optimal nonuniform helical antennas with linearly varying geometrical parameters. Based on these results, we made analytical equations that approximate the optimal design and the gain of the designed antennas. These equations allow for a fast design procedure yielding all necessary parameters needed for the design and fabrication of nonuniform helical antennas that meet specified characteristics. Special attention is devoted to antenna losses. Antennas designed following the presented procedure achieve around 2.5 dB higher gain than uniform helical antennas of the same axial length, while maintaining the bandwidth and axial ratio. As a verification of the proposed design procedure, a helical antenna with the central operating frequency of 1 GHz was designed, simulated, fabricated, and measured. The comparison between measured and simulated results confirms the validity of the presented design procedure.

Published

2019

16. Near Field Modeling for THz Wireless Channel in Nettop Size Metal Enclosures

Author

Jinbang Fu, Alenka Zajic, and Prateek Juyal

Subjects

Physics, Terahertz radiation, Acoustics, Attenuation, 020208 electrical & electronic engineering, Enclosure, 020206 networking & telecommunications, Near and far field, 02 engineering and technology, Superposition principle, Horn (acoustic), 0202 electrical engineering, electronic engineering, information engineering, Path loss, Communication channel

Abstract

This paper proposes a path loss model and a geometry-based statistical model for Terahertz (THz) chip-to-chip wireless communication in nettop size metal enclosures. The proposed path loss model captures the attenuation of traveling wave and the gain of the electromagnetic horn in near-field region, also the resonant modes in the metal enclosure. The proposed geometric channel model describes the propagation of the traveling wave and the wave generated from the excited walls as a superposition of line of sight (LoS) and multi-bounced (MB) rays. Measurements for LoS propagation in near-field region have been performed in the indoor environment and in a nettop size empty metal enclosure. A good agreement between the measured and model predicted results has been observed, which proves the validity of the proposed models.

Published

2021

17. A Novel Golden-Chip-Free Clustering Technique Using Backscattering Side Channel for Hardware Trojan Detection

Author

Milos Prvulovic, Baki Berkay Yilmaz, Luong N. Nguyen, and Alenka Zajic

Subjects

021110 strategic, defence & security studies, Hardware security module, business.industry, 0211 other engineering and technologies, 02 engineering and technology, Integrated circuit design, Integrated circuit, Chip, 020202 computer hardware & architecture, law.invention, Hardware Trojan, Trojan, law, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, business, Field-programmable gate array

Abstract

Over the past few years, malicious hardware modifications, a.k.a. hardware Trojans (HT), have emerged as a major security threat because integrated circuit (IC) companies have been fabricating chips at offshore foundries due to various factors including time-to-market, cost reduction demands, and the increased complexity of ICs. Among proposed hardware Trojan detection techniques, reverse engineering appears to be the most accurate and reliable one because it works for all circuits and Trojan types without a golden example of the chip. However, because reverse engineering is an extremely expensive, time-consuming, and destructive process, it is difficult to apply this technique for a large population of ICs in a real test environment. This paper proposes a novel golden-chip-free clustering method using backscattering side-channel to divide ICs into groups of Trojan-free and Trojan-infected boards. The technique requires no golden chip or a priori knowledge of the chip circuitry, and divides a large population of ICs into clusters based on how HTs (if existed) affect their backscattered signals. This significantly reduces the size of test vectors for reverse engineering based detection techniques, thus enables deployment of reverse engineering approaches to a large population of ICs in a real testing scenario. The results are collected on 100 different FPGA boards where boards are randomly chosen to be infected or not. The results show that we can cluster the boards with 100% accuracy and demonstrate that our technique can tolerate manufacturing variations among hardware instances to cluster all the boards accurately for 9 different dormant Trojan designs on 3 different benchmark circuits from Trusthub. We have also shown that we can detect dormant Trojan designs whose trigger size has shrunk to as small as 0.19% of the original circuit with 100% accuracy as well.

Published

2020

18. Effects of Modes on THz Wireless Channels Inside Metal Enclosures

Author

Alenka Zajic, Prateek Juyal, and Jinbang Fu

Subjects

Materials science, Terahertz radiation, business.industry, Acoustics, 020208 electrical & electronic engineering, Physics::Optics, 020206 networking & telecommunications, 02 engineering and technology, Interference (wave propagation), Transverse plane, Metallic enclosure, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Path loss, business, Multipath propagation, Excitation

Abstract

This paper studies the effects of the geometrical parameters of the rectangular metallic enclosure on the THz wireless link. Three rectangular conducting cavities of different sizes are fabricated and tested to explore the feasibility for THz wireless link. The dimensions of the boxes are selected to represent the physical sizes of the computer desktops. Measurements show that the mode interference and hence multipath depend upon the transverse dimensions of the cavity. Furthermore, for the same excitation, it is shown that due to the large value of the fractional frequency changes the smaller cavity has less path loss variation and reduced multipath.

Published

2020

19. Comparison of the Optimal Uniform and Nonuniform Lossy Helical Antennas

Author

Jelena Dinkic, Dragan I. Olcan, Antonije R. Djordjevic, and Alenka Zajic

Subjects

Materials science, Operating frequency, Diamond, 020206 networking & telecommunications, 02 engineering and technology, Axial length, Lossy compression, Conductivity, engineering.material, Conductor, Computational physics, Helix, 0202 electrical engineering, electronic engineering, information engineering, engineering, Electrical conductor, Computer Science::Information Theory

Abstract

We present results for comparison of gain of the optimal uniform and nonuniform helical antennas taking into the account conductor losses. Critical conductivities are observed, for the given operating frequency and the helix axial length. Above the critical conductivity, the gain of the nonuniform helical antennas with linearly varying geometrical parameters is up to 2 dB higher than the gain of the optimal uniform antennas. However, below the critical conductivity, the difference between the gain of the nonuniform and uniform helical antennas is reduced, and the gain of those antennas becomes comparable. Data for the normalized critical conductivities are presented.

Published

2020

20. The Parameters Determination of Path Loss Model for THz Chip-to-Chip Wireless Communications

Author

Prateek Juyal, Jinbang Fu, Alenka Zajic, and Baki Berkay Yilmaz

Subjects

Mean squared error, Computer science, Terahertz radiation, business.industry, Model prediction, 020208 electrical & electronic engineering, 020206 networking & telecommunications, 02 engineering and technology, Chip, Prediction algorithms, 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, Path loss, Wireless, business, Gradient descent

Abstract

This paper presents the parameters determination of a path loss model for THz chip-to-chip wireless communication in desktop size metal enclosures. To determine the parameters, gradient decent algorithm was applied to minimize the mean square error between the model and the experimental results. Measurements were performed and the obtained results match well with the model prediction.

Published

2020

21. Investigation of Resonance Based Propagation Loss Modeling for THz Chip-to-Chip Wireless Communications

Author

Alenka Zajic, Baki Berkay Yilmaz, Prateek Juyal, and Jinbang Fu

Subjects

Physics, Terahertz radiation, business.industry, Acoustics, Attenuation, 020208 electrical & electronic engineering, 020206 networking & telecommunications, 02 engineering and technology, Chip, Signal, Radiation pattern, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Path loss, Antenna (radio), business

Abstract

This paper proposes a path loss model for THz chip-to-chip wireless communication in desktop size metal enclosures with respect to transceivers positions. This path loss model accounts for the attenuation due to the signal spreading, resonant modes inside the cavity, and the radiation pattern of the antenna. Measurements were performed in LoS and 2-D and 3-D misalignment propagation scenarios. The model prediction shows a good agreement with measured results, which proves the validness of the model.

Published

2020

22. Remote Monitoring and Propagation Modeling of EM Side-Channel Signals for IoT Device Security

Author

Chia-Lin Cheng, Baki Berkay Yilmaz, Frank T. Werner, Seun Sangodoyin, Elvan Mert Ugurlu, Nader Sehatbakhsh, Milos Prvulovic, and Alenka Zajic

Subjects

Computer science, business.industry, 020208 electrical & electronic engineering, Real-time computing, Program activities, 020206 networking & telecommunications, 02 engineering and technology, Power (physics), Sight, Non-line-of-sight propagation, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), Side channel attack, Field-programmable gate array, Internet of Things, business

Abstract

This paper presents results from an investigation into long-range detection and monitoring of Electromagnetic (EM) side-channel signals leaked from Internet-of-Things (IoT) and Field Programmable Gate Array (FPGA) devices. Our work shows that operational information and program activities of the IoT and FPGA modules can be garnered at distances excess of 25 m in an indoor Line-Of-Sight (LOS) environment, while at about 10 m in an indoor (through the wall) Non-Line-Of Sight (NLOS) scenario. We provide a propagation model that can be used to predict the received power (and corresponding variation i.e., shadowing gain) of leaked EM side-channel signals at various distances and scenarios. A standard benchmark program bitcount used in the performance evaluation of ARMbased microprocessors and a microbenchmark SAVAT running on an IoT device were detected and monitored remotely in our work.

Published

2020

23. Terahertz MIMO Fading Analysis and Doppler Modeling in a Data Center Environment

Author

Chia-Lin Cheng, Seun Sangodoyin, and Alenka Zajic

Subjects

Physics, business.industry, Terahertz radiation, Acoustics, 020208 electrical & electronic engineering, MIMO, Spectral density, 020206 networking & telecommunications, 02 engineering and technology, Delay spread, symbols.namesake, 0202 electrical engineering, electronic engineering, information engineering, symbols, Wireless, Fading, business, Doppler effect, Communication channel

Abstract

In this paper, we present results from a Terahertz (THz) channel measurement campaign in a data center environment. We analyze propagation parameters, such as pathloss, shadowing gain, and RMS delay spread. Amplitude fading statistics in a 4 × 4 Multiple-Input-Multiple-Output (MIMO) channel are also investigated. Furthermore, Doppler shift in THz bands due to the effect of cooling airflow turbulence, which causes cables (lying in the wireless propagation path) to vibrate is also measured. A two-dimensional (2-D) geometrical propagation model that includes moving scatterers (cables) is introduced. From the 2-D model, a corresponding Doppler power spectrum (DPS) is derived and validated with measured data. This work is pertinent to THz wireless systems design for a data center environment.

Published

2020

24. A New Side-Channel Vulnerability on Modern Computers by Exploiting Electromagnetic Emanations from the Power Management Unit

Author

Nader Sehatbakhsh, Alenka Zajic, Baki Berkay Yilmaz, and Milos Prvulovic

Subjects

Power management, business.product_category, business.industry, Computer science, 020208 electrical & electronic engineering, Covert channel, 02 engineering and technology, Voltage regulator module, Keystroke logging, 020202 computer hardware & architecture, Laptop, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, Power Management Unit, business, Computer hardware, Vulnerability (computing)

Abstract

This paper presents a new micro-architectural vulnerability on the power management units of modern computers which creates an electromagnetic-based side-channel. The key observations that enable us to discover this sidechannel are: 1) in an effort to manage and minimize power consumption, modern microprocessors have a number of possible operating modes (power states) in which various sub-systems of the processor are powered down, 2) for some of the transitions between power states, the processor also changes the operating mode of the voltage regulator module (VRM) that supplies power to the affected sub-system, and 3) the electromagnetic (EM) emanations from the VRM are heavily dependent on its operating mode. As a result, these state-dependent EM emanations create a side-channel which can potentially reveal sensitive information about the current state of the processor and, more importantly, the programs currently being executed. To demonstrate the feasibility of exploiting this vulnerability, we create a covert channel by utilizing the changes in the processor's power states. We show how such a covert channel can be leveraged to exfiltrate sensitive information from a secured and completely isolated (air-gapped) laptop system by placing a compact, inexpensive receiver in proximity to that system. To further show the severity of this attack, we also demonstrate how such a covert channel can be established when the target and the receiver are several meters away from each other, including scenarios where the receiver and the target are separated by a wall. Compared to the state-of-the-art, the proposed covert channel has >3x higher bit-rate. Finally, to demonstrate that this new vulnerability is not limited to being used as a covert channel, we demonstrate how it can be used for attacks such as keystroke logging.

Published

2020

25. EMSim: A Microarchitecture-Level Simulation Tool for Modeling Electromagnetic Side-Channel Signals

Author

Milos Prvulovic, Nader Sehatbakhsh, Alenka Zajic, and Baki Berkay Yilmaz

Subjects

010302 applied physics, Electromagnetics, Reduced instruction set computing, Computer science, business.industry, 02 engineering and technology, 01 natural sciences, 020202 computer hardware & architecture, Microarchitecture, Pipeline transport, Logic synthesis, Software, Computer engineering, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, Field-programmable gate array, business

Abstract

Side-channel attacks have become a serious security concern for computing systems, especially for embedded devices, where the device is often located in, or in proximity to, a public place, and yet the system contains sensitive information. To design systems that are highly resilient to such attacks, an accurate and efficient design-stage quantitative analysis of side-channel leakage is needed. For many systems properties (e.g., performance, power, etc.), cycle-accurate simulation can provide such an efficient-yet-accurate design-stage estimate. Unfortunately, for an important class of side-channels, electromagnetic emanations, such a model does not exist, and there has not even been much quantitative evidence about what level of modeling detail (e.g., hardware, microarchitecture, etc.) would be needed for high accuracy. This paper presents EMSim, an approach that enables simulation of the electromagnetic (EM) side-channel signals cycle-by-cycle using a detailed micro-architectural model of the device. To evaluate EMSim, we compare its signals against actual EM signals emanated from real hardware (FPGA-based RISC-V processor), and find that they match very closely. To gain further insights, we also experimentally identify how the accuracy of the simulation degrades when key microarchitectural features (e.g., pipeline stall, cache-miss, etc.) and other hardware behaviors (e.g., data-dependent switching activity) are omitted from the simulation model. We further evaluate how robust the simulation-based results are, by comparing them to real signals collected in different conditions (manufacturing, distance, etc.). Finally, to show the applicability of EMSim, we demonstrate how it can be used to measure side-channel leakage through simulation at design-stage.

Published

2020

26. A Method for Efficient Localization of Magnetic Field Sources Excited by Execution of Instructions in a Processor

Author

Frank T. Werner, Antonije R. Djordjevic, Milos Prvulovic, Derrick Albert Chu, Alenka Zajic, and Dragan I. Olcan

Subjects

010302 applied physics, Engineering, Optimization problem, Magnetic moment, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Condensed Matter Physics, 01 natural sciences, Atomic and Molecular Physics, and Optics, Magnetic field, Magnetic circuit, Computer Science::Hardware Architecture, Printed circuit board, Gate array, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, Electrical and Electronic Engineering, business, Field-programmable gate array, Leakage (electronics)

Abstract

This paper proposes a method for efficient identification of instruction-dependent sources on a printed circuit board (PCB) by localizing magnetic field sources from a limited number of measurements around the PCB. We first excite the processor by generating an artificial leakage signal at a specific frequency that is directly related to processor instructions. Then, we collect all three components of the magnetic field, but only at locations around the edge of the board. Furthermore, we model these magnetic field sources and then solve a forward–backward optimization problem using the model and measured data to identify the locations of the magnetic field sources, the magnitudes of the moments, and their orientations. The localization results are first verified using simulations, then tested when noise is added to the simulation results, and finally verified against measurements on field-programmable gate array (FPGA) and internet of things (IoT) development boards. The results show that the number of strong magnetic field sources on a board depends on the instructions used to excite the board. Furthermore, the results show that the proposed localization algorithm can accurately identify those sources, regardless of the frequency at which the measurements are conducted and the instruction pairs that are executed. Finally, the proposed method can significantly reduce the number of measurement points and the time needed to identify magnetic field sources on a PCB.

Published

2018

27. A Nonisovelocity Geometry-Based Underwater Acoustic Channel Model

Author

Matthias Patzold, Meisam Naderi, and Alenka Zajic

Subjects

010505 oceanography, Computer Networks and Communications, Computer science, Autocorrelation, Aerospace Engineering, 020206 networking & telecommunications, Geometry, 02 engineering and technology, 01 natural sciences, Delay spread, Automotive Engineering, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Underwater, Underwater acoustics, Power delay profile, Underwater acoustic communication, Coherence bandwidth, 0105 earth and related environmental sciences, Communication channel

Abstract

This paper proposes a new geometry-based shallow underwater acoustic (UWA) channel model allowing for nonisovelocity ocean conditions. The fact that the isovelocity assumption does not hold in many real-world scenarios motivates the need for developing channel models for nonisovelocity UWA propagation environments. Starting from a geometrical model, we develop a stochastic channel model for a single-input single-output (SISO) vehicle-to-vehicle UWA channel assuming that the ocean surface and bottom are rough and that the speed of sound varies with depth. The effect of the nonisovelocity condition has been assessed regarding its influence on the temporal autocorrelation function, the frequency correlation function (FCF), and the power delay profile of the UWA channel model. The UWA channel model has also been validated by matching its FCF as well as the therefrom derived main characteristic quantities, such as the average delay, delay spread, and coherence bandwidth against measurement data. The proposed UWA channel model is very useful for the design and performance analysis of UWA communication systems under realistic propagation conditions.

Published

2018

28. Capacity of the EM Covert/Side-Channel Created by the Execution of Instructions in a Processor

Author

Alenka Zajic, Baki Berkay Yilmaz, Robert Callan, and Milos Prvulovic

Subjects

021110 strategic, defence & security studies, Electromagnetics, Computer Networks and Communications, Computer science, business.industry, Real-time computing, 0211 other engineering and technologies, Covert channel, 020206 networking & telecommunications, 02 engineering and technology, Channel capacity, Covert, Information leakage, 0202 electrical engineering, electronic engineering, information engineering, Pairwise comparison, Side channel attack, Safety, Risk, Reliability and Quality, business, Computer hardware

Abstract

The goal of this paper is to answer how much information is “transmitted” by the execution of particular sequence of instructions in a processor. Introducing such a measure would provide quantitative guidance for designing programs and computer hardware that minimizes inadvertent (side channel) information leakage, and would also help detect parts of a program or hardware design that have unusually high leakage (i.e., were designed to function as covert channel “transmitters”). To answer this question, we propose a new method to estimate the maximum information leakage through EM signals generated by the execution of instructions in a processor. We start by deriving a mathematical relationship between electromagnetic side-channel energy of individual instructions and the measured pairwise side-channel signal power. Then, we use this measure to calculate the transition probabilities needed for estimating capacity. Finally, we propose a new method to estimate side/covert channel capacity created by the execution of instructions in a processor and illustrate our results in several computer systems.

Published

2018

29. EDDIE

Author

Milos Prvulovic, Monjur Alam, Alenka Zajic, Alireza Nazari, and Nader Sehatbakhsh

Subjects

Hardware security module, business.industry, Computer science, Real-time computing, 020206 networking & telecommunications, 02 engineering and technology, General Medicine, computer.software_genre, 020202 computer hardware & architecture, Side effect (computer science), Software, Embedded system, Code (cryptography), 0202 electrical engineering, electronic engineering, information engineering, Malware, Anomaly detection, business, computer

Abstract

This paper describes EM-Based Detection of Deviations in Program Execution (EDDIE), a new method for detecting anomalies in program execution, such as malware and other code injections, without introducing any overheads, adding any hardware support, changing any software, or using any resources on the monitored system itself. Monitoring with EDDIE involves receiving electromagnetic (EM) emanations that are emitted as a side effect of execution on the monitored system, and it relies on spikes in the EM spectrum that are produced as a result of periodic (e.g. loop) activity in the monitored execution. During training, EDDIE characterizes normal execution behavior in terms of peaks in the EM spectrum that are observed at various points in the program execution, but it does not need any characterization of the malware or other code that might later be injected. During monitoring, EDDIE identifies peaks in the observed EM spectrum, and compares these peaks to those learned during training. Since EDDIE requires no resources on the monitored machine and no changes to the monitored software, it is especially well suited for security monitoring of embedded and IoT devices. We evaluate EDDIE on a real IoT system and in a cycle-accurate simulator, and find that even relatively brief injected bursts of activity (a few milliseconds) are detected by EDDIE with high accuracy, and that it also accurately detects when even a few instructions are injected into an existing loop within the application.

Published

2017

30. A Method for Finding Frequency-Modulated and Amplitude-Modulated Electromagnetic Emanations in Computer Systems

Author

Alenka Zajic, Milos Prvulovic, Robert Callan, and Christopher J. Wang

Subjects

Computer science, 020206 networking & telecommunications, 02 engineering and technology, Condensed Matter Physics, Signal, Atomic and Molecular Physics, and Optics, Amplitude, Modulation, Information leakage, 0202 electrical engineering, electronic engineering, information engineering, Baseband, Electronic engineering, 020201 artificial intelligence & image processing, Radio frequency, Electrical and Electronic Engineering, Frequency modulation, Electronic circuit

Abstract

This paper presents an algorithm for finding carriers of frequency-modulated (FM) and amplitude-modulated (AM) electromagnetic (EM) emanations from computer systems. Computer systems create EM emanations across the RF spectrum making it difficult, error-prone, and time consuming to find the relatively few emanations that expose sensitive information. One of the most common and simplest mechanisms for information leakage occurs when an amplitude or a frequency of an existing strong signal (e.g., a processor or memory clock) is amplitude or frequency modulated by a system activity. If the system activity can be linked to sensitive information, this results in information leakage. We present an algorithm for automatically finding these AM and FM signals, demonstrate the algorithm's performance on several different types of processors and systems (desktop, laptop, and smartphone), and compare the results to an exhaustive manual search. We also verify that all signals identified by the algorithm can be traced to plausible unintentional modulation mechanisms to illustrate that these signals can potentially cause information leakage. This algorithm can be an important tool for system designers to quickly identify circuits that are leaking sensitive information.

Published

2017

31. Characterization of 300-GHz Wireless Channel on a Computer Motherboard

Author

Seunghwan Kim and Alenka Zajic

Subjects

Equalization, business.industry, Orthogonal frequency-division multiplexing, Motherboard, Computer science, Acoustics, 020208 electrical & electronic engineering, Bandwidth (signal processing), Transmitter, Electrical engineering, 020206 networking & telecommunications, 02 engineering and technology, 0202 electrical engineering, electronic engineering, information engineering, Path loss, Wireless, Fading, Electrical and Electronic Engineering, Reflection coefficient, business, Multipath propagation, Coherence bandwidth, Computer Science::Information Theory, Communication channel, Ground plane

Abstract

This paper presents characterization of 300-GHz wireless channel on a computer motherboard, where several different measurement scenarios have been considered. Results indicate that the presence of the ground plane and/or vertical parallel-plate structures in the channel introduces multipath that, if constructively superimposed, may create a path loss lower than free-space propagation path loss. In addition, it has been found that a few centimeters of vertical misalignment between the transmitter and the receiver result in a path loss greater than 5 dB. Furthermore, the results indicate that vertical components such as dual in-line memory modules with reflection coefficient close to one for all incident angles can be used to create directed non-line-of-sight (LoS) links with wide coherence bandwidth. Finally, for LoS propagation obstructed by large objects, such as a heatsink, the path-loss exponent of 1.77 is found, while the rotating fan causes periodic fading in the received power, indicating that channel equalization techniques will be needed to overcome deep fades. All these results indicate that optimal communications can be achieved by carefully positioning the antennas with respect to the motherboard layout.

Published

2016

32. Detecting Cellphone Camera Status at Distance by Exploiting Electromagnetic Emanations

Author

Alenka Zajic, Elvan Mert Ugurlu, Milos Prvulovic, and Baki Berkay Yilmaz

Subjects

Statistical classification, Electromagnetics, Dimension (vector space), Computer science, business.industry, Sliding window protocol, Supervised learning, 0202 electrical engineering, electronic engineering, information engineering, 020206 networking & telecommunications, Computer vision, 02 engineering and technology, Artificial intelligence, business

Abstract

This paper investigates unintended radiated emissions from cellphones to identify operational status of rear/front camera. We implement a supervised learning method to achieve our goal. In the training phase, we collect data for possible combinations of phone model and camera status. Then, we apply two-phase-dimension-reduction method for better and effective classification. The first dimension-reduction phase is averaging magnitudes of frequency components of a sliding window, which is followed by applying principle component analysis (PCA) technique to reduce the dimension further. In testing phase, k-Nearest-Neighbors (k-NN) algorithm is utilized to classify test data. Finally, we provide examples to show that emanated EM signals from cellphone cameras can exfiltrate useful information.

Published

2019

33. EMMA

Author

Nader Sehatbakhsh, Haider Adnan Khan, Milos Prvulovic, Alenka Zajic, and Alireza Nazari

Subjects

010302 applied physics, Hardware security module, business.industry, Computer science, 02 engineering and technology, Adversary, Trusted system, 01 natural sciences, 020202 computer hardware & architecture, Proof of concept, Robustness (computer science), Embedded system, 0103 physical sciences, Scalability, Checksum, 0202 electrical engineering, electronic engineering, information engineering, business

Abstract

Establishing trust for an execution environment is an important problem, and practical solutions for it rely on attestation, where an untrusted system (prover) computes a response to a challenge sent by the trusted system (verifier). The response typically is a checksum of the prover's program, which the verifier checks against expected values for a "clean" (trustworthy) system. The main challenge in attestation is that, in addition to checking the response, the verifier also needs to verify the integrity of the response computation. On higher-end processors, this integrity is verified cryptographically, using dedicated trusted hardware. On embedded systems, however, constraints prevent the use of such hardware support. Instead, a popular approach is to use the request-to-response time as a way to establish confidence. However, the overall request-to-response time provides only one coarse-grained measurement from which the integrity of the attestation is to be inferred, and even that is noisy because it includes the network latency and/or variations due to micro-architectural events. Thus, the attestation is vulnerable to attacks where the adversary has tampered with response computation, but the resulting additional computation time is small relative to the overall request-to-response time. In this paper, we make a key observation that execution-time measurement is only one example of using externally measurable side-channel information, and that other side-channels, some of which can provide much finer-grain information about the computation, can be used. As a proof of concept, we propose EMMA, a novel method for attestation that leverages electromagnetic side-channel signals that are emanated by the system during response computation, to confirm that the device has, upon receiving the challenge, actually computed the response using the valid program code for that computation. This new approach requires physical proximity, but imposes no overhead to the system, and provides accurate monitoring during the attestation. We implement EMMA on a popular embedded system, Arduino UNO, and evaluate our system with a wide range of attacks on attestation integrity. Our results show that EMMA can successfully detect these attacks with high accuracy. We compare our method with the existing methods and show how EMMA outperforms them in terms of security guarantees, scalability, and robustness.

Published

2019

34. Capacity of EM Side Channel Created by Instruction Executions in a Processor

Author

Milos Prvulovic, Alenka Zajic, and Baki Berkay Yilmaz

Subjects

021110 strategic, defence & security studies, Mathematical relationship, Markov chain, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Program code, Computer engineering, 0202 electrical engineering, electronic engineering, information engineering, Instruction sequence, Side channel attack, Source model, Communication channel

Abstract

This paper proposes a methodology to estimate leakage capacity of electromagnetic (EM) side channels created by execution of instruction sequences (e.g. a function, a procedure, or a program) in a processor. We propose to use Markov Source model to include the dependencies that exist in instruction sequence since each program code is written systematically to serve a specific task. The channel input sources are considered as the emitted EM signals while executing an instruction. We derive a mathematical relationship between the emanated instruction power (IP) and total emanated signal power while running a microbenchmark to obtain the channel input powers. The results demonstrate that leakages could be severe enough for a dedicated attacker to obtain some prominent information.

Published

2019

35. THz MIMO Channel Characterization for Wireless Data Center-Like Environment

Author

Chia-Lin Cheng, Seun Sangodoyin, and Alenka Zajic

Subjects

Computer science, Terahertz radiation, Wireless data, Channel sounding, 020206 networking & telecommunications, 02 engineering and technology, Signal, Delay spread, Characterization (materials science), 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, 020201 artificial intelligence & image processing, Point (geometry), Center (algebra and category theory)

Abstract

In this paper, we present the measurement setup and results obtained from a Terahertz (THz) Multiple-Input-Multiple-Output channel sounding experiment conducted in a data center-like environment. These measurements were conducted in line-of-sight and obstructed-line-of-sight scenarios with cables of varying thickness serving as an obstruction. Pathloss, shadowing gain, RMS delay spread models, and signal amplitude statistics are presented in this paper. The results provided in this paper are the starting point for a realistic performance evaluation of THz communications in wireless data center environments.

Published

2019

36. On the Surface Roughness and Smoothing in the 3D Printed THz Reflectors

Author

Prateek Juyal, Alenka Zajic, and Sinan Adibelli

Subjects

Materials science, Cassegrain antenna, business.industry, Terahertz radiation, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Near and far field, 02 engineering and technology, Surface finish, Directivity, Cardinal point, Optics, 0202 electrical engineering, electronic engineering, information engineering, Surface roughness, business, Smoothing

Abstract

This paper presents the effect of surface roughness on the performance of the 3D printed near field focused THz Cassegrain antenna configuration. It is found that the roughness affects the focal plane parameters. The nearfield directivity is reduced by ~ 3.5 dB for 60 µm rough surface, there is only a small effect on the focus spot width. A smoothing process, which reduces the conductive coating surface roughness to 4 µm, is also described. The roughness loss is less than 0.1 dB at 300GHz.

Published

2019

37. Modeling of Power Delay Profile in the Desktop Size Metal Cavity at 300 GHz

Author

Alenka Zajic, Prateek Juyal, and Jinbang Fu

Subjects

Physics, 0203 mechanical engineering, 0202 electrical engineering, electronic engineering, information engineering, 020206 networking & telecommunications, 020302 automobile design & engineering, 02 engineering and technology, Power delay profile, Reference model, GeneralLiterature_MISCELLANEOUS, Computational physics

Abstract

This paper proposes a two-dimensional (2D) geometrical propagation model for line-of-sight (LoS) communication in the desktop size metal cavity environment at 300 GHz. Based on the developed geometrical model, a parameter reference model and power delay profile (PDP) have been derived. The simulated PDPs have been compared with measured PDPs and good agreement has been observed.

Published

2019

38. Path Loss Model as a Function of Antenna Height for 300 GHz Chip-to-Chip Communications

Author

Alenka Zajic, Prateek Juyal, and Jinbang Fu

Subjects

Physics, business.industry, Terahertz radiation, Acoustics, Enclosure, 020206 networking & telecommunications, 020302 automobile design & engineering, 02 engineering and technology, Chip, 0203 mechanical engineering, Antenna height considerations, 0202 electrical engineering, electronic engineering, information engineering, Path loss, Wireless, Transceiver, business, Communication channel

Abstract

This paper presents the path loss model of Terahertz (THz) wireless channel inside a desktop size metal enclosure as a function of antenna height. Measurements for line-of-sight (LoS) propagation inside the metal box show that path loss varies with respect to the transceiver’s height from the bottom wall, and for some heights, the path loss is lower than the free space value. Analysis based on the cavity modes shows that the first eight TE modes dominate the resonating modes inside the box. Also, the path loss analysis indicates that the resonating modes combined with the reflections inside the box are responsible for the strong ripples in the path loss curve.

Published

2019

39. A Compact Probe for EM Side-Channel Attacks on Cryptographic Systems

Author

Frank T. Werner, Antonije R. Djordjevic, and Alenka Zajic

Subjects

Physics, business.industry, Electrical engineering, Measure (physics), 020206 networking & telecommunications, Cryptography, 02 engineering and technology, law.invention, Loop (topology), law, Electric field, Shielded cable, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, Center frequency, business

Abstract

A shielded loop probe designed for evaluating EM side-channels attacks on cryptographic systems is described. This probe is compact and is sensitive enough to measure extremely weak signals that usually comprise EM side-channels. Furthermore, this probe can greatly suppress the influence of the electric field on its measurements. At its center frequency, the probe has a sensor factor of -0.17 dB S/m and electric field suppression ratio of 30.18 dB.

Published

2019

40. The Flipped Classroom Approach to Engineering Electromagnetics: A Case Study

Author

Alenka Zajic and Morris B. Cohen

Subjects

Class (computer programming), Electromagnetics, Engineering education, Computer science, Active learning, ComputingMilieux_COMPUTERSANDEDUCATION, 0202 electrical engineering, electronic engineering, information engineering, Mathematics education, 020206 networking & telecommunications, 02 engineering and technology, Flipped classroom

Abstract

We report on our experience and results teaching junior-level engineering electromagnetics with a flipped classroom approach at the Georgia Institute of Technology. In a flipped classroom, students are expected to watch videos and/or complete materials that ordinarily are part of an in-class lecture. During class time, students work on problems in small groups that might otherwise have been part of homework assignments. Homeworks and quizzes have individual and team components. The technique is designed to leverage peer-based learning to emphasize conceptual understanding. The two authors have taught a required junior-level electromagnetics course a total of 6 times with the flipped classroom approach. We report on our techniques as well as our efforts to assess learning outcomes compared to a more traditional lecture-based course.

Published

2019

41. Zero-Overhead Path Prediction with Progressive Symbolic Execution

Author

Sunjae Park, Haider Adnan Khan, Alenka Zajic, Richard L. Rutledge, Alessandro Orso, and Milos Prvulovic

Subjects

Profiling (computer programming), Computer engineering, Computer science, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Code coverage, 020207 software engineering, 02 engineering and technology, Tracing, Symbolic execution

Abstract

In previous work, we introduced zero-overhead profiling (ZOP), a technique that leverages the electromagnetic emissions generated by the computer hardware to profile a program without instrumenting it. Although effective, ZOP has several shortcomings: it requires test inputs that achieve extensive code coverage for its training phase; it predicts path profiles instead of complete execution traces; and its predictions can suffer unrecoverable accuracy losses. In this paper, we present zero-overhead path prediction (ZOP-2), an approach that extends ZOP and addresses its limitations. First, ZOP-2 achieves high coverage during training through progressive symbolic execution (PSE)---symbolic execution of increasingly small program fragments. Second, ZOP-2 predicts complete execution traces, rather than path profiles. Finally, ZOP-2 mitigates the problem of path mispredictions by using a stateless approach that can recover from prediction errors. We evaluated our approach on a set of benchmarks with promising results; for the cases considered, (1) ZOP-2 achieved over 90% path prediction accuracy, and (2) PSE covered feasible paths missed by traditional symbolic execution, thus boosting ZOP-2's accuracy.

Published

2019

42. High-Gain Quad Array of Nonuniform Helical Antennas

Author

Antonije R. Djordjevic, Jelena Dinkic, Alenka Zajic, and Dragan I. Olcan

Subjects

Physics, High-gain antenna, Article Subject, business.industry, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Basis function, 02 engineering and technology, Axial length, Method of moments (statistics), lcsh:HE9713-9715, Wavelength, Optics, 0202 electrical engineering, electronic engineering, information engineering, Range (statistics), lcsh:Cellular telephone services industry. Wireless telephone industry, lcsh:Electrical engineering. Electronics. Nuclear engineering, Helical antenna, Electrical and Electronic Engineering, business, lcsh:TK1-9971, Ground plane

Abstract

We present a design of a high-gain quad array of nonuniform helical antennas. The design is obtained by optimization of a 3-D numerical model of four nonuniform helical antennas placed above a ground plane, including a model of a feeding network, utilizing the method of moments with higher-order basis functions. The gain of one optimal nonuniform helical antenna can be about 2.5 dB higher than the gain of a uniform helical antenna of the same axial length. Creating a 2×2 array further increases the gain up to about 6 dB. The resulting quad array fits into a box whose dimensions are 2.5×3.3×3.3 wavelengths, and the gain in the main radiating direction is about 20.5 dBi in the frequency range from 0.9 GHz to 1.1 GHz. The design is verified by measurements of a prototype of the quad array.

Published

2019

43. Statistical Modeling and Simulation of Short-Range Device-to-Device Communication Channels at Sub-THz Frequencies

Author

Alenka Zajic and Seunghwan Kim

Subjects

business.industry, Computer science, Scattering, Applied Mathematics, 020206 networking & telecommunications, 020302 automobile design & engineering, Statistical model, 02 engineering and technology, Correlation function (quantum field theory), Computer Science Applications, 0203 mechanical engineering, 0202 electrical engineering, electronic engineering, information engineering, Range (statistics), Electronic engineering, Wireless, Electrical and Electronic Engineering, Wideband, Telecommunications, business, Power delay profile, Multipath propagation, Computer Science::Information Theory, Communication channel, Parametric statistics

Abstract

A 2-D geometrical propagation model for short-range device-to-device desktop communication channels at sub-terahertz (sub-THz) frequencies is proposed. Based on the geometrical model, a parametric reference model for short-range sub-THz multipath fading channels is developed. From the reference model, the corresponding frequency correlation function and the power delay profile (PDP) are derived and compared with the measured data. The results show good agreement between the measured and theoretical PDPs. Finally, a new sum-of-sinusoids-based simulation model for wideband sub-THz channels is proposed. The statistics of the reference model are verified by simulation. The results show that the simulation model is a good approximation of the reference model.

Published

2016

44. Capacity of Deliberate Side-Channels Created by Software Activities

Author

Milos Prvulovic, Baki Berkay Yilmaz, and Alenka Zajic

Subjects

021110 strategic, defence & security studies, Computer science, business.industry, 0211 other engineering and technologies, 020206 networking & telecommunications, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Upper and lower bounds, Channel capacity, Software, Pulse-amplitude modulation, 0202 electrical engineering, electronic engineering, information engineering, Wireless, business, Computer network, Communication channel

Abstract

It has been shown that electromagnetic (EM) emanations that are result of instruction executions in a computer system can create a wireless side-channel which attackers can use to extract sensitive information such as a cryptography key. When an attacker modifies the software application to exfiltrate sensitive information through a channel, this channel is called a deliberate side-channel or a covert channel. Because deliberate side-channels are not created for a conventional wireless communication to transmit information, these channels are exposed not only to the errors created by the wireless transmission (the transmitted signal propagates through a channel hindered by metal and plastic), but also by varying execution time of computer activities, and by insertions from other computer activities such as interrupts. Combining all of these effects, we propose to model deliberate side-channels as an insertion channel where the transmitted sequence is a pulse amplitude modulated signal with varying pulse width. Utilizing this model, we derive upper and lower bounds for the channel capacity of the deliberate side-channels. The bounds demonstrate the severity of data leakage through deliberate side channels by revealing the potential to transmit high data rates. Moreover, the proposed bounds for the channel capacity can be employed by any noisy insertion channel and provides more confidential results.

Published

2018

45. EMPROF: Memory Profiling Via EM-Emanation in IoT and Hand-Held Devices

Author

Alireza Nazari, Moumita Dey, Alenka Zajic, and Milos Prvulovic

Subjects

Profiling (computer programming), business.industry, Computer science, Hand held devices, Spec#, Timeline, 02 engineering and technology, 020202 computer hardware & architecture, Microarchitecture, Memory profiling, Embedded system, Component-based software engineering, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Cache, business, Internet of Things, computer, computer.programming_language

Abstract

This paper presents EMProf, a new method for profiling the performance impact of the memory subsystem without any support on, or interference with, the profiled system. Rather than rely on hardware support and/or software instrumentation on the profiled system, EMProf analyzes the system's EM emanations to identify processor stalls that are associated with last-level cache (LLC) misses. This enables EMProf to accurately pinpoint LLC misses in the execution timeline and to measure the cost (stall time) of each miss. Since EMProf has zero "observer effect", so it can be used to profile applications that adjust their activity to their performance. It has no overhead on target machine, so it can be used for profiling embedded, hand-held, and IoT devices which usually have limited support for collecting, and limited resources for storing, the profiling data. Finally, since EMProf can profile the system as-is, its profiling of boot code and other hard-to-profile software components is as accurate as its profiling of application code. To illustrate the effectiveness of EMProf, we first validate its results using micro-benchmarks with known memory behavior, and also on SPEC benchmarks running a cycle-accurate simulator that can provide detailed ground-truth data about LLC misses and processor stalls. We then demonstrate the effectiveness of EMProf on real systems, including profiling of boot activity, show how its results can be attributed to the specific parts of the application code when that code is available, and provide additional insight on the statistics reported by EMProf and how they are affected by the EM signal bandwidth provided to EMProf.

Published

2018

46. Experimental Validation of Localization Method for Finding Magnetic Sources on IOT Devices

Author

Frank T. Werner, Milos Prvulovic, Antonije R. Djordjevic, Alenka Zajic, and Dragan I. Olcan

Subjects

010302 applied physics, business.industry, Computer science, Electromagnetic compatibility, Magnetic separation, 020206 networking & telecommunications, 02 engineering and technology, 01 natural sciences, Magnetic field, Printed circuit board, Simplex algorithm, Gate array, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Internet of Things, business, Field-programmable gate array, Computer hardware

Abstract

Recently, we proposed a method for accurately locating instruction-dependent magnetic field sources on printed circuit boards (PCBs). This method first excites the device's processor by executing an alternating pair of two instructions at a specific frequency. Using the measurements of the magnetic field taken around the edges of the PCB and an algorithm based on simplex optimization, the locations of the sources are evaluated. In this paper, we present extensive experimental verification of this method on two devices, a field-programmable gate array (FPGA) development board and an Internet of Things (IoT) device. The results illustrate that sources of instruction-dependent emanations are confined to a small area near the processor and that the positions of these sources are dependent on the specific instructions being executed.

Published

2018

47. Comparison of Optimization Approaches for Designing Nonuniform Helical Antennas

Author

Jelena Dinkic, Alenka Zajic, Antonije R. Djordjevic, and Dragan I. Olcan

Subjects

Simplex algorithm, Computer science, 010401 analytical chemistry, MathematicsofComputing_NUMERICALANALYSIS, 0202 electrical engineering, electronic engineering, information engineering, Particle swarm optimization, 020206 networking & telecommunications, 02 engineering and technology, Radius, Topology, 01 natural sciences, Reliability (statistics), 0104 chemical sciences

Abstract

Comparison of various optimization approaches for the design of nonuniform helical antennas is presented. The considered helices have linearly varying radius and pitch. Results show that this design has many similar (or suboptimal) solutions with significant differences in geometry. Combination of particle swarm optimization and Nelder-Mead simplex algorithm proved to be a robust and an efficient optimization approach.

Published

2018

48. THz Near Field Focusing using Cassegranian Configuration for EM Side-channel Detection

Author

Prateek Juyal, Alenka Zajic, and Sinan Adibelli

Subjects

010302 applied physics, Physics, Focal point, business.industry, Terahertz radiation, Aperture, Astrophysics::Instrumentation and Methods for Astrophysics, 020206 networking & telecommunications, Near and far field, 02 engineering and technology, 01 natural sciences, Wavelength, Optics, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Antenna (radio), business, Focus (optics), Beam (structure)

Abstract

This paper presents near field focusing at THz frequencies using cassegranian antenna configuration used for the electromagnetic side-channel detection. The antenna is designed to produce the focused beam 30cm away from the aperture. The focusing is done in the near field region by moving the sub-reflector from the focal point along the axis. It is observed in the simulations and measurements that the subreflector position has to shift approximately 11 wavelengths along the axis to create the focus at the required location. The 3dB focus width of the antenna is ~4 mm. Finally, simulation results of near field gain are compared with measurements and good agreement is observed.

Published

2018

49. Study of Diffraction at 30 GHz, 140 GHz, and 300 GHz

Author

Alenka Zajic, Seunghwan Kim, and Chia-Lin Cheng

Subjects

Diffraction, Materials science, Gain measurement, Terahertz radiation, business.industry, 020208 electrical & electronic engineering, Physics::Optics, 020206 networking & telecommunications, 02 engineering and technology, Radio spectrum, Optics, 0202 electrical engineering, electronic engineering, information engineering, Geometrical theory of diffraction, business

Abstract

This paper presents comparison between measurements and modeling of diffraction in indoor obstructed propagation environments at 30 GHz, 140 GHz, and 300 GHz. The results show that all three frequency bands experience diffraction in obstructed environment. Furthermore, the good agreement between measurements and modeling shows that diffraction at mm-wave and THz frequencies can be modeled by using Uniform Geometrical Theory of Diffraction (UTD). Finally, the results show that diffraction becomes more dominant as frequencies increase from mm-wave to THz frequencies.

Published

2018

50. Detailed tracking of program control flow using analog side-channel signals: a promise for IoT malware detection and a threat for many cryptographic implementations

Author

Haider Adnan Khan, Monjur Alam, Alenka Zajic, and Milos Prvulovic

Subjects

Computer science, business.industry, 020208 electrical & electronic engineering, Real-time computing, Cryptographic implementations, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, computer.software_genre, Encryption, law.invention, Information sensitivity, law, 0202 electrical engineering, electronic engineering, information engineering, Malware, Side channel attack, Tempest, business, Cryptanalysis, computer

Abstract

Side-channel signals have long been used in cryptanalysis, and recently they have also been utilized as a way to monitor program execution without involving the monitored system in its own monitoring. Both of these use-cases for side-channel analysis have seen steady improvement, allowing ever-smaller deviations in program behavior to be monitored (to track program behavior and/or identify anomalies) or exploited (to steal sensitive information). However, there is still very little intuition about where the limits for this are, e.g. whether a single-instruction or a single-bit difference can realistically be recovered from the signal. In this paper, we use a popular open-source cryptographic software package as a test subject to demonstrate that, with enough training data, enough signal bandwidth, and enough signal-to-noise ratio, the decision of branch instructions that cause even single-instruction-differences in program execution can be recovered from the electromagnetic (EM) emanations of an IoT/embedded system. We additionally show that, in cryptographic implementations where branch decisions contain information about the secret key, nearly all such information can be extracted from the signal that corresponds to only a single cryptographic operation (e.g. encryption). Finally, we analyze how the received signal bandwidth, the amount of training, and the signal-to-noise ratio (SNR) affect the accuracy of side-channel-based reconstruction of individual branch decisions that occur during program execution.

Published

2018