System Sniffs Out Trojans in Electromagnetic Emissions

Startup Aether Argus' system spotted trojans in an AI accelerator card and more

3 min read

Samuel K. Moore is IEEE Spectrum’s semiconductor editor.

Left, a commercial plane from below; right a Yellow and green fighter jet takes off from a runway

A commericial airliner (left) and an Iranian fighter jet

Left: iStockphoto; Right: Wikipedia

Is that a warplane or a commercial airliner? Mistaking one for the other has had truly tragic consequences. So if you've got an automated system doing it, you better know for sure that it hasn't been compromised with a malicious hardware trojan somewhere along the supply chain.

It's such scenarios that the Defense Advanced Research Agency (DARPA) is hoping to defeat with a project called SHEATH (for Safeguards against Hidden Effects and Anomalous Trojans in Hardware), which recently wrapped up its 18-month run. The result? A system called TEMPEST that can tell if part of a computer has been compromised just from its electromagnetic emissions. Engineers from Aether Argus, in Atlanta, revealed the system and its results this week at DARPA's annual Electronics Resurgence Initiative Summit.

"The intended purpose is to help defenders confirm the integrity of the hardware and software they care about, without deploying new software on those devices," explained Angelos Keromytis, president of Aether Argus, which he cofounded with fellow professors at Georgia Tech Alenka Zajic and Milos Prvulovic, and with Virginia Tech's Angelos Stavrou.

(See "3 Ways to Hack a Printed Circuit Board", IEEE Spectrum, September 2020, for a list of vulnerable spots in the motherboard supply chain.)

Snooping electromagnetic side channels such as a chip's power consumption or RF emissions is usually thought of "as a technique to attack and steal cryptographic keys," says Keromytis.

Tempest turns that on its head. It takes signals from a near-field electromagnetic sensor that's set close to the hardware in question and looks for signs of tampering. In its most comprehensive tests, that hardware was a field-programmable gate array (FPGA) expansion board in a server. The FPGA was acting as an accelerator for an AI that was trained to identify objects in images. Tempest itself is also an AI. It's trained to spot changes in the FPGA's ordinary emissions that might mean a trojan in the chip's firmware has engaged.

2 spectrographs. The left is labelled Clean application. The right is labelled V1.

Aether Argus

2 spectrographs. The left is labelled V2. The right is labelled V3.

These spectrographs show the radio emissions from an AI accelerator when it's clean and when it's compromised by three variants of a firmware trojan.

At the DARPA event, Keromytis showed the results of a test in which a trojan was inserted in the FPGA's firmware that would result in the neural network misidentifying an image of an Iranian fighter jet as a commercial aircraft.

The startup tested Tempest against three variants of the hardware trojan and in each case managed to spot it within one second of its engaging in dastardly deeds. It did so with an accuracy of at least 98.87 percent and with at most a 1.83 percent false positive rate. What's more, Tempest could detect one version of the trojan with 97.98 percent accuracy even when the malware wasn't engaged at all, such as when the AI was looking at a real commercial jet.

The latter example, called structural detection—as opposed to runtime detection—is more difficult, said Keromytis. But it would be useful for spotting attacks inserted at points in a system's supply chain.

Although they did most of the work on the FPGA, the team did proof-of-concept work on a variety of systems such as cellular infrastructure devices, embedded microcontrollers, and hard drives. "In most cases we didn't even need to remove the enclosure" to pick up a usable electromagnetic signature, said Keromytis.

Now that the initial DARPA work is done, Aether Argus is working on commercialization. One important application is defending the supply chain for 5G infrastructure by spotting counterfeits and hacked systems, Keromytis said.

The Conversation (1)
Michael Stricker
Michael Stricker04 Nov, 2021

This is old news. This type of work was done in the mid 1980's.