Physical side-channel monitoring leverages the physical phenomena produced by a microcontroller (e.g. power con- sumption or electromagnetic radiation) to monitor program execution for malicious behavior. As such, it offers a promis- ing intrusion detection solution for resource-constrained em- bedded systems, which are incompatible with conventional security measures. This method is especially relevant in safety and security-critical embedded systems such as in industrial control systems. Side-channel monitoring poses unique chal- lenges for would-be attackers, such as: (1) limiting attack vectors by being physically isolated from the monitored sys- tem, (2) monitoring immutable physical side channels with uninterpretable data-driven models, and (3) being specifically trained for the architectures and programs on which they are applied to. As a result, physical side-channel monitors are conventionally believed to provide a high level of security. In this paper, we propose a novel attack to illustrate that, despite the many barriers to attack that side-channel moni- toring systems create, they are still vulnerable to adversarial attacks. We present a method for crafting functional malware such that, when injected into a side-channel-monitored sys- tem, the detector is not triggered. Our experiments reveal that this attack is robust across detector models and hardware im- plementations. We evaluate our attack on the popular ARM microcontroller platform on several representative programs, demonstrating the feasibility of such an attack and highlight- ing the need for further research into side-channel monitors.
USENIX Security Symposium (USENIX Security)