| Abstract | Software attestation seeks to verify the authenticity
of a system without the aid of trusted hardware, and has
important applications in the field of security. Such attestation
schemes are of particular interest in the embedded domain, where
simplicity and limited resources constrain more complex security
solutions. At the same time, these properties enable attestation
approaches that rely on predictable side-effects. Most software
attestation schemes aim to verify the integrity of memory using
a combination of cryptographic schemes, internal side-effects
like TLB misses, and known timing constraints. However, little
attention has been paid to leveraging non-traditional side-effects,
in particular, externally observable side-effects such as power
consumption.
In this paper we introduce a method for software attestation
using power consumption as the side-effect. We show how to
circumvent the undecidable nature of program execution for
this purpose and present a static compiler transformation which
implements the technique. Our approach is less intrusive than
traditional software attestation because the system does not
require interruption to compute a cryptographic checksum. It
is particularly well suited to real-time systems where consistent
timing is more important than speed.
|
