Machine Learning for Improving Embedded System Attacks

Embedded systems have become present in our daily life, from the many embedded computers involved in controlling a car, to implanted medical devices, to the latest Internet of Things (IoT) device. A common question (or what should be a common question) when using these devices has been questions around what security flaws might be present, and what attacks are possible to perform against these devices. While many attacks on these embedded computers are similar to well known attack from "classic" computing systems, there is a variety of attacks that are specific to embedded computers. In particular, the two most powerful classes of attacks are known as sidechannel power analysis and fault injection attacks. The first group (side channel power analysis) exploits fundamental artifacts of implementation of cryptography in the device under attack. The second group (fault injection attacks) exploits the ability of an attacker on an embedded system to alter the execution environment of the device being attacked, meaning that tasks such as verifying a signature can be manipulated. These attacks have been used in more recent attacks on embedded systems, including demonstrating a worm on the Philips Hue smart lights and bypassing security mechanisms on an automotive ECU. These attacks will be the prominent form of exploitation of embedded systems moving forward, as they allow breaking of state-of-theart cryptographic and security mechanisms. This research proposal will develop new tools and techniques, with the objective of not only developing the fundamental research, but disseminating this research to industry and academia through opensource tools. Specifically, several areas of research will be concentrated on towards this goal. The first will be to develop an interface between existing opensource sidechannel analysis frameworks (ChipWhisperer) and machine learning frameworks. This will be released as an opensource addition, and this framework will be used during the remaining research period. With this framework, optimization of machine learning attacks can be performed against a variety of target devices and cryptographic implementations. The second area of focus will be on fault injection using an electromagnetic fault injection (EMFI) platform. This will be split into use of machine learning for optimizing fault injection parameters to achieve a desired effect, and work on instrumenting a target device to better understand the effects that fault injection has on the target. A successful research proposal would build Canadian expertise in this critical area, including academic researchers, undergraduate engineers, and industry practitioners. This builds upon the principle investigators existing experience in this area, including his industry experience running workshops and training seminars.