DETECTION OF MALICIOUS SOFTWARE, FIRMWARE, IP CORES AND CIRCUITRY VIA UNINTENDED EMISSIONS

摘要

An apparatus for testing, inspecting or screening an electrically powered device for modified or unmodified hardware, firmware or software modifications including Malware, Trojans, adware, improper versioning, worms, or virus and the like, includes an antenna positioned at a distance from the electrically powered device and a signal receiver or sensor for examining a signal from the electrically powered device. The receiver or sensor collects unintended RF energy components emitted by the electrically powered device and includes one or more processors and executable instructions that perform analysis in a response to the acquired signal input while the electrically powered device is active or powered. The characteristics of the collected RF energy may be compared with RF energy characteristics of an unmodified device. The comparison determines one of a modified, unmodified or score of certainty of modified condition of the electrically powered device.

主权项

1. An apparatus comprising:
a sensor comprising one or more antennas, low noise amplifier(s) coupled to said one or more antennas, RF tuner(s) and analog to digital converter(s) said sensor configured, to capture unintended emitted electromagnetic energy and/or unintended conducted energy from one or more electrical devices; one or more processors or logic devices; and a computational medium comprising executable instructions that, when executed by said one or more processors or logic devices, cause said one or more processors or logic devices to perform the following steps on said captured unintended emitted electromagnetic energy and/or said unintended conducted energy: measuring a feature value in at least one spectral frequency region of said captured unintended emitted electromagnetic energy and/or unintended conducted energy from said one or more electrical devices, calculating a difference value between said measured feature value and a baseline feature value, verifying, based on said calculated difference value, whether at least one of sub-threshold and super-threshold values have been exceeded in one or more of amplitude, frequency, phase and time domains of signature(s) elements of said captured unintended emitted electromagnetic energy and/or unintended conducted energy, and determining, based on said calculated difference value, a presence or an absence of at least one of malicious software, anomalous software, modified software, malicious firmware, anomalous firmware, modified firmware, malicious circuitry, anomalous circuitry and modified circuitry within the one or more electrical devices.