Hardware intrusion detection system
| DWPI Title: Method for detecting hardware intruder of device under test (DUT) used in embedded systems, involves determining that hardware intruder has been coupled to DUT comprises comparing response measurements to previous response measurements |
| Abstract: An apparatus for intrusion detection includes processing circuitry, a switch, signal detection circuitry, and an analog-to-digital converter (“ADC”). The processing circuitry is coupled to send a challenge signal to a device when the device is coupled to the processing circuitry. The switch is coupled to be enabled and disabled by the processing circuitry. The switch is for coupling to the device to receive a response signal in response to the challenge signal sent by the processing circuitry. The signal detection circuitry is coupled to receive the response signal in via the switch, when the processing circuitry enables the switch. The ADC is coupled to take measurements of the signal detection circuitry at a first output. The processing circuitry is coupled to the ADC and configured to analyze whether an intruder is present in the device based on the measurements of the signal detection circuitry. |
| Use: Method for detecting hardware intruder of device under test (DUT) used in embedded systems such as on-board microprocessors or software services. |
| Advantage: The IDS circuit can help reduce false positives. The intrusion detection algorithm can reside on one of the system microprocessors and can use the voltage-time data from the two channel analog-to-digital converter (ADC) module to detect a hardware intruder. The method does not provide on-going integrity checks of the device, so as to reduce supply chain risk with minimal cost to a manufacturing system. The significant cost of engineering design change-orders for the actual device is eliminated. |
| Novelty: The method involves sending a challenge signal to the DUT (110) from the intrusion detection system (IDS). The response signal is generated by the DUT in response to the challenge signal. The filter circuit comprises a two-stage resistor capacitor circuit comprising a first capacitor (166) and resistor (161), a second capacitor (167) and a resistor (162). The first and the second capacitor of the circuit are configured to charge responsive to receipt of the response signal. The generating response measurements comprise sampling a voltage of the filter circuit during the charging of the first and the second capacitor of the circuit. A hardware intruder is determined and coupled to the DUT comprises comparing the response measurements to previous response measurements. The challenge signal and the previous challenge signals are the same signal. An indication is outputting that the hardware intruder is detected responsive to determining that the intruder has been coupled to the DUT. |
| Filed: 3/15/2013 |
| Application Number: US13834673A |
| Tech ID: SD 12380.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |