Detecting hardware security threats through fingerprinting

Presenter: Konstantinos Alexakis, AUEB
Date: 24 February 2022


Software fingerprinting is a popular method that can be used in order to to map a large amount of arbitrary data to a shorter,its fingerprint, in order to identify the original data for all practical cases. Such a case can be considered the fact of identifying the presence of a security threats, using this fingerprint. More specifically, according to literature, hardware security leaks can be detected through fingerprinting CPUs using hardware measurement techniques. However, these require access to ”golden” chips and cannot be easily performed in the field. The objective of this study is to design, develop, and evaluate a fingerprinting method that can reliably detect hardware deviations. The software will obtain the fingerprints by monitoring the CPU’s performance counters while executing different sets of CPU instructions. Testing can be done by fingerprinting the same CPUs on same hardware batches (they should provide identical fingerprints) and by testing CPUs with different microcode updates or disabled features (they should yield mismatched fingerprints). As part of a crowd-sourcing process, fingerprints can be collected from a wide variety of CPUs, which, when matched against CPU identifiers and microcode versions, may even allow the detection of genuine Trojan horses. The comparison between CPUs, will be performed through statistical methods that are capable of providing enough evidence in order to make the final decision.