PowerAlert: An Integrity Checker using Power Measurement

We propose POWERALERT, an efficient external integrity checker for untrusted hosts. Current attestation systems suffer from shortcomings in requiring complete checksum of the code segment, being static, use of timing information sourced from the untrusted machine, or use of timing information with high error (network round trip time). We address those shortcomings by (1) using power measurements from the host to ensure that the checking code is executed and (2) checking a subset of the kernel space over a long period of time. We compare the power measurement against a learned power model of the execution of the machine and validate that the execution was not tampered. Finally, power diversifies the integrity checking program to prevent the attacker from adapting. We implement a prototype of POWERALERT using Raspberry pi and evaluate the performance of the integrity checking program generation. We model the interaction between POWERALERT and an attacker as a game. We study the effectiveness of the random initiation strategy in deterring the attacker. The study shows that POWERALERT forces the attacker to trade-off stealthiness for the risk of detection, while still maintaining an acceptable probability of detection given the long lifespan of stealthy attacks.