Electromagnetic Side Channel for Application Profiling in IoT Frameworks: A Comparison Between Time and Frequency Measurement Approaches

Guessing applications running on a remote device without having access to its operating system is a challenging task which could be used for two opposite reasons: i) passively listen and retrieve private information for cyberattacks; ii) monitor device operating cycle to detect anomalies that could be due to cyberattacks. In both cases, electromagnetic side channel can be a viable solutions. In this work, a double methodology is proposed and performance results obtained with two different approaches are compared. Unlike most literature solutions, the proposed strategies do not make use of machine learning support and rely on expert-system mechanisms. The proposed solutions have a considerably lower computational burden and may be implemented for nearly realtime detection on low/medium capability devices. The test setup is focused on guessing running applications on a typical device very common in Internet of Things (IoT) scenarios, i.e. a raspberry PI. The magnetic field emitted by the power supply section is suitably processed in time or frequency domain according to a threshold-based approach. Obtained performance ensures very selective capabilities (greater than 90% mean accuracy) with both methodologies. Particularly, frequency domain approach achieves higher accuracy values and, at the same time, it requires an additive amount of computational burden; time domain case reports good performance keeping the computational load very low.