98 lines
7.2 KiB
TeX
98 lines
7.2 KiB
TeX
\chapter{Timetable}\label{chap:timetable}
|
|
The planned work is segmented into three main parts: finishing the \gls{dsd}, building the data acquisition system and building to algorithm for the single-source multi-measure system, and setting up an experiment for the multi-source single-measure system.
|
|
Each of these three parts has its own specificities and challenges that call for careful planning.
|
|
|
|
\section{Spring 2023}
|
|
The main focus for this term is the writing of the \gls{dsd} paper.
|
|
The algorithm has now reached a satisfactory state with a good range of detection and useful precision.
|
|
However, more experiments are required to evaluate the robustness and capabilities of the detector in a wider variety of situations.
|
|
The goal for this paper is the submission to a major conference in the next term.
|
|
|
|
\section{Fall 2023}
|
|
This term will have a dual goal.
|
|
On one hand, finishing the \gls{dsd} paper and submitting it to a conference.
|
|
On the other, start working on the single-source multi-measure capture system.
|
|
The current capture system is composed of a PoE box that is placed in series with the machine to monitor.
|
|
This system is reliable and serves its purpose perfectly, but it is not possible to fit in a more constrained space or able to measure multiple consumptions at once.
|
|
The single-source multi-measure system aims for integration in the machine with minimal modification to allow for easy \textit{drop-in} installation.
|
|
The goal could be a computer's \gls{psu} or an external box with multiple measurement systems.
|
|
In any case, the design and prototyping of this new measurement system is an important part of the single-source multi-measure system.
|
|
|
|
\section{Winter 2024}
|
|
Fall 2023 will be dedicated to designing and evaluating the single-source multi-measure system.
|
|
The challenge of this work is to enable the processing of multi-variate time series to yield better results.
|
|
The system's performances will be put in perspective with the capabilities of the DSD (single-source single-measure).
|
|
A series of experiments will also provide a complementary evaluation of the performances of these new techniques.
|
|
The experiments will be collected in a paper with a publication aimed at the next term.
|
|
|
|
\section{Spring 2024}
|
|
After evaluating the single-source multi-measure system, a paper will summarize the findings and present the solution.
|
|
This term will also be dedicated to beginning the design of the multi-source single-measure system.
|
|
For this third system, the capture system is already available.
|
|
The workload is mainly centred on the design of the processing algorithm.
|
|
|
|
\section{Complementary Projects}
|
|
Although it is difficult to plan work after one year, there are some complementary projects that I intend on exploring.
|
|
|
|
\textbf{Cover Channel:}
|
|
Some work in the litterature explored potential of power consumption as a covert channel.
|
|
This application is complementary with the defense work I am focusing on in this thesis.
|
|
As an attacker trying to exfiltrate information from a machine, understanding the method from generating meaningfull power consumption patterns is crucial.
|
|
This work provide insights on how different applications generate specific consumption patterns.
|
|
A 1b/s covert channel already successfully extracted a private ECDSA SSH key through AC/DC transformers with an MSSM setup.
|
|
I intend on improving the capabilities of this covert channel as a complementary project for this thesis.
|
|
|
|
\textbf{Specific Activities Detection:}
|
|
Some users activities carry so much potential threats that detecting them quickly is interesting.
|
|
For example, plugging in a USB device is an entry point for many attacks \cite{cannoles2017hacking, NISSIM2017675, su2017usb}.
|
|
Fortunately, USB devices have a direct impact on the power consumption of a machine as they draw their power from the host.
|
|
Detecting this specific event enable the collection of trusted logs usefull for forensics or log verification tasks.
|
|
The current work on this problem is exploring signal processing methods to build a reliable detector with the least false positive rate while still detecting all USB events.
|
|
This problem is complementary to the more general pattern detection problem that this thesis explores as a reduction to practice that, once again, provide a better understanding of the variety of patterns present in a power consumption trace.
|
|
|
|
|
|
\section{Alternative Courses of Action}
|
|
Many unforseen event can disturb a a research plan on multiple years.
|
|
Although it is not possible to plan an alternative course of action for each case, here are some ways to continue this thesis under different conditions.
|
|
|
|
\textbf{Pandemic or Global Lockdown Situation:}
|
|
The recent years reminded us that a global lockdown can become a necessity in a matter of months.
|
|
Without access to the university, the xork of this thesis remain possible.
|
|
Thanks to the great work of all the people at Palitronica Inc. the capture system is deployable anywhere with an internet connection.
|
|
Many experiment were already performed outside of the lab and it is even possible to store data on premise for complete offline work.
|
|
I already experienced this situation in 2020 when the university closed and I continued the work at home with some lab equipement.
|
|
The xPSU project was entirely developped off-campus.
|
|
|
|
\textbf{Unconvincing Results:}
|
|
The first results of the SSSM problem are encouraging for the eploration of MSSM and SSMM problems.
|
|
However, some unforeseen discovery could force to reevaluate the potential of this technology.
|
|
As presented before, there is plenty of alternative routes to explore for physics-based \gls{ids}.
|
|
First, there is room for improving the performances of the SSSM detector.
|
|
A better accuracy, a greater number of states, a lower training requirement or higher time-efficiency are all valuable improvements to pursue.
|
|
Second, the range of machines that can benefit from this technology is wide.
|
|
Experimentations with different machines for different use-cases can reveal unknown specific challenges.
|
|
Finally, complementary projects such as the xPSU, the covert channel, or the specific activities detectors are all interesting projects that would undoubtebly reveal new problems to explore.
|
|
|
|
%There is no lack of interesting problems to study in the field of physics-based cyber-security.
|
|
|
|
\section{Publications}
|
|
|
|
From the current work, multiple articles have been submitted for publications.
|
|
|
|
\begin{itemize}
|
|
\item The initial results of the exploration of the \gls{eet} technology were compiled
|
|
|
|
\item The resutls of the \gls{bpv} were detailed in a work-in-progress paper presented in EMSOFT 2021 \cite{grisel2022work}.
|
|
The complete the findings of this first paper, more experiment were conducted on a wider variety of machines and exploring diverse optimisations techniques.
|
|
A paper compiling these new findings is currently under review for QRS 2023.
|
|
|
|
\item Also for submitted for QRS 2023, an article about \gls{dsd} is under review.
|
|
\end{itemize}
|
|
|
|
For futur work, multiple conferences are apropriate for publishing.
|
|
|
|
\begin{itemize}
|
|
\item KDD is a major conference in the domain of knowledge discovery and information mining.
|
|
The algorithmes developped for mining and identifying consumption patterns will make adequate submissions for this conferencee
|
|
\item
|
|
\end{itemize}
|