Work-in-progress: remote detection of unauthorized activity via spectral analysis

Unauthorized hardware or firmware modifications, known as Trojans, can steal information, drain the battery, or damage IoT devices. This paper presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enter the test mode, it runs a predefined application repetitively with a fixed period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operation bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicates the presence of unknown (unauthorized) activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120 cm distance.