GJALLARHORN: A framework for vulnerability detection via electromagnetic side-channel analysis in embedded systems

The proliferation of embedded systems within the Internet of Things (IoT) has heightened the difficulty of detecting vulnerabilities due to their inherent resource constraints. This paper introduces GJALLARHORN, a framework extending electromagnetic side-channel analysis (EM SCA) for early-stage vulnerability detection in embedded systems. Unlike conventional methods requiring code access or imposing computational overhead, GJALLARHORN non-invasively analyses EM emissions to identify anomalous patterns indicating potential security vulnerabilities. By observing hardware-level manifestations of software execution, GJALLARHORN complements software-level analysis, revealing vulnerabilities that might otherwise remain undetected. The framework adapts to device complexity, enabling categorisation of up to 16 distinct vulnerability types, including buffer overflows, memory leaks, and arithmetic errors. Evaluations on both low-end (STM NUCLEO-144) and high-end (Raspberry Pi 3B) architectures demonstrate GJALLARHORN’s effectiveness, achieving a recall of 95.94% and $F_1$ score of 96.39% on the low-end system, and 73.33% recall with 84.61% $F_1$ score on the high-end system. Our results reveal that memory-related vulnerabilities produce more distinguishable EM signatures than arithmetic errors, offering valuable insights for externally detecting vulnerabilities. By enabling detection during development, GJALLARHORN helps mitigate risks before deployment, potentially reducing the economic impact of security incidents in IoT infrastructure.