Remote detection of unauthorized activity via spectral analysis

Fatih Karabacak, Umit Ogras, Sule Ozev

Research output: Contribution to journalArticlepeer-review

8 Scopus citations


Unauthorized hardware or firmware modifications, known as trojans, can steal information, drain the battery, or damage IoT devices. Since trojans may be triggered in the field at an unknown instance, it is important to detect their presence at runtime. However, it is difficult to run sophisticated detection algorithms on these devices due to limited computational power and energy and, in some cases, lack of accessibility. This article presents a stand-off self-referencing technique for detecting unauthorized activity. The proposed technique processes involuntary electromagnetic emissions on a separate hardware, which is physically decoupled from the device under test. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, we are able to differentiate trojan activity without using a golden reference, or any knowledge of the attributes of the trojan activity. Experiments based on hardware measurements show that the proposed technique achieves close to 100% detection accuracy at up to 120cm distance.

Original languageEnglish (US)
Article number81
JournalACM Transactions on Design Automation of Electronic Systems
Issue number6
StatePublished - Dec 2018


  • EM emission
  • Hardware/firmware trojan detection
  • IoT security

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering


Dive into the research topics of 'Remote detection of unauthorized activity via spectral analysis'. Together they form a unique fingerprint.

Cite this