CARNYX: A framework for vulnerability detection via power consumption analysis in embedded systems CARNYX: A framework for vulnerability detection via power consumption analysis in embedded systems

The widespread use of the Internet of Things (IoT) has led to a surge in interconnected, resource-constrained embedded systems, which are inherently vulnerable due to limited security mechanisms. This paper presents CARNYX, a framework leveraging power consumption analysis, rooted in Side-Channel An...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of information security Vol. 24; no. 4; p. 172
Main Authors Barredo, Jorge, Eceiza, Maialen, Flores, Jose Luis, Iturbe, Mikel
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.08.2025
Springer Nature B.V
Subjects
Access control
Automation
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Constraints
Cryptology
Cybersecurity
Embedded systems
Ethernet
Internet of Things
Management of Computing and Information Systems
Networks
Operating Systems
Power consumption
Power management
Regular Contribution
Serial interfaces
Software
Software reliability
Taxonomy
Embedded systems
Side-channel analysis
Hardware security
Vulnerability detection
Online AccessGet full text

Cover

More Information
Summary:The widespread use of the Internet of Things (IoT) has led to a surge in interconnected, resource-constrained embedded systems, which are inherently vulnerable due to limited security mechanisms. This paper presents CARNYX, a framework leveraging power consumption analysis, rooted in Side-Channel Analysis (SCA), to detect vulnerabilities in embedded systems with high accuracy. Designed for pre-deployment vulnerability detection, it offers three key advantages over existing SCA solutions: (1) detailed categorisation of specific vulnerability types beyond binary detection, (2) a methodology validated on the STM32F4 architecture and ARM Cortex-A8 with potential applicability to similar low- and medium-end systems, and (3) reliable detection in resource-constrained devices where power monitoring is practical. We evaluate CARNYX on three platforms: two low-end STM32F4-based platforms (Riscure Piñata and STM NUCLEO-144) and the medium-end ARM Cortex-A8-based BeagleBone Black, analysing 16 arithmetic and memory-related software flaws. Results demonstrate recall rates of 99.69% (Piñata), 86.88% (NUCLEO-144 with serial interface), 51.25% (NUCLEO-144 with Ethernet), and 53.67% (BeagleBone Black)-all with high precision-while measuring the effect of communication peripherals on side-channel leakage, an aspect underexplored in prior vulnerability detection studies. These results highlight CARNYX’s potential to enhance security in constrained IoT devices, even in noisy environments where binary detection methods offer limited value. While validated on STM32F4 and ARM Cortex-A8, its principles may extend to other low- and medium-end systems, subject to further validation.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-025-01092-2