{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T22:40:42Z","timestamp":1768516842166,"version":"3.49.0"},"reference-count":25,"publisher":"MDPI AG","issue":"15","license":[{"start":{"date-parts":[[2022,8,7]],"date-time":"2022-08-07T00:00:00Z","timestamp":1659830400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Research Foundation of Korea (NRF)","award":["2020R1F1A1074358"],"award-info":[{"award-number":["2020R1F1A1074358"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>With the development of 5G and network technology, the usage of IoT devices has become popular. Because most of these IoT devices can be controlled by an adversary away from the administrator, several security issues such as firmware dumping can arise. Firmware dumping is the cornerstone or goal of many types of hardware hacking. Therefore, many IoT device manufacturers adopt some protection mechanisms such as the restriction of hardware debuggers. However, several recent studies have shown that the operating instructions of an IoT device can be recovered through the profiling-based side-channel analysis. The Side-Channel-Based Disassembler (SCBD) refers to software that recovers instructions of the device only from the side-channel signal. The SCBD is powerful enough to defeat many firmware protection mechanisms. In this paper, we show how an adversary can build an instruction (opcode)-level disassembler using the power consumption signal of commercial microcontrollers (MCUs) such as the 8-bit ATxmega128 and 32-bit STM32F0. To implement the SCBD, we elaborately constructed the instruction template considering the pipeline of the target MCUs through instruction sequence analysis. Furthermore, we preprocessed the side-channel signals using the Continuous Wavelet Transform (CWT) for noise reduction and Kullback-Leibler Divergence (KLD) for instruction feature extraction. Our experimental results show that the machine-learning-based instruction disassembling models can recover the operating instructions with an accuracy of about 91.9% and 98.6% for the ATxmega128 and STM32F0, respectively. Furthermore, we achieved an accuracy of 77% and 96.5% in a cross-board validation.<\/jats:p>","DOI":"10.3390\/s22155900","type":"journal-article","created":{"date-parts":[[2022,8,9]],"date-time":"2022-08-09T04:16:55Z","timestamp":1660018615000},"page":"5900","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Implementation of Disassembler on Microcontroller Using Side-Channel Power Consumption Leakage"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5523-6710","authenticated-orcid":false,"given":"Daehyeon","family":"Bae","sequence":"first","affiliation":[{"name":"School of Cybersecurity, Korea University, Seoul 02841, Korea"}]},{"given":"Jaecheol","family":"Ha","sequence":"additional","affiliation":[{"name":"Division of Computer Engineering, Hoseo University, Asan 31499, Korea"}]}],"member":"1968","published-online":{"date-parts":[[2022,8,7]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Kocher, P. (1996, January 18\u201322). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. Proceedings of the CRYPTO\u201996, Santa Barbara, CA, USA.","DOI":"10.1007\/3-540-68697-5_9"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Lipp, M., Kogler, A., Oswald, D., Schwarz, M., Easdon, C., Canella, C., and Gruss, D. (2021, January 24\u201327). PLATYPUS: Software-based power side-channel attacks on x86. Proceedings of the 2021 IEEE Symposium on Security and Privacy, San Francisco, CA, USA.","DOI":"10.1109\/SP40001.2021.00063"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"496","DOI":"10.46586\/tches.v2021.i3.496-519","article-title":"Let\u2019s take it offline: Boosting brute-force attacks on iPhone\u2019s user authentication through SCA","volume":"2021","author":"Lisovets","year":"2021","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_4","first-page":"1","article-title":"Cost and effectiveness of TrustZone defense and side-channel attack on ARM platform","volume":"11","author":"Liu","year":"2020","journal-title":"J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl."},{"key":"ref_5","first-page":"2","article-title":"A study on the SCA trends for application to IoT devices","volume":"10","author":"Sim","year":"2020","journal-title":"J. Internet Serv. Inf. Secur."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Kocher, P., Jaffe, J., and Jun, B. (1999, January 15\u201319). Differential power analysis. Proceedings of the CRYPTO\u201996, Santa Barbara, CA, USA.","DOI":"10.1007\/3-540-48405-1_25"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Brier, E., Clavier, C., and Olivier, F. (2004, January 11\u201313). Correlation power analysis with a leakage model. Proceedings of the CHES\u201904, Boston\/Cambridge, MA, USA.","DOI":"10.1007\/978-3-540-28632-5_2"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"107","DOI":"10.46586\/tches.v2019.i2.107-131","article-title":"Non-profiled deep learning-based side-channel attacks with sensitivity analysis","volume":"2019","author":"Timon","year":"2019","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_9","first-page":"22","article-title":"Performance metric for differential deep learning analysis","volume":"11","author":"Bae","year":"2021","journal-title":"J. Internet Serv. Inf. Secur."},{"key":"ref_10","first-page":"61","article-title":"Chapter 4. Statistical characteristics of power traces","volume":"Volume 1","author":"Mangard","year":"2007","journal-title":"Power Analysis Attack"},{"key":"ref_11","first-page":"1","article-title":"On the Performance Gap of a Generic C Optimized Assembler and Wide Vector Extensions for Masked Software with an Ascon-p test case","volume":"124","author":"Salomon","year":"2022","journal-title":"Cryptol. ePrint Arch."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"68440","DOI":"10.1109\/ACCESS.2022.3185995","article-title":"Fully-Digital Randomization Based Side-Channel Security\u2014Towards Ultra-Low Cost-per-Security","volume":"10","author":"Breuer","year":"2022","journal-title":"IEEE Access."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Vermoen, D., Witteman, M., and Gaydadjiev, G. (2007, January 9\u201311). Reverse engineering java card applets using power analysis. Proceedings of the WISTP\u201907, Heraklion, Greece.","DOI":"10.1007\/978-3-540-72354-7_12"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1007\/978-3-642-17499-5_4","article-title":"Building a side channel based disassembler","volume":"6340","author":"Eisenbarth","year":"2010","journal-title":"Trans. Comput. Sci. X"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Strobel, D., Bache, F., Oswald, D., Schellenberg, F., and Paar, C. (2015, January 9\u201313). Scandalee: A side-channel-based disassembler using local electromagnetic emanations. Proceedings of the DATE\u201915, Grenoble, France.","DOI":"10.7873\/DATE.2015.0639"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Park, J., Xu, X., Jin, Y., and Forte, D. (2018, January 24\u201328). Power-based side-channel instruction-level disassembler. Proceedings of the DAC\u201918, San Francisco, CA, USA.","DOI":"10.1145\/3195970.3196094"},{"key":"ref_17","unstructured":"McCann, D., Oswald, E., and Whitnall, C. (2017, January 16\u201318). Towards practical tools for side channel aware software engineering: \u2018Grey Box\u2019 modeling for instruction leakages. Proceedings of the USENIX Security\u201917, Vancouver, BC, Canada."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Cristiani, V., Lecomte, M., and Hiscock, T. (2019, January 11\u201313). A bit-level approach to side channel based disassembling. Proceedings of the CARDIS\u201919, Prague, Czech Republic.","DOI":"10.1007\/978-3-030-42068-0_9"},{"key":"ref_19","unstructured":"Kim, H., Hong, S., and Lin, J. (October, January 28). A fast and provably secure higher-order masking of AES S-Box. Proceedings of the CHES\u201911, Nara, Japan."},{"key":"ref_20","unstructured":"Kwon, D., Kim, J., Park, S., Sung, S., Sohn, Y., Song, J., Yeom, Y., Yoon, E., Lee, S., and Lee, J. (2003, January 27\u201328). New block cipher: ARIA. Proceedings of the ICISC\u201903, Seoul, Korea."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Jeong, K., Choi, J., Lee, Y., Lee, C., Sung, J., Park, H., and Kang, Y. (2009, January 25\u201327). Update on SEED: SEED-192\/256. Proceedings of the ISA\u201909, Seoul, Korea.","DOI":"10.1007\/978-3-642-02617-1_1"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Hong, D., Lee, J., Kim, D., Kwon, D., Ryu, K., and Lee, D. (2013, January 19\u201321). LEA: A 128-bit block cipher for fast encryption on common processors. Proceedings of the WISA\u201913, Jeju, Korea.","DOI":"10.1007\/978-3-319-05149-9_1"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"O\u2019Flynn, C., and Chen, Z. (2014, January 13\u201315). Chipwhisperer: An open-source platform for hardware embedded security research. Proceedings of the COSADE\u201914, Paris, France.","DOI":"10.1007\/978-3-319-10175-0_17"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"222520","DOI":"10.1109\/ACCESS.2020.3043395","article-title":"An efficient profiling attack to real codes of PIC16F690 and ARM Cortex-M3","volume":"8","author":"Vafa","year":"2022","journal-title":"IEEE Access."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Narimani, P., Akhaee, M.A., and Habibi, S.A. (2021, January 1\u20132). Side-Channel based Disassembler for AVR Micro-Controllers using Convolutional Neural Networks. Proceedings of the ISCISC\u201921, Isfahan, Iran.","DOI":"10.1109\/ISCISC53448.2021.9720466"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/15\/5900\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:05:24Z","timestamp":1760141124000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/15\/5900"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,7]]},"references-count":25,"journal-issue":{"issue":"15","published-online":{"date-parts":[[2022,8]]}},"alternative-id":["s22155900"],"URL":"https:\/\/doi.org\/10.3390\/s22155900","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,8,7]]}}}