Enhancing Power Fuzzing: Synthetic Side-Channel Data Generation, Optimal Sampling, and Noise Mitigation

Abstract

Embedded systems increasingly dominate critical applications, driving the need for advanced testing and validation methodologies capable of uncovering hidden or undocumented behaviours. Traditional fuzzing approaches, which rely on observable outputs or system crashes, often fail to reveal the internal operations of embedded devices. Powertrace-based fuzzing provides a non-intrusive alternative by analysing a device’s power consumption during operation. Achieving robust and reliable fuzzing performance requires researchers to overcome significant challenges in signal acquisition, noise mitigation, and classification reliability.

This thesis addresses these challenges by introducing several key improvements to the PowerFuzzer framework. First, it develops SigVarGen, a modular synthetic signal generation framework that produces realistic idle-state and active signals under controlled noise, drift, and timing variations. SigVarGen enables comprehensive algorithm development and stress testing across diverse simulated conditions, bridging the theoretical model design and empirical validation gap. Second, it presents SR\&OS, a dynamic calibration algorithm that optimises sampling rate and trigger offset selection. SR\&OS leverages adaptive binary search and statistical response detection to capture meaningful system responses despite variable latencies and noise conditions.

The thesis also performs a detailed risk assessment of typical noise sources in side-channel measurements and ranks mitigation strategies based on their effectiveness and practical feasibility. It identifies practical denoising techniques, such as trace averaging, singular spectrum analysis, and independent component analysis, as effective methods for improving signal quality. Furthermore, it evaluates signal quality metrics and validates comparative power and correlation-based indicators as efficient predictors for adaptive acquisition termination.

Together, these developments create a more robust and scalable framework for detecting undocumented behaviours in embedded systems through powertrace analysis. Experimental validation using synthetic datasets and real-world embedded targets demonstrates improvements in calibration accuracy and acquisition efficiency. The findings lay a foundation for future advancements in hardware fuzzing frameworks, mainly targeting embedded environments.