Introduction: Imagine being able to decipher the internal operational status of a target device merely by monitoring its induced current, without any physical contact. This sounds like a plot from a sci-fi movie, but thanks to the rapid advancements in TinyML technology, it has become a reality! The CurrentSense-TinyML project launched by the Santander security research team perfectly illustrates this astonishing attack method, revealing new challenges in microcontroller security.

CurrentSense-TinyML: The Perfect Combination of Current Sensing and TinyML
The CurrentSense-TinyML project utilizes current sensing and TinyML technology to achieve remote monitoring and analysis of microcontroller behavior. This project is not a figment of imagination; it is built on previous research findings and incorporates the excellent work of the Stacksmashing team. Its core goal is to demonstrate the feasibility of using machine learning (ML) for current monitoring side-channel attacks. By running a simple LED blinking program on the target microcontroller and using another microcontroller equipped with a TinyML model to monitor the current fluctuations of the target microcontroller, the LED’s blinking status can be inferred, thereby proving the feasibility of this method.

Project Principles and Core Technologies
CurrentSense-TinyML cleverly utilizes the INA219 current sensor to collect the current data of the target microcontroller. The INA219 connects with the Arduino Nano 33 Sense board, which is equipped with a TensorFlow Lite model, via the I2C interface. The Arduino Nano 33 Sense board acts as an analyzer, receiving and processing the current data sent by the INA219 in real-time. The pre-trained TensorFlow Lite model is responsible for analyzing this current data and inferring the operational status of the target microcontroller, such as the LED’s blinking state. The key to this process lies in the fact that different operations of microcontrollers produce different current characteristics, and the TinyML model can learn and recognize these characteristics, thereby achieving “monitoring” of the target microcontroller’s behavior.

Experimental Results and Feasibility Verification
The project provides a Jupyter Notebook that details the entire process of data collection, model training, and testing. Experimental results indicate that CurrentSense-TinyML can accurately identify the blinking state of the target LED. Using the serial plotting tool in the Arduino IDE, one can clearly see the synchronized changes between the analyzer’s LED and the target LED states, which strongly demonstrates the feasibility of this method. The project also provides a Google Colaboratory link for users to run and experience it online.
Project Setup and Environment Configuration
To facilitate users in replicating the experimental results, the project provides detailed installation steps and a hardware list. First, ensure that Python 3.8.x is installed (TensorFlow does not support Python 3.9.x), and create the appropriate environment using conda. Then, install TensorFlow and the necessary libraries. In terms of hardware, prepare the INA219 current sensor, the target Arduino Nano ATMEGA329P board, the analyzer Arduino Nano 33 Sense board, a breadboard, and the necessary cables. For software, either the Arduino IDE or PlatformIO can be used for development.
Attack and Defense Challenges and Outlook
The success of CurrentSense-TinyML reveals new challenges in the field of microcontroller security. Attackers can exploit this technology to obtain internal information from target devices without physical contact, raising the security requirements for IoT devices, embedded systems, and more.
Conclusion:
The CurrentSense-TinyML project showcases the immense potential of TinyML technology in the security domain. By combining current sensing with TinyML, we can monitor and analyze microcontroller behavior in an unprecedented way. Although this technology is still in its early stages, it has already provided us with a new perspective on security and prompted us to rethink our strategies for microcontroller security. This is not just a technical demonstration, but also a warning about future security challenges.
Project Address:https://github.com/Santandersecurityresearch/CurrentSense-TinyML