A Systematic Evaluation of EM and Power Side-Channel Analysis Attacks on AES Implementations

Abstract

The effectiveness of coarse- and fine-grained electromagnetic (EM) side-channel analysis (SCA) attacks, as well as power SCA attacks, are empirically evaluated on implementations of the Advanced Encryption Standard (AES) algorithm. Coarse-grained EM and power SCA attacks use a single sensor configuration to measure the aggregated EM emanation or power consumption for a large set of encryptions, and then analyze this set of signals to recover all encryption key bytes. In contrast, fine-grained EM SCA attacks first perform high-resolution scans with relatively small probes in multiple orientations to localize on-chip information leakage, and then use a specific probe configuration for each key byte to collect and analyze signals. The fine-grained EM SCA attacks are found to be up to >70× more effective than coarse-grained EM and power SCA attacks when extracting the key from 3 implementations of 128-bit AES. They are constrained, however, by the potentially prohibitive cost of the initial search to identify effective probe configurations. Search protocols, categorized according to the threat model, to reduce this one-time acquisition cost are presented and are found to require ~8–15× fewer measurements compared to an exhaustive search.