Abstract
Side-channel power analysis is a powerful method of breaking secure cryptographic algorithms, but typically power analysis is considered to require specialized measurement equipment on or near the device. Assuming an attacker first gained the ability to run code on the unsecure side of a device, they could trigger encryptions and use the on-board ADC to capture power traces of that hardware encryption engine.This is demonstrated on a SAML11 which contains a M23 core with a TrustZone-M implementation as the hardware security barrier. This attack requires 160 × 106 traces, or approximately 5 GByte of data. This attack does not use any external measurement equipment, entirely performing the power analysis using the ADC on-board the microcontroller under attack. The attack is demonstrated to work both from the non-secure and secure environment on the chip, being a demonstration of a cross-domain power analysis attack.To understand the effect of noise and sample rate reduction, an attack is mounted on the SAML11 hardware AES peripheral using classic external equipment, and results are compared for various sample rates and hardware setups. A discussion on how users of this device can help prevent such remote attacks is also presented, along with metrics that can be used in evaluating other devices. Complete copies of all recorded power traces and scripts used by the authors are publicly presented.
Highlights
One popular method of preventing security attacks on embedded devices is to have a Trusted Execution Environment (TEE), where only well-validated code executes, and only code in the TEE is allowed to access sensitive resources such as encryption keys or cryptographic accelerators
This work contains the following contributions: 1. The first side-channel attack on a device with TrustZone-M1, performed using an on-board ADC controlled from the non-secure world to capture power measurements to recover secrets processed in secure world of the TrustZone-M, making the attack possible to perform without having physical access to the device power rail
Note the Test Vector Leakage Assesement (TVLA) test result exceeding the threshold around sample point 37 aligns with the known location of leakage from the Correlation Power Analysis (CPA) attack, verifying this leakage is from the operation of interest and not simple loading or unloading of data
Summary
One popular method of preventing security attacks on embedded devices is to have a Trusted Execution Environment (TEE), where only well-validated code executes, and only code in the TEE is allowed to access sensitive resources such as encryption keys or cryptographic accelerators. TrustZone-M does not mandate side-channel power analysis resistance for any included cryptographic cores, so the ability of an attacker to perform side-channel power analysis is reasonably expected on these implementations This means developers relying on TrustZone-M must not expect that security will be guaranteed when physical access to the device is possible. These devices often include an ADC, which allows physical sampling of various voltages on the system By configuring this ADC to perform sampling operations before calling cryptographic operations, an attacker can perform side-channel analysis using entirely on-board resources as introduced by Gnad et al.[GKT19]. This effect will be used to break cryptographic implementations inside of the TrustZone-M secure world from the non-secure world which has access to the ADC configuration.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
