Electromagnetic Side-channel Attacks Research Articles

Amplitude-modulated EM side-channel attack on provably secure masked AES

Recently a new type of side channels was discovered, called amplitude-modulated electromagnetic (EM) emanations from mixed-signal circuits. Unlike power analysis or near field EM analysis, attacks based on amplitude-modulated EM emanations do not require the close physical access to the victim device, which makes the attack particularly threatening. However, all existing amplitude-modulated EM attacks on AES focus on implementations of unprotected TinyAES, which is less likely to be used when the implementation is not overly resource constrained. This paper presents the first deep learning based side-channel attack on AES-128 with a Rivain–Prouff masking scheme by using amplitude-modulated EM emanations as the side channel. Rivian–Prouff masking scheme is a provably secure higher-order masking scheme for AES. To bypass the theoretical strength of the addition-chain based Boolean masked SBox, we train neural networks on trace segments corresponding to the MixColumns operation in which the data loading instructions for SBox output leak information. By comparing two different training strategies, we show that it is feasible to recover the key from an ARM Cortex-M4 CPU implementation of AES-128 with a Rivain–Prouff masking scheme by using the amplitude-modulated EM emanations leaked from the victim device, which has a Bluetooth module embedded on the board.

A Threshold Implementation-Based Neural Network Accelerator With Power and Electromagnetic Side-Channel Countermeasures

With the recent advancements in machine learning (ML) theory, a lot of energy-efficient neural network (NN) accelerators have been developed. However, their associated side-channel security vulnerabilities pose a major concern. There have been several proof-of-concept attacks demonstrating the extraction of their model parameters and input data. This work introduces a threshold implementation (TI) masking-based NN accelerator that secures model parameters and inputs against power and electromagnetic (EM) side-channel attacks. The 0.159 mm2 demonstration in 28 nm runs at 125 MHz at 0.95 V and limits the area and energy overhead to 64% and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$5.5\times $ </tex-math></inline-formula> , respectively, while demonstrating security even greater than 2M traces. The accelerator also secures model parameters through encryption and the inputs against horizontal power analysis (HPA) attacks.

An Encrypted On-Chip Power Supply With Random Parallel Power Injection and Charge Recycling Against Power/EM Side-Channel Attacks

As hardware security becomes a crucial challenge for modern electronic devices to protect information privacy, this article presents an encrypted on-chip power supply to combat power and electromagnetic (EM) side-channel attacks (SCAs) for crypto cores. By splitting power and security into separate paths, random parallel power injection and charge recycling are realized to encrypt supply power activities for high SCA immunity while largely minimizing power and performance overheads. Despite of crypto core power variations, the proposed power supply can maintain uncorrelated input profile by adaptively modulating parallel noisy power injection. Moreover, its EM leakage is highly attenuated by spreading the spectrum energy to a wide frequency range and increasing noise floor. To achieve such, a recycled masking power stage with an encryption interface is designed to randomly inject power noise and recycle system charge with random <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">on</small> -time modulation while still retaining nominal power delivery. A silicon IC prototype of this design is fabricated using a 65 nm CMOS process with an active die area of 0.19 mm <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> . Measured input power profiles are fully encrypted to improve power SCA immunity. Operating at a nominal switching frequency of 10 MHz, random parallel power encryption reduces peak EM interference noise from 64.57 dBμV to 43.12 dBμV to meet EN55032 Class B standards and verify EM spectrum profile encryption. In response to a step-up load change from zero to full load current of 200 mA, the power supply achieves 1% settling time of 0.78 μs, with measured voltage droop of 54 mV with no other performance overhead. It achieves a peak efficiency of 90.5%, only suffering the maximum power overhead of 4.9%.

Mitigating Electromagnetic Side-Channel Attacks

By providing new sources of electronic evidence, the Internet of Things (IoT) has opened up new possibilities for digital forensics. Obtaining electronic data from IoT, on the other hand, is a difficult process for a variety of reasons, including the use of various types of standard interfaces, the use of light-weight data encryption, such as elliptic curve cryptography (ECC), and so on. The use of electromagnetic side-channel analysis (EM-SCA) to obtain forensically valuable electronic data from IoT devices has been proposed. EM side-channel analysis is a technique for eavesdropping on the operations and data handling of computing devices using unintentional electromagnetic emissions. However, successful EM-SCA attacks on IoT devices require expert knowledge and specialized tools that are not available to most digital forensic investigators. The electromagnetic side-channel (EM-SC) is one of several types of side-channel approaches for extracting usable electronic data from IoT devices. This paper with focus on Electromagnetic side-channel (EM-SC), the positive and negative usage and how to mitigate the negative usage. Keywords: Electromagnetic, Side-channels, digital forensics, IOT, electronic evidence, Africa.

Methodology for Complete Decorrelation of Power Supply EM Side-Channel Signal and Sensitive Data

Electro-magnetic (EM) side channel attacks have become a serious threat to security of Internet-of-Things (IoT) devices. Power supply generated by voltage regulators is one of the most common attack targets due to its strong EM emanations. In this brief we derive analytical conditions for complete theoretical decorrelation of the power supply EM side-channel signal and the sensitive data. The output of the power supply converter is modelled as amplitude modulation (AM) of the load signal by the converter capacitance that acts as a carrier. By applying Price theorem (Papoulis and Pillai, 2002), we obtain the exact theoretical conditions that converter capacitance needs to fulfil in order to prevent EM side-channel attacks. The conditions are further adapted for practical implementation. When the proposed methodology is applied to AES measured traces, the correlation coefficient between the leaked signal and the sensitive data is 0.05. Such low correlation indicates the proposed methodology is a promising candidate against the attacks that exploit AM signals to extract sensitive data, such as, TEMPEST and active EM attacks. Test Vector Leakage Assessment (TVLA) <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\rho $ </tex-math></inline-formula> -test detects no leaky points, thereby confirming circuit protection against differential and correlation EM attacks as well.

Randomized Switching SAR (RS-SAR) ADC for Power and EM Side-Channel Security

Successive Approximation Register (SAR) Analog to Digital Converters (ADCs) are used in many edge Internet of Things (IoT) devices to digitize analog inputs before further processing. These inputs can be private, requiring physical side channel security to protect the data being converted. Previous work jeongs2adc2020-1, mikirandom2020 has found vulnerabilities in the power side channels of SAR ADCs and proposed limited fixes. Whereas power side channel attacks require cutting the power trace and introducing a shunt resistor for measurement, electromagnetic (EM) side channel attacks are possible to perform non-invasively external to packaging. In this work, we present a randomized switching SAR (RS-SAR) ADC protection that is effective against both power and EM side channel attacks, reducing the attack efficacy by 32x for EM attacks and 82x for power attacks.

EM Side-Channel Countermeasure for Switched-Capacitor DC–DC Converters Based on Amplitude Modulation

The security of IoT devices is becoming a major concern in industry. Noninvasive side-channel attacks pose a serious threat as they are capable of extracting secret information from distance while using low-cost equipment. In this article, we propose an efficient countermeasure technique against the electromagnetic (EM) side-channel attacks. The technique is applied to switched-capacitor (SC) dc-dc converters and is based on amplitude modulation of the load signal by the converter capacitance that acts as a carrier. We verify the proposed technique by using a reliable evaluation metric that predicts the correlation between the encryption secret key and the attacker's measured signal. The results show that the proposed technique can achieve cross correlation coefficients as low as 0.2, disabling the attacker from extracting the sensitive information. In addition, test vector leakage assessment (TVLA) ρ-test indicates that the number of leaky points for advanced encryption standard (AES) execution drops from 62 for unprotected circuit to zero for the circuit secured by the proposed technique. TVLA t-statistic is decreased by three orders of magnitude in the protected AES execution.

Electromagnetic Side-Channel Attack on AES using Low-end Equipment

Side-channel attacks on cryptographic algorithms targets the implementation of the algorithm. Information can leak from the implementation in several different ways and, in this paper, electromagnetic radiation from an FPGA is considered. We examine to which extent key information from an AES implementation can be deduced using a low-end oscilloscope. Moreover, we examine how the antenna's distance from the FPGA affects the results in this setting. Our experiments show that some key bits indeed can be inferred from the measurements, despite having a far from optimal setting.

CNN Based Electromagnetic Side Channel Attacks on SoC

Side channel attacks are well-known thread to ciphers in real world. In this paper, we give a CNN based profiled side channel attacks on AES cipher implemented on HI Silicon Kirin 620 SoC, which is a 1.2GHz multi-core platform. With 100,000 acquired side channel traces to train, the CNN have ability to recover real key byte under 1,000 traces, even though the traces are misaligned.

Air Gap Penetration

The issue of data security is very paramount for any organization now a day So through this project we will show how an attacker can steal data from the air �gapped channels and also provide some measures in order to protect data from such type of attacks. Now a day attackers can leak data from isolated, air-gapped computers to nearby smart phones via covert magnetic signals. Attacks have been demonstrated on eavesdropping computer displays by utilizing these emissions as a side-channel vector. The accuracy of producing a screen pic depends on the emission sampling rate and bandwidth of the attackers signal hardware. The cost of radio frequency hardware increased with supported frequency range and bandwidth. A number of affordable software defined radio equipment solutions are currently available satisfying a number of radio-focused attacks at a proper price point. This work investigates that the accuracy influencing factors, other than the sample rate and bandwidth, which are noise removal, image blending, and image quality adjustments, that affect the perfection of monitor image reconstruction through electromagnetic side-channel attacks.

Improved Power/EM Side-Channel Attack Resistance of 128-Bit AES Engines With Random Fast Voltage Dithering

This paper demonstrates the improved power and electromagnetic (EM) side-channel attack (SCA) resistance of 128-bit Advanced Encryption Standard (AES) engines in 130-nm CMOS using random fast voltage dithering (RFVD) enabled by integrated voltage regulator (IVR) with the bond-wire inductors and an on-chip all-digital clock modulation (ADCM) circuit. RFVD scheme transforms the current signatures with random variations in AES input supply while adding random shifts in the clock edges in the presence of global and local supply noises. The measured power signatures at the supply node of the AES engines show upto 37× reduction in peak for higher order test vector leakage assessment (TVLA) metric and upto 692× increase in minimum traces required to disclose (MTD) the secret encryption key with correlation power analysis (CPA). Similarly, SCA on the measured EM signatures from the chip demonstrates a reduction of upto 11.3× in TVLA peak and upto 37× increase in correlation EM analysis (CEMA) MTD.

Practical Evaluation of Protected Residue Number System Scalar Multiplication

The Residue Number System (RNS) arithmetic is gaining grounds in public key cryptography, because it offers fast, efficient and secure implementations over large prime fields or rings of integers. In this paper, we propose a generic, thorough and analytic evaluation approach for protected scalar multiplication implementations with RNS and traditional Side Channel Attack (SCA) countermeasures in an effort to assess the SCA resistance of RNS. This paper constitutes the first robust evaluation of RNS software for Elliptic Curve Cryptography against electromagnetic (EM) side-channel attacks. Four different countermeasures, namely scalar and point randomization, random base permutations and random moduli operation sequence, are implemented and evaluated using the Test Vector Leakage Assessment (TVLA) and template attacks. More specifically, variations of RNS-based Montgomery Powering Ladder scalar multiplication algorithms are evaluated on an ARM Cortex A8 processor using an EM probe for acquisition of the traces. We show experimentally and theoretically that new bounds should be put forward when TVLA evaluations on public key algorithms are performed. On the security of RNS, our data and location dependent template attacks show that even protected implementations are vulnerable to these attacks. A combination of RNS-based countermeasures is the best way to protect against side-channel leakage.

Security Enhancements of a Mutual Authentication Protocol Used in a HF Full-Fledged RFID Tag

Radio Frequency IDentification (RFID) is used in many applications such as access control, transport, ticketing and contactless payment. The full-fledged High Frequency (HF) tags are the most popular RFID tags for these applications that require relatively high cost security operations. However, these HF tags are threatened by many passive attacks such as eavesdropping, desynchronization and ElectroMagnetic (EM) Side Channel Attacks (SCA). In this article, we propose the implementation and the validation of a full-fledged HF tag architecture using an enhanced mutual authentication protocol. This is achieved using a FPGA platform. Security analysis against Electromagnetic Attack (EMA) and desynchronization attacks on the original protocol are presented. Then enhancements at the protocol level are proposed to overcome these attacks. The implementation of these security enhancements shows a low overhead (+22 LUTs) compared to previous existing security hardware solutions (+598 LUTs).

A Compact and Low Power RO PUF with High Resilience to the EM Side-Channel Attack and the SVM Modelling Attack of Wireless Sensor Networks.

Authentication is a crucial security service for the wireless sensor networks (WSNs) in versatile domains. The deployment of WSN devices in the untrusted open environment and the resource-constrained nature make the on-chip authentication an open challenge. The strong physical unclonable function (PUF) came in handy as light-weight authentication security primitive. In this paper, we present the first ring oscillator (RO) based strong physical unclonable function (PUF) with high resilience to both the electromagnetic (EM) side-channel attack and the support vector machine (SVM) modelling attack. By employing an RO based PUF architecture with the current starved inverter as the delay cell, the oscillation power is significantly reduced to minimize the emitted EM signal, leading to greatly enhanced immunity to the EM side-channel analysis attack. In addition, featuring superior reconfigurability due to the conspicuously simplified circuitries, the proposed implementation is capable of withstanding the SVM modelling attack by generating and comparing a large number of RO frequency pairs. The reported experimental results validate the prototype of a 9-stage RO PUF fabricated using standard 65 nm complementary-metal-oxide-semiconductor (CMOS) process. Operating at the supply voltage of 1.2 V and the frequency of 100 KHz, the fabricated RO PUF occupies a compact silicon area of 250 m and consumes a power as low as 5.16 W per challenge-response pair (CRP). Furthermore, the uniqueness and the worst-case reliability are measured to be 50.17% and 98.30% for the working temperature range of −40∼120 C and the supply voltage variation of ±2%, respectively. Thus, the proposed PUF is applicable for the low power, low cost and secure WSN communications.

Research on Electromagnetic Side-channel Signal Extraction for Mobile Device PCM-9589F Multi-COM

The portability and various functions of mobile devices enable them to go deep into people's study, work and life. While it is convenient for people, mobile devices contain a large number of user’s private information, such as the user's personal property information, identity information and even the confidential information of enterprise etc. Side-channel attack is currently one of the most effective ways to steal private information of cryptographic devices thus the threat to mobile devices can be imagined. In this paper, the electromagnetic side-channel attack based on AES encryption algorithm on mobile device—PCM-9589F Multi-COM Board is studied. A new signal acquisition platform is designed, which solves the problem that the difficulty in locating the side-channel electromagnetic leakage signal of the mobile devices. In addition,using the time-frequency analysis and filter technology,we extract the encryption features of AES on PCM-9589F Multi-COM Board.

Low Cost Countermeasure at Authentication Protocol Level against Electromagnetic Side Channel Attacks on RFID Tags

Radio Frequency Identification (RFID) technology is widely spread in many security applications. Producing secured low-cost and low-power RFID tags is a challenge. The used of lightweight encryption algorithms can be an economic solution for these RFID security applications. This article proposes low cost countermeasure to secure RFID tags against Electromagnetic Side Channel Attacks (EMA). Firstly, we proposed a parallel architecture of PRESENT block cipher that represents a one way of hiding countermeasures against EMA. 200 000 Electromagnetic traces are used to attack the proposed architecture, whereas 10 000 EM traces are used to attack an existing serial architecture of PRESENT. Then we proposed a countermeasure at mutual authentication protocol by limiting progressively the number of EM traces. This limitation prevents the attacker to perform the EMA. The proposed countermeasure is based on time delay function. It requires 960 GEs and represents a low cost solution compared to existing countermeasures at primitive block cipher (2471 GEs).

Electromagnetic side-channel attack based on PSO directed acyclic graph SVM

Machine learning has a powerful potential for performing the template attack (TA) of cryptographic device. To improve the accuracy and time consuming of electromagnetic template attack (ETA), a multi-class directed acyclic graph support vector machine (DAGSVM) method is proposed to predict the Hamming weight of the key. The method needs to generate K(K1)/2 binary support vector machine (SVM) classifiers and realizes the K-class prediction using a rooted binary directed acyclic graph (DAG) testing model. Further, particle swarm optimization (PSO) is used for optimal selection of DAGSVM model parameters to improve the performance of DAGSVM. By exploiting the electromagnetic emanations captured while a chip was implementing the RC4 algorithm in software, the computation complexity and performance of several multi-class machine learning methods, such as DAGSVM, one-versus-one (OVO)SVM, one-versus-all (OVA)SVM, Probabilistic neural networks (PNN), K-means clustering and fuzzy neural network (FNN) are investigated. In the same scenario, the highest classification accuracy of Hamming weight for the key reached 100%, 95.33%, 85%, 74%, 49.67% and 38% for DAGSVM, OVOSVM, OVASVM, PNN, K-means and FNN, respectively. The experiment results demonstrate the proposed model performs higher predictive accuracy and faster convergence speed.

Experimental Demonstration of Electromagnetic Information Leakage From Modern Processor-Memory Systems

This paper shows that electromagnetic (EM) information leakage from modern laptops and desktops (with no peripherals attached) is indeed possible and is relatively easy to achieve. The experiments are performed on three laptop systems and one desktop system with different processors (Intel Centrino, Core 2, Core i7, and AMD Turion), and show that both active (program deliberately tries to cause emanations at a particular frequency) and passive (emanations at different frequencies happen as a result of system activity) EM side-channel attacks are possible on all the systems we tested. Furthermore, this paper shows that EM information leakage can reliably be received at distances that vary from tens of centimeters to several meters including the signals that have propagated through cubicle or structural walls. Finally, this paper shows how activity levels and data values used in accessing different parts of the memory subsystem (off-chip memory and each level of on-chip caches) affect the transmission distance.

Influence of PCB and Attached Line of Hardware on Electromagnetic (EM) Information Leakage

Electromagnetic (EM) radiation from information hardware under normal operating conditions can compromise secret information (EM information leakage), for example, operations or processed data contained in the hardware. Methods for analyzing EM radiation with the intention of extracting secret information have been proposed, and EM side-channel attacks on cryptographic hardware are a major concern. This paper investigates how EM information leakage changes with the configuration of information hardware, focusing on the frequency characteristics of the hardware. We assume that frequency characteristics of the EM radiation correspond to physical aspects of the hardware configuration. To address the issue of information leakage, this paper presents a novel analysis of EM radiation from information hardware by using a model circuit board. Through this model we show that the intensity of EM emission can be related to the layout of the hardware.

Differential electromagnetic analysis on advanced encryption standard (AES)

To study the vulnerability of Advanced Encryption Standard (AES) against electromagnetic side channel attacks,the article analyzed the electromagnetic information leakage model of microcomputer and the choice of D function. Then,concerning the AES-128 bits cryptographic system realized by the 89C51 microchip,Differential Electromagnetic Analysis (DEMA) algorithm,which was used into an attack experiment and succeeded in obtaining 128 bits secret key of AES-128,was described. After analyzing the experimental results,the leakage of secret information produced by ByteSub transformation was detected. This method can be regarded as a new protective measure in cryptographic systems.