SCNIFFER: Low-Cost, Automated, Efficient Electromagnetic Side-Channel Sniffing

Danial, Josef; Das, Debayan; Ghosh, Santosh; Raychowdhury, Arijit; Sen, Shreyas

doi:10.1109/access.2020.3025022

Cited by 24 publications

(15 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, an automated end-to-end framework for EM leakage localization, trace acquisition and the attack has been missing. Recently, we proposed SCNIFFER, which is a low-cost, automated EM side-channel leakage sniffing platform to perform efficient end-to-end side-channel attacks [32]. Using a leakage measure such as test vector leakage assessment (TVLA), or the signal to noise ratio (SNR), we propose a greedy gradient-search heuristic that converges to one of the points of highest EM leakage on the chip (dimension: N × N) within O(N) iterations, and then performs correlational EM analysis (CEMA) at that point (Figure 9a).…”

Section: Low-cost Automated Em Sca Attack Framework: Scniffermentioning

confidence: 99%

“…Using a leakage measure such as test vector leakage assessment (TVLA), or the signal to noise ratio (SNR), we propose a greedy gradient-search heuristic that converges to one of the points of highest EM leakage on the chip (dimension: N × N) within O(N) iterations, and then performs correlational EM analysis (CEMA) at that point (Figure 9a). This reduces the CEMA attack time by ∼N times compared to an exhaustive MTD analysis, and by >20× compared to choosing an attack location at random [32].…”

Section: Low-cost Automated Em Sca Attack Framework: Scniffermentioning

confidence: 99%

“…Converge to of High Leakage point using SCNIFFER framework through SNR analysis and an intelligent gradient search algorithm, and then perform an EM SCA attack at that point a) b) Figure 9. (a) SCNIFFER integrates the EM scanning, trace collection, intelligent fast localization and attack together, to enable an end-to-end EM SCA framework [32]. (b) Implementation of the low-cost SCNIFFER system with the 3D EM scanner, H-probe, amplifier, target device and chipwhisperer system for the trace capture.…”

Section: Data Processingmentioning

confidence: 99%

“…Once the best leakage point on the chip is found, SCNIFFER uses CEMA to perform the EM SCA attack to recover the correct key. (b) SCNIFFER with SNR/TVLA-based intelligent gradient search shows a ∼100× reduction in the number of traces required for the end-to-end attack compared to the exhaustive search[32].…”

mentioning

confidence: 99%

See 3 more Smart Citations

Electromagnetic and Power Side-Channel Analysis: Advanced Attacks and Low-Overhead Generic Countermeasures through White-Box Approach

Das

Sen

2020

Cryptography

Self Cite

View full text Add to dashboard Cite

Electromagnetic and power side-channel analysis (SCA) provides attackers a prominent tool to extract the secret key from the cryptographic engine. In this article, we present our cross-device deep learning (DL)-based side-channel attack (X-DeepSCA) which reduces the time to attack on embedded devices, thereby increasing the threat surface significantly. Consequently, with the knowledge of such advanced attacks, we performed a ground-up white-box analysis of the crypto IC to root-cause the source of the electromagnetic (EM) side-channel leakage. Equipped with the understanding that the higher-level metals significantly contribute to the EM leakage, we present STELLAR, which proposes to route the crypto core within the lower metals and then embed it within a current-domain signature attenuation (CDSA) hardware to ensure that the critical correlated signature gets suppressed before it reaches the top-level metal layers. CDSA-AES256 with local lower metal routing was fabricated in a TSMC 65 nm process and evaluated against different profiled and non-profiled attacks, showing protection beyond 1B encryptions, compared to ∼10K for the unprotected AES. Overall, the presented countermeasure achieved a 100× improvement over the state-of-the-art countermeasures available, with comparable power/area overheads and without any performance degradation. Moreover, it is a generic countermeasure and can be used to protect any crypto cores while preserving the legacy of the existing implementations.

show abstract

Section: Low-cost Automated Em Sca Attack Framework: Scniffermentioning

confidence: 99%

Section: Low-cost Automated Em Sca Attack Framework: Scniffermentioning

confidence: 99%

Section: Data Processingmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Electromagnetic and Power Side-Channel Analysis: Advanced Attacks and Low-Overhead Generic Countermeasures through White-Box Approach

Das

Sen

2020

Cryptography

Self Cite

View full text Add to dashboard Cite

show abstract

“…In order to perform EM-SCA for acquiring forensic insights from a particular IoT device or a smartphone, the EM radiation patterns of the target device have to be profiled and incorporated into EM-SCA methods. The profiling of a particular device starts with the required specialised hardware, including DUTs and data acquisition equipment [7]. The actual work on developing the EM-SCA technique for analysing EM data of the particular DUT comes as the second step.…”

Section: Introductionmentioning

confidence: 99%

Electromagnetic Side-Channel Analysis for IoT Forensics: Challenges, Framework, and Datasets

Sayakkara

Le-Khac

2021

IEEE Access

View full text Add to dashboard Cite

Electromagnetic (EM) side-channel radiation from Internet of Things (IoT) devices are shown to be effective at acquiring forensic insights during digital investigations. These EM radiation patterns can be analysed with the help of machine learning algorithms to detect internal behaviours of IoT devices, which can be relevant to an investigation. However, the real-world application of EM sidechannel analysis for digital forensic purposes is obstructed by the lack of suitable tools and the technical expertise among law-enforcement communities. Although certain frameworks, such as EMvidence, exist to cater this requirement, the sheer diversity of the IoT ecosystem makes it difficult to support a sufficiently large collection of devices that are commonly encountered in forensic investigations. The work presented in this paper makes multiple contributions towards addressing this problem. Initially, a detailed discussion on the challenges of applying EM side-channel analysis in practical digital forensic purposes is provided, where the practical difficulties are illustrated. Then, it was shown that the existing EM side-channel analysis frameworks, such as EMvidence, can be used to overcome the diversity of IoT devices in forensics by equipping them with extensible plug-ins targeting the internal system-on-chips (SoC) of each device type. These plug-ins are expected to incorporate trained machine learning models, which are capable of recognising patterns of specific IoT device SoCs. However, the development of such plug-ins requires sufficiently diverse EM datasets from IoT devices. Facilitating this requirement, this work presents a comprehensive EM side-channel dataset representing a diverse collection of popular IoT devices and smartphones. The presented dataset is used to demonstrate the potential usage of machine learning models to recognise device behaviour.

show abstract

Ensuring cross-device portability of electromagnetic side-channel analysis for digital forensics

Navanesan,

Le-Khac,

Scanlon

et al. 2024

Forensic Science International: Digital Investigation

View full text Add to dashboard Cite

SCNIFFER: Low-Cost, Automated, Efficient Electromagnetic Side-Channel Sniffing

Cited by 24 publications

References 23 publications

Electromagnetic and Power Side-Channel Analysis: Advanced Attacks and Low-Overhead Generic Countermeasures through White-Box Approach

Electromagnetic and Power Side-Channel Analysis: Advanced Attacks and Low-Overhead Generic Countermeasures through White-Box Approach

Electromagnetic Side-Channel Analysis for IoT Forensics: Challenges, Framework, and Datasets

Ensuring cross-device portability of electromagnetic side-channel analysis for digital forensics

Contact Info

Product

Resources

About