SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip

Longo, Jake; Mulder, Elke De; Page, Daniel; Tunstall, Michael

doi:10.1007/978-3-662-48324-4_31

Cited by 94 publications

(52 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This includes, among others, higher order attacks [44], correlation power analyses [13] and template attacks [17]. Recently it was shown that the electromagnetic-based leakage from a complex System on a Chip (SoC)-based platform, such as the popular general purpose ARM core and on-chip co-processor, running at high clock frequencies can be used to deduce the secret key [39]. Nevertheless, many modern platforms use some form of software protection (such as white-box techniques) to protect the cryptographic master keys of a particular device.…”

Section: Differential Power Analysismentioning

confidence: 99%

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

Bos

Hubain²,

Michiels

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. In this paper a new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. This differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community. We developed plugins to widely available dynamic binary instrumentation frameworks to produce software execution traces which contain information about the memory addresses being accessed. We show how DCA can extract the secret key from all publicly (non-commercial) available whitebox programs implementing standardized cryptography by analyzing these traces to identify secret-key dependent correlations.

show abstract

Section: Differential Power Analysismentioning

confidence: 99%

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

Bos

Hubain²,

Michiels

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…We utilise a interesting real-world data set provided by the authors of Longo et al at CHES 2015 [12] to illustrate how to integrate key rank into practical evaluations. We re-implemented and re-ran one of the attacks described by Longo et al at CHES 2015 [12].…”

Section: Real World Evaluation Of a Challenging Targetmentioning

confidence: 99%

“…We re-implemented and re-ran one of the attacks described by Longo et al at CHES 2015 [12]. They illustrated several standard DPA attacks on a complex device, and we selected their most challenging one: an attack on a hardware AES implementation, utilising EM measurements.…”

Section: Real World Evaluation Of a Challenging Targetmentioning

confidence: 99%

“…They illustrated several standard DPA attacks on a complex device, and we selected their most challenging one: an attack on a hardware AES implementation, utilising EM measurements. We refer the reader to the attack paper for full details, but note that we use an improved attack strategy communicated to use after correspondence with the authors [12]. The available dataset consisted of approximately one million EM traces.…”

Section: Real World Evaluation Of a Challenging Targetmentioning

confidence: 99%

See 1 more Smart Citation

Characterisation and Estimation of the Key Rank Distribution in the Context of Side Channel Evaluations

Martin

Mather²,

Oswald

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Quantifying the side channel security of implementations has been a significant research question for several years in academia but also among real world side channel practitioners. As part of security evaluations, efficient key rank estimation algorithms were devised, which in contrast to analyses based on subkey recovery, give a holistic picture of the security level after a side channel attack. However, it has been observed that outcomes of rank estimations show a huge spread in precisely the range of key ranks where enumeration could lead to key recovery. These observations raise the question whether this is because of insufficient rank estimation procedures, or, if this is an inherent property of the key rank. Furthermore, if this was inherent, how could key rank outcomes be translated into practically meaningful figures, suitable to analysing the risk that real world side channel attacks pose? This paper is a direct response to these questions. We experimentally identify the key rank distribution and show that it is independent of different distinguishers and signal-to-noise ratios. Then we offer a theoretical explanation for the observed key rank distribution and determine how many samples thereof are required for a robust estimation of some key parameters. We discuss how this can be naturally integrated into real world side channel evaluation practices. We conclude our research by connecting non-parametric order statistics, in particular percentiles, in a practically meaningful way with business goals.

show abstract

“…In fact, DPA attacks were quite recently shown to pose a serious threat to memory encryption on general-purpose CPUs. While the DPA presented in [57] breaks many contemporary memory encryption schemes, the practical attacks in [5,37,50,57] document the feasibility of DPA on memory encryption and authentication on state-ofthe-art systems.…”

Section: Introductionmentioning

confidence: 99%

MEAS: memory encryption and authentication secure against side-channel attacks

2018

View full text Add to dashboard Cite

Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using differential power analysis (DPA). In this work, we present Meas-the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. Meas prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. Meas is applicable to all kinds of memory, e.g., NVM and RAM. For RAM, we give two concrete Meas instances based on the lightweight primitives Ascon, PRINCE, and QARMA. We implement and evaluate both instances on a Zynq XC7Z020 FPGA showing that Meas has memory and performance overhead comparable to existing memory authentication techniques without DPA protection.

show abstract

SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip

Cited by 94 publications

References 32 publications

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough

Characterisation and Estimation of the Key Rank Distribution in the Context of Side Channel Evaluations

MEAS: memory encryption and authentication secure against side-channel attacks

Contact Info

Product

Resources

About