Differential Electromagnetic Attacks on a 32-bit Microprocessor Using Software Defined Radios
Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virt...
Saved in:
Published in | IEEE transactions on information forensics and security Vol. 8; no. 12; pp. 2101 - 2114 |
---|---|
Main Authors | , , , |
Format | Journal Article |
Language | English |
Published |
New York, NY
IEEE
01.12.2013
Institute of Electrical and Electronics Engineers |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virtually complete control over the device. This paper describes a method to collect side-channel data using a software defined radio (SDR) in real-time without requiring a collection device trigger. A correlation-based frequency-dependent leakage mapping technique is introduced to evaluate a 32-bit microprocessor, revealing that individual key bytes leak at different frequencies. Key byte-dependent leakage is observed in both SDR collected and triggered oscilloscope-based collections (which serve to validate the SDR data). This research is the first to demonstrate effective differential attack using SDRs. Successful attacks are presented using two SDRs, including a US20 digital television receiver with modified drivers. |
---|---|
ISSN: | 1556-6013 1556-6021 |
DOI: | 10.1109/TIFS.2013.2287600 |