Differential Electromagnetic Attacks on a 32-bit Microprocessor Using Software Defined Radios

Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virt...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on information forensics and security Vol. 8; no. 12; pp. 2101 - 2114
Main Authors Montminy, David P., Baldwin, Rusty O., Temple, Michael A., Oxley, Mark E.
Format Journal Article
LanguageEnglish
Published New York, NY IEEE 01.12.2013
Institute of Electrical and Electronics Engineers
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virtually complete control over the device. This paper describes a method to collect side-channel data using a software defined radio (SDR) in real-time without requiring a collection device trigger. A correlation-based frequency-dependent leakage mapping technique is introduced to evaluate a 32-bit microprocessor, revealing that individual key bytes leak at different frequencies. Key byte-dependent leakage is observed in both SDR collected and triggered oscilloscope-based collections (which serve to validate the SDR data). This research is the first to demonstrate effective differential attack using SDRs. Successful attacks are presented using two SDRs, including a US20 digital television receiver with modified drivers.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2013.2287600