Differential Electromagnetic Attacks on a 32-bit Microprocessor Using Software Defined Radios
Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virt...
Saved in:
Published in | IEEE transactions on information forensics and security Vol. 8; no. 12; pp. 2101 - 2114 |
---|---|
Main Authors | , , , |
Format | Journal Article |
Language | English |
Published |
New York, NY
IEEE
01.12.2013
Institute of Electrical and Electronics Engineers |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Abstract | Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virtually complete control over the device. This paper describes a method to collect side-channel data using a software defined radio (SDR) in real-time without requiring a collection device trigger. A correlation-based frequency-dependent leakage mapping technique is introduced to evaluate a 32-bit microprocessor, revealing that individual key bytes leak at different frequencies. Key byte-dependent leakage is observed in both SDR collected and triggered oscilloscope-based collections (which serve to validate the SDR data). This research is the first to demonstrate effective differential attack using SDRs. Successful attacks are presented using two SDRs, including a US20 digital television receiver with modified drivers. |
---|---|
AbstractList | Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virtually complete control over the device. This paper describes a method to collect side-channel data using a software defined radio (SDR) in real-time without requiring a collection device trigger. A correlation-based frequency-dependent leakage mapping technique is introduced to evaluate a 32-bit microprocessor, revealing that individual key bytes leak at different frequencies. Key byte-dependent leakage is observed in both SDR collected and triggered oscilloscope-based collections (which serve to validate the SDR data). This research is the first to demonstrate effective differential attack using SDRs. Successful attacks are presented using two SDRs, including a US20 digital television receiver with modified drivers. |
Author | Baldwin, Rusty O. Montminy, David P. Oxley, Mark E. Temple, Michael A. |
Author_xml | – sequence: 1 givenname: David P. surname: Montminy fullname: Montminy, David P. email: david.montminy@afit.edu organization: Department of Electrical and Computer Engineering, U.S. Air Force Institute of Technology, Wright-Patterson AFB, OH, USA – sequence: 2 givenname: Rusty O. surname: Baldwin fullname: Baldwin, Rusty O. email: rusty.baldwin@afit.edu organization: Department of Electrical and Computer Engineering, U.S. Air Force Institute of Technology, Wright-Patterson AFB, OH, USA – sequence: 3 givenname: Michael A. surname: Temple fullname: Temple, Michael A. email: michael.temple@afit.edu organization: Department of Electrical and Computer Engineering, U.S. Air Force Institute of Technology, Wright-Patterson AFB, OH, USA – sequence: 4 givenname: Mark E. surname: Oxley fullname: Oxley, Mark E. email: mark.oxley@afit.edu organization: Department of Electrical and Computer Engineering, U.S. Air Force Institute of Technology, Wright-Patterson AFB, OH, USA |
BackLink | http://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=28073840$$DView record in Pascal Francis |
BookMark | eNo9kE1rAjEQhkOxULX9AaWXXHpcm6_NZo_iRytYClWPZYnZiaTVRJJA6b-vi-JpBuZ9hplngHo-eEDokZIRpaR-WS_mqxEjlI8YU5Uk5Ab1aVnKQhJGe9ee8js0SOmbECGoVH30NXXWQgSfnd7j2R5MjuGgdx6yM3icszY_CQePNeas2LqM352J4RiDgZRCxJvk_A6vgs2_OgKegnUeWvypWxfSPbq1ep_g4VKHaDOfrSdvxfLjdTEZLwvDucqFMKLSQrRVbVlLSkUMtcSUVJRCglWWbbkQW0p0WzEO7PQG0aVuaysrWdWy5ENEz3tPp6UUwTbH6A46_jWUNJ2fpvPTdH6ai58T83xmjjoZvbdRe-PSFWSKVFyJLvd0zjkAuI6lFEoqyv8BNSxv0Q |
CODEN | ITIFA6 |
CitedBy_id | crossref_primary_10_1016_j_cose_2021_102471 crossref_primary_10_1109_MSP_2018_2888893 crossref_primary_10_3390_s16091453 crossref_primary_10_1142_S0218127422501103 crossref_primary_10_1109_ACCESS_2019_2944902 crossref_primary_10_3390_e25030505 |
Cites_doi | 10.1007/978-3-642-21040-2_9 10.1007/s13389-011-0006-y 10.1007/3-540-45418-7_17 10.1007/978-3-642-37288-9_17 10.1145/1854099.1854126 10.2307/2331838 10.1109/JRPROC.1949.232969 10.1109/MSP.2011.942308 |
ContentType | Journal Article |
Copyright | 2015 INIST-CNRS |
Copyright_xml | – notice: 2015 INIST-CNRS |
DBID | 97E RIA RIE IQODW AAYXX CITATION |
DOI | 10.1109/TIFS.2013.2287600 |
DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005-present IEEE All-Society Periodicals Package (ASPP) 1998-Present IEEE Electronic Library Online Pascal-Francis CrossRef |
DatabaseTitle | CrossRef |
DatabaseTitleList | |
Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library Online url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
DeliveryMethod | fulltext_linktorsrc |
Discipline | Engineering Computer Science Applied Sciences |
EISSN | 1556-6021 |
EndPage | 2114 |
ExternalDocumentID | 10_1109_TIFS_2013_2287600 28073840 6648681 |
Genre | orig-research |
GroupedDBID | 0R~ 29I 4.4 5GY 5VS 6IK 97E AAJGR AASAJ ABQJQ ACGFS ACIWK AENEX AETIX AKJIK ALMA_UNASSIGNED_HOLDINGS ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 EBS EJD HZ~ IFIPE IPLJI JAVBF LAI M43 O9- OCL P2P PQQKQ RIA RIE RIG RNS IPNFZ IQODW PQEST AAYXX AGSQL CITATION |
ID | FETCH-LOGICAL-c338t-4c47a44d79f2d0580c1f0c514546ef8f2b344b10ad723e26010a5ad9f67679653 |
IEDL.DBID | RIE |
ISSN | 1556-6013 |
IngestDate | Fri Dec 06 04:03:55 EST 2024 Thu Nov 24 18:34:28 EST 2022 Mon Nov 04 11:48:52 EST 2024 |
IsDoiOpenAccess | false |
IsOpenAccess | true |
IsPeerReviewed | true |
IsScholarly | true |
Issue | 12 |
Keywords | Side channel attack Differential cryptanalysis frequency mapping Electromagnetism Digital television Leak software defined radio Television receiver Real time sub-Nyquist Frequency effect Physical attacks Differential analyzer differential attack Side-channel analysis Private key information leakage Public key Nyquist criterion Microprocessor Cryptography Computer security Software radio |
Language | English |
License | CC BY 4.0 https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/USG.html |
LinkModel | DirectLink |
MergedId | FETCHMERGED-LOGICAL-c338t-4c47a44d79f2d0580c1f0c514546ef8f2b344b10ad723e26010a5ad9f67679653 |
OpenAccessLink | https://doi.org/10.1109/tifs.2013.2287600 |
PageCount | 14 |
ParticipantIDs | crossref_primary_10_1109_TIFS_2013_2287600 pascalfrancis_primary_28073840 ieee_primary_6648681 |
PublicationCentury | 2000 |
PublicationDate | 2013-12-01 |
PublicationDateYYYYMMDD | 2013-12-01 |
PublicationDate_xml | – month: 12 year: 2013 text: 2013-12-01 day: 01 |
PublicationDecade | 2010 |
PublicationPlace | New York, NY |
PublicationPlace_xml | – name: New York, NY |
PublicationTitle | IEEE transactions on information forensics and security |
PublicationTitleAbbrev | TIFS |
PublicationYear | 2013 |
Publisher | IEEE Institute of Electrical and Electronics Engineers |
Publisher_xml | – name: IEEE – name: Institute of Electrical and Electronics Engineers |
References | barenghi (ref18) 2011; 6633 (ref24) 2012 jun (ref15) 2012 agrawal (ref5) 2003; 2523 quisquater (ref3) 2001 tuttlebee (ref11) 2002 ref17 (ref19) 2012 mangard (ref4) 2007 markgraf (ref12) 2012 (ref10) 2011 hutter (ref16) 2007; 4727 daemen (ref8) 1999 (ref26) 2012 ref23 ref20 ref22 ref21 brier (ref9) 2004 (ref25) 2012 taeubel (ref14) 2013 (ref7) 2001 ref6 (ref29) 2009 studio (ref28) 2013 gandolfi (ref2) 2001; 2162 kocher (ref1) 1999; 1666 blossom (ref13) 2004 (ref27) 2013 |
References_xml | – year: 2007 ident: ref4 publication-title: Power Analysis Attacks Revealing the Secrets of Smart Cards (Advances in Information Security) contributor: fullname: mangard – volume: 6633 start-page: 128 year: 2011 ident: ref18 publication-title: Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication doi: 10.1007/978-3-642-21040-2_9 contributor: fullname: barenghi – year: 2012 ident: ref19 publication-title: Stellaris LM4F232H5QD Microcontroller Data Sheet – start-page: 16 year: 2004 ident: ref9 article-title: Correlation power analysis with a leakage model publication-title: Proc 6th Int Workshop CHES contributor: fullname: brier – ident: ref6 doi: 10.1007/s13389-011-0006-y – volume: 1666 start-page: 388 year: 1999 ident: ref1 publication-title: Advances in Cryptology contributor: fullname: kocher – year: 2012 ident: ref24 publication-title: LFRX Daughterboard 1?250 MHz Rx – start-page: 200 year: 2001 ident: ref3 article-title: Electromagnetic analysis (EMA): Measures and counter-measures for smart cards publication-title: Proc Int Conf Research Smart Cards Smart Card Programming and Security (E-smart) doi: 10.1007/3-540-45418-7_17 contributor: fullname: quisquater – year: 2013 ident: ref27 publication-title: Simulink-RTL-SDR A Simulink Interface for RTL-SDR – year: 2002 ident: ref11 publication-title: Software Defined Radio Origins Drivers and International Perspectives contributor: fullname: tuttlebee – year: 2013 ident: ref14 publication-title: High Definition Software Defined Radio (HDSDR) contributor: fullname: taeubel – year: 2009 ident: ref29 publication-title: Using PicoScope PC Oscilloscopes for Fast USB Data Acquisition – year: 2011 ident: ref10 publication-title: icWaves Inspector Data Sheet – volume: 2523 start-page: 29 year: 2003 ident: ref5 publication-title: Cryptographic Hardware and Embedded Systems contributor: fullname: agrawal – year: 2012 ident: ref26 publication-title: Elonics E4000 Product Page – year: 2012 ident: ref12 publication-title: RTL-SDR OsmoSDR contributor: fullname: markgraf – year: 2013 ident: ref28 publication-title: DSO Nano v3 contributor: fullname: studio – ident: ref20 doi: 10.1007/978-3-642-37288-9_17 – ident: ref17 doi: 10.1145/1854099.1854126 – ident: ref21 doi: 10.2307/2331838 – volume: 4727 start-page: 320 year: 2007 ident: ref16 publication-title: Cryptographic Hardware and Embedded Systems contributor: fullname: hutter – year: 2001 ident: ref7 publication-title: Advanced Encryption Standard (AES) – ident: ref22 doi: 10.1109/JRPROC.1949.232969 – ident: ref23 doi: 10.1109/MSP.2011.942308 – start-page: 1 year: 2012 ident: ref15 article-title: Is your mobile device radiating keys? publication-title: Proc RSA Conf Present contributor: fullname: jun – volume: 2162 start-page: 251 year: 2001 ident: ref2 publication-title: Cryptographic Hardware and Embedded Systems contributor: fullname: gandolfi – year: 2012 ident: ref25 publication-title: Realtek rtl2832u – year: 1999 ident: ref8 publication-title: The Rijndael Block Cipher Version 2 contributor: fullname: daemen – start-page: 4 year: 2004 ident: ref13 article-title: GNU radio: Tools for exploring the radio frequency spectrum publication-title: Linux J contributor: fullname: blossom |
SSID | ssj0044168 |
Score | 2.1822155 |
Snippet | Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel... |
SourceID | crossref pascalfrancis ieee |
SourceType | Aggregation Database Index Database Publisher |
StartPage | 2101 |
SubjectTerms | Applied sciences Bandwidth Broadcasting. Videocommunications. Audiovisual Computer science; control theory; systems Correlation Cryptography differential attack Encryption Exact sciences and technology frequency mapping information leakage Information, signal and communications theory Memory and file management (including protection and security) Memory organisation. Data processing Oscilloscopes Radiocommunications Side-channel analysis Signal and communications theory Software software defined radio Software radio sub-Nyquist Telecommunications Telecommunications and information theory Television |
Title | Differential Electromagnetic Attacks on a 32-bit Microprocessor Using Software Defined Radios |
URI | https://ieeexplore.ieee.org/document/6648681 |
Volume | 8 |
hasFullText | 1 |
inHoldings | 1 |
isFullTextHit | |
isPrint | |
link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8NAEB60Jz1Yn1gfZQ-exNQ0u9l0j0UtKtSDD-hFwmazEVGT0qYI_npnsmmp4sFbIMkSdvYxX_b7vgE4EdZgaBPlGdOznrASp5SMAg9z40QqHXDJSTs8vJPXT-J2FI5W4GyhhbHWVuQz26HL6iw_LcyMfpWdSyl6knTWq5GSTqs1X3VxV3eytzCUHoIMXp9gdn11_ngzeCASF-8EiA8kidmW9qCqqApRIvUUeyVz5SyW9phBE4bzr3PUkrfOrEw65uuXceN_P38TNupkk_Xd6NiCFZtvQ3NeyIHV83ob1pdcCXfg-bIumoKT_51duTo5H_olJ70j65clyfJZkTPNeIDIumRDYvWNneSgmLCKhsAecIH_1BPLLm2GjafsXqevxXQXngZXjxfXXl2FwTMIX0tPGBFpIdJIZUHqhz3fdDPfYJ4VCmmzXhYkXIik6-s0CrglhzJfhzpVGVnBKRnyPWjkRW73ganUcsExA8p0gkgrUVog_FFkgENpq2rB6Twu8diZbcQVSPFVTEGMKYhxHcQW7FAXLx6se7cF7R-RXNwn2x-OcPbg7_cOYY1ad0yVI2iUk5k9xnyjTNrVQPsGKarQfg |
link.rule.ids | 314,780,784,796,27924,27925,54758 |
linkProvider | IEEE |
linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3JTsMwEB0hOAAHdkRZfeCESEljx62PFaUqSzlAkbigyHEchICkKqmQ-Hpm4rQqiAO3SNk9dvxePO8NwLGwBkMbK8-YlvWElTikZDPwEBvHUumAS07a4f6t7D2Iq8fwcQ5Op1oYa22ZfGbrtFmu5Se5GdOvsjMpRUuSznohFIhznVpr8t3Fed0J38JQekgzeLWG2fDV2eCye09pXLweIEOQJGebmYXKsiqUFKk_sF1SV9BiZpbprkJ_8nwuueS1Pi7iuvn6Zd343xdYg5UKbrK26x_rMGezDVidlHJg1cjegOUZX8JNeOpUZVNw-L-xC1cp510_Z6R4ZO2iIGE-yzOmGQ-QWxesT3l9Qyc6yEesTERg9_iJ_9Qjyzo2xYsn7E4nL_nHFjx0LwbnPa-qw-AZJLCFJ4xoaiGSpkqDxA9bvmmkvkGkFQpp01YaxFyIuOHrpBlwSx5lvg51olIyg1My5Nswn-WZ3QGmEssFRwyU6hi5Vqy0QAKkyAKHgKuqwckkLtHQ2W1EJU3xVURBjCiIURXEGmxSE08PrFq3Boc_IjndT8Y_HAnt7t_nHcFib9C_iW4ub6_3YInu5PJW9mG-GI3tAaKPIj4sO903TwnT0Q |
openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Differential+Electromagnetic+Attacks+on+a+32-bit+Microprocessor+Using+Software+Defined+Radios&rft.jtitle=IEEE+transactions+on+information+forensics+and+security&rft.au=MONTMINY%2C+David+P&rft.au=BALDWIN%2C+Rusty+O&rft.au=TEMPLE%2C+Michael+A&rft.au=OXLEY%2C+Mark+E&rft.date=2013-12-01&rft.pub=Institute+of+Electrical+and+Electronics+Engineers&rft.issn=1556-6013&rft.eissn=1556-6021&rft.volume=8&rft.issue=11-12&rft.spage=2101&rft.epage=2114&rft_id=info:doi/10.1109%2FTIFS.2013.2287600&rft.externalDBID=n%2Fa&rft.externalDocID=28073840 |
thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1556-6013&client=summon |
thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1556-6013&client=summon |
thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1556-6013&client=summon |