On the Security of Off-the-Shelf Microcontrollers: Hardware Is Not Enough

• Published in: Smart Card Research and Advanced Applications pp. 103 - 118
• Main Authors: Udvarhelyi, Balazs, van Wassenhove, Antoine, Bronchain, Olivier, Standaert, François-Xavier
• Format: Book Chapter
• Language: English
• Published: Cham Springer International Publishing
• Series: Lecture Notes in Computer Science
• ISBN: 9783030684860; 3030684865
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-030-68487-7_7

We complete the state-of-the-art on the side-channel security of real-world devices by analysing two 32-bit microcontrollers equipped with an unprotected co-processor. Our results show that (i) the lack of understanding of their hardware architecture can be circumvented with standard detection tools – for this purpose, we combine a simple variation of the Test Vector Leakage Assessment methodology with Signal-to-Noise Ratio estimations, which enables the efficient identification of attack vectors; (ii) standard distinguishers then lead to powerful key recoveries with less than 5,000 traces; and (iii) preprocessing like the continuous wavelet transform can be useful in such a black box evaluation context.