Abstract
Future wireless embedded devices will be increasingly powerful, supporting many more applications including one of the most crucial, security. Although many embedded devices offer resistance to bus probing attacks due to their compact size and high levels of integration, susceptibility to attacks on their electromagnetic side channel must be analyzed. This side channel is often quite complex to analyze due to the complexities of the embedded device including operating system, interrupts, and so forth. This article presents a new methodology for analyzing a complex system's vulnerability to the EM side channel. The methodology proposes a sliding window phase-only correlation method for aligning electromagnetic emanations from a complex smartphone running native code utilizing an on-chip cache. Unlike previous research, experimental results demonstrate that data written to on-chip cache within an advanced 312MHz 0.13um processor executing AES can be attacked utilizing this new methodology. Furthermore, for the first time, it has been shown that the point of side-channel attack is not a spike of increased EM but an area of low EM amplitude, unlike what is noted in previous findings. This research is important for advancing side-channel analysis understanding in complex embedded processors and ensuring secure implementations in future embedded ubiquitous devices.
- ARM. 2005. ARM Architecture Reference Manual, ARM DDI 0100I, 2005.Google Scholar
- R. Banakar et al. 2002. Scratchpad memory: A design alternative for cache on-chip memory in embedded systems. In Proceedings of the 10th International Symposium on Hardware/Software Codesign (CODES’02). IEEE, 73--78. Google Scholar
Digital Library
- L. Batina, B. Gierlichs, and K. Lemke-Rust. 2008. Comparative evaluation of rank correlation based DPA on an AES prototype chip. In Proceedings of the International Conference on Information Security (ISC’08), Lecture Notes in Computer Science 5222, 341--354. Google Scholar
Digital Library
- L. Batina et al. 2011. Mutual information analysis: A comprehensive study. Journal of Cryptology 24 (2011), 269--291. Google Scholar
Digital Library
- E. Brier, C. Clavier, and F. Olivier. 2004. Correlation power analysis with a leakage model. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES’04), Lecture Notes in Computer Science 3156, 16--29.Google Scholar
Cross Ref
- A. K. Brodzik. 2006. Phase-only filtering for the masses: A new approach to sequence alignment. IEEE Transactions on Signal Processing 54, 6 (June 2006), 2456--2466. Google Scholar
Digital Library
- S. Chari, J. R. Rao, and P. Rohatgi. 2003. Template attacks. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES’02), Lecture Notes in Computer Science 2523, 13--28. Google Scholar
Digital Library
- C. Clavier, J.-S. Coron, and N. Dabbous. 2000. Differential power analysis in the presence of hardware countermeasures. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES’00), Lecture Notes in Computer Science 1965, 252--263. Google Scholar
Digital Library
- C. Dai, Y. Zheng, and X. Li. 2006. Accurate video alignment using phase correlation. IEEE Signal Processing Letters 13, 12 (Dec. 2006), 737--740.Google Scholar
Cross Ref
- N. Debande, Y. Souissi, M. Nassar, S. Guilley, Thanh-Ha Le, and J.-L. Danger. 2011. “Re-synchronization by Moments”: An efficient solution to align side-channel traces. In Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS’11). 1--6. Google Scholar
Digital Library
- C. Gebotys, S. Ho, and C. C. Tiu. 2005. EM analysis of Rijndael and ECC on a wireless Java-based PDA. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES’05), Lecture Notes in Computer Science 3659, 250--264. Google Scholar
Digital Library
- C. Gebotys and B. A. White. 2008. EM analysis of a wireless Java-based PDA. ACM Transactions on Embedded Computing Systems 7, 4 (July 2008), 44:1--44:28. Google Scholar
Digital Library
- B. Gierlichs and B. Preneel. 2008. Mutual Information analysis: A generic side-channel distinguisher. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES’08), Lecture Notes in Computer Science 5154, 426--442. Google Scholar
Digital Library
- S. Guilley, K. Khalfallah, V. Lomne, and Jean-Luc Danger. 2011. Formal tracework for the evaluation of waveform resynchronization algorithms. In Proceedings of the International Conference on Information Security Theory and Practice: Security and Privacy of Mobile Devices in Wireless Communications (WISTP’11). 100--115. Google Scholar
Digital Library
- P. Hodgers, K. H. Boey, and M. O’Neill. 2011. Variable window power spectral density attack. In Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS’11). 1--6. Google Scholar
Digital Library
- N. Homma, S. Nagashima, T. Aoki, and A. Satoh. 2006. High-resolution side-channel attack using phase-based waveform matching. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES’06), Lecture Notes in Computer Science 4249, 187--200. Google Scholar
Digital Library
- W. Huang, K. Rajamani, M. R. Stan, and K. Skadron. 2011. Scaling with design constraints-predicting the future of big chips. IEEE Micro 31, 4, (July 2011), 16--29. Google Scholar
Digital Library
- G. M. James. 2007. Curve alignment by moments. Annals of Applied Statistics 1, 2 (2007), 480--501.Google Scholar
Cross Ref
- P. Kocher, J. Jaffe, and B. Jun. 1999. Differential power analysis. In Proceedings of International Cryptology Conference (Crypto’99), Lecture Notes in Computer Science 1666, 388--397. Google Scholar
Digital Library
- C. D. Kuglin and D. C. Hines. 1975. The phase correlation image alignment method. In Proceedings of the IEEE International Conference on Cybernetics and Society, 163--165.Google Scholar
- K. Mowery, S. Keelveedhi, and H. Shacham. 2012. Are AES x86 cache timing attacks still feasible? In Proceedings of ACM Cloud Security Computing Workshop (CCSW’12). 19--24. Google Scholar
Digital Library
- S. Salvador and P. Chan. 2004. FastDTW: Toward accurate dynamic time warping in linear time and space. In Proceedings of SIGKDD Workshop on Mining Temporal and Sequential data (KDD/TDM’04). 561--580.Google Scholar
- S. Steinke, L. Wehmeyer, Bo-Sik Lee, and P. Marwedel. 2002. Assigning program and data objects to scratchpad for energy reduction. In Proceedings of Design, Automation and Test in Europe (DATE’02). 409--415. Google Scholar
Digital Library
- J. G. J. van Woudenberg, Marc F. Witteman, and Bram Bakker. 2011. Improving differential power analysis by elastic alignment. In Proceedings of 11th International Conference on Topics in Cryptology (CT-RSA’11). 104--119. Google Scholar
Digital Library
- N. Veyrat-Charvillon and F.-X. Standaert. 2009. Mutual information analysis: How, when and why? In Proceedings of International Conference on Cryptographic Hardware and Embedded Systems (CHES’09). Lecture Notes in Computer Science 5747, 429--443. Google Scholar
Digital Library
Index Terms
A Sliding Window Phase-Only Correlation Method for Side-Channel Alignment in a Smartphone
Recommendations
Deconstructing new cache designs for thwarting software cache-based side channel attacks
CSAW '08: Proceedings of the 2nd ACM workshop on Computer security architecturesSoftware cache-based side channel attacks present a serious tthreat to computer systems. Previously proposed countermeasures were either too costly for practical use or only effective against particular attacks. Thus, a recent work identified cache ...
Reinforcement Learning-Based Design of Side-Channel Countermeasures
Security, Privacy, and Applied Cryptography EngineeringAbstractDeep learning-based side-channel attacks are capable of breaking targets protected with countermeasures. The constant progress in the last few years makes the attacks more powerful, requiring fewer traces to break a target. Unfortunately, to ...
Low-Noise LLC Side-Channel Attack with Perf
Information Security ApplicationsAbstractMany cache side-channel attacks have been proposed, and they threaten sensitive programs in real-world. The success of the attacks depends on how accurately to decide whether a set of cache lines are in cache or not. However, external factors ...






Comments