Differential Electromagnetic Attacks on a 32-bit Microprocessor Using Software Defined Radios

Document Type

Article

Publication Date

12-2013

Publication Source

IEEE Transactions on Information Forensics and Security

Abstract

Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virtually complete control over the device. This paper describes a method to collect side-channel data using a software defined radio (SDR) in real-time without requiring a collection device trigger. A correlation-based frequency-dependent leakage mapping technique is introduced to evaluate a 32-bit microprocessor, revealing that individual key bytes leak at different frequencies. Key byte-dependent leakage is observed in both SDR collected and triggered oscilloscope-based collections (which serve to validate the SDR data). This research is the first to demonstrate effective differential attack using SDRs. Successful attacks are presented using two SDRs, including a US$20 digital television receiver with modified drivers.

Inclusive pages

2101-2114

ISBN/ISSN

1556-6013

Comments

Permission documentation on file.

Publisher

Institute of Electrical and Electronics Engineers

Volume

8

Peer Reviewed

yes

Issue

12

Link to Full Text

Share

COinS