Differential Electromagnetic Attacks on a 32-bit Microprocessor Using Software Defined Radios
IEEE Transactions on Information Forensics and Security
Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virtually complete control over the device. This paper describes a method to collect side-channel data using a software defined radio (SDR) in real-time without requiring a collection device trigger. A correlation-based frequency-dependent leakage mapping technique is introduced to evaluate a 32-bit microprocessor, revealing that individual key bytes leak at different frequencies. Key byte-dependent leakage is observed in both SDR collected and triggered oscilloscope-based collections (which serve to validate the SDR data). This research is the first to demonstrate effective differential attack using SDRs. Successful attacks are presented using two SDRs, including a US$20 digital television receiver with modified drivers.
Copyright © 2013, IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Institute of Electrical and Electronics Engineers
Montminy, David P.; Baldwin, Rusty O.; Temple, Michael A.; and Oxley, Mark E., "Differential Electromagnetic Attacks on a 32-bit Microprocessor Using Software Defined Radios" (2013). Computer Science Faculty Publications. 107.