Isolating Electromagnetic Leakage for Side Channel Analysis
Bottari, Placido (2023)
Bottari, Placido
2023
Master's Programme in Information Technology
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2023-08-25
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202306286974
https://urn.fi/URN:NBN:fi:tuni-202306286974
Tiivistelmä
Electromagnetic (EM) side-channel analysis (SCA) is a procedure used to find weaknesses in the implementation of cryptographic devices allowing a user to extract secret data. An EM scan of a device is performed in specific areas of a cryptographic device, more precisely where the cryptographic operations are executed. EM SCA techniques are powerful procedures in terms of effectiveness and non-invasive functions for the Internet of Things devices, these attacks do not require any physical modification of the target system.
This work describes the assembly of an automated measurement EM SCA platform, assembled with components that are possible to purchase on the web. The measurement bench allows to perform precise EM SCA analysis to define points of interest using the signal-to-noise ratio (SNR) or test vector leakage assessment (TVLA) to define the acquired EM SCA traces without the need of an expert in signal processing and radiofrequency. This work also presents a measuring algorithm developed in MATLAB to automatically locate high leakage points defining an area of attack. When the area containing the hot spots that release a high level of EM emissions is defined, a
further analysis is performed to collect the EM traces and study the Hamming weight applying Differential EM Analysis (DEMA), Correlation EM Analysis (CEMA), and Differential Frequency-based Analysis (DFA) by the knowledge of the Hamming weight collected.
The contribution of this work explores the tampering needed to capture EM traces from a cryptographic algorithm. The proposed system allows automation of the process of localizing, recording, and analyzing the EM leakages emitted by the execution of a cryptographic algorithm through a heatmap that defines a region of attack.
This work describes the assembly of an automated measurement EM SCA platform, assembled with components that are possible to purchase on the web. The measurement bench allows to perform precise EM SCA analysis to define points of interest using the signal-to-noise ratio (SNR) or test vector leakage assessment (TVLA) to define the acquired EM SCA traces without the need of an expert in signal processing and radiofrequency. This work also presents a measuring algorithm developed in MATLAB to automatically locate high leakage points defining an area of attack. When the area containing the hot spots that release a high level of EM emissions is defined, a
further analysis is performed to collect the EM traces and study the Hamming weight applying Differential EM Analysis (DEMA), Correlation EM Analysis (CEMA), and Differential Frequency-based Analysis (DFA) by the knowledge of the Hamming weight collected.
The contribution of this work explores the tampering needed to capture EM traces from a cryptographic algorithm. The proposed system allows automation of the process of localizing, recording, and analyzing the EM leakages emitted by the execution of a cryptographic algorithm through a heatmap that defines a region of attack.