Presentation is loading. Please wait.

Presentation is loading. Please wait.

The EM Side-Channel(s) Dakshi Agrawal Bruce Archambeault Josyula R Rao Pankaj Rohatgi IBM.

Published byHubert Riley Modified over 9 years ago

Similar presentations

Presentation on theme: "The EM Side-Channel(s) Dakshi Agrawal Bruce Archambeault Josyula R Rao Pankaj Rohatgi IBM."— Presentation transcript:

1

2 The EM Side-Channel(s) Dakshi Agrawal Bruce Archambeault Josyula R Rao Pankaj Rohatgi IBM

3 EM History Classified TEMPEST standards. Some parts declassified Jan '01, http://www.cryptome.org. http://www.cryptome.org Published work EM Leakages from Peripherals, E.g., Monitors: Van Eck, Anderson & Kuhn. EM Leakage from smart-cards during Computation. J.-J. Quisquater & David Samyde, E-smart 2001, Gemplus Team [GMO ’01], CHES ’01. SEMA/DEMA attacks. Best results require "decapsulation" of chip packaging and/or precise micro-antennas positioning on chip surface

4 Our Work Deeper understanding of the EM leakages. Similar to declassified TEMPEST literature. Key Insights/Results Plenty of EM signals are available, provided you know what to look for and where. Superior signals and attacks possible without micro- antennas or decapsulation. Some attacks possible from a distance. EM side-channel(s) >> Power side-channel EM can break DPA-resistant implementations.

5 EM Emanations Background Origin/Types of EM Emanations Direct emanations from intended currents. Maxwell’s equations, Ampere’s and Faraday’s laws. Unintentional emanations from coupling effects. Depend on physical factors, e.g., circuit geometry. Most couplings ignored by circuit designers. Manifest as modulation of carriers (e.g. clock harmonics) present/generated/introduced in device. AM or Angle (FM/Phase) Modulation. Compromising signals available via demodulation. Propagation of EM Radiation, Conduction, Combination of both. E.g., Faint EM signals riding on power line.

6 EXAMPLE 1 6805-based smart-card using external 3.68Mhz clock. 3 instruction, 13 cycle loop: Access RAM containing a value B (5 cycles) Check for external condition (5 cycles) Jump back to start of loop (3 cycles)

7 Time (2 ns) Signal Amplitude Raw signal from near-field sensor during 2 iterations of loop (26 cycles)

8 FREQ (KHZ) FFT magnitude FFT OF RAW SIGNAL FROM EXPERIMENT 1 (0-250MHZ)

9 Time (10ns) Signal Amplitude AM Demodulated signal (150Mhz carrier, 50Mhz band) showing 2 iterations of Loop 553 5 53

10 EXAMPLE 2: Angle Modulation Same 6805-based smart-card executing same loop, running on variable internal clock (a DPA countermeasure). 3 instructions. Check RAM containing value B (5 cycles) Check for external condition (5 cycles) Jump back (3 cycles) Varied B and looked at loop frequency.

11 FFT Magnitude Frequency (KHZ) LSB(B)=1 LSB(B)=0 Loop Frequency for LSB(B) = 0/1

12 EM Capturing Equipment Antennas (Far-field) and Near-field probes Current probes. Analog processing: Filters/Amplifiers, Tunable wideband receiver or equivalent $$ Digital sampling hardware.

13 ICOM wideband radio receiver with IF output

14 MAKE YOUR OWN

15 EM vs. Power Sometimes, EM is the only side- channel available. Filtered power supplies, restricted access … E.g. Crypto Tokens, SSL Accelerators,...

16 SSL Accelerator Music SSL Accelerator S, looping with ~3s each of 512-bit RSA 1024-bit RSA 2048-bit RSA 4096-bit RSA Can be heard on a Radio Receiver 40 feet away.

17 Time (10ns) Amplitude EM Signal from SSL Accelerator S at 15 feet

18 Conditional operations within montgomery multiplication in S

19 EM vs. Power Is EM useful in the presence of power? Yes, several EM carriers: Generated, Ambient, Introduced… Experimentally verified: Different carriers carry different information. Some EM leakages substantially different from Power leakages. Experiment: Use DEMA/DPA correlation plots to judge extent of leakage from different EM carriers & compared with power signal.

20 4 Time Synchronized DPA/DEMA Correlation Plots

21

22 Bad Instructions Instructions where some EM leakage >> Power leakage. Typically CPU intensive rather than bus intensive. All architectures have BAD Instructions. Example: Bit-test on several 6805 based systems leaks tested bit.

23 O TESTED BIT = 0 IN BOTH TRACES

24 O TESTED BIT DIFFERENT

25 Bad instructions can break power analysis countermeasures Assumption behind power analysis countermeasures Minimize information leakage (from power) from each execution sequence. Additional techniques[KJJ, C et al, GP] can amplify uncertainty. Bad instructions in DPA-resistant implementations violate the assumption and create vulnerabilities. Large EM leakage  SEMA. Moderate EM leakage  Higher-order EM attacks on share-based DPA countermeasures [C et al, GP]. Some attacks work even when code unknown! Example given in paper.

26 Results and Further Work Attacks Commercially deployed smart cards Identification of compromising AM/Phase modulated carriers and bad instructions for several cards. DES, RSA, DPA-resistant DES COMP-128 on GSM SIM cards RSA on SSL Accelerators. Further Work Multi EM-channel attack techniques EM vulnerability assessment http://www.research.ibm.com/intsec/

27 Countermeasures Require sound vulnerability assessment. Countermeasures include: Circuit redesign to reduce unintentional emanations. Reducing S/N ratio EM Shielding Noise introduction Physically secure zones. Randomization based software countermeasures similar to DPA countermeasures.

Download ppt "The EM Side-Channel(s) Dakshi Agrawal Bruce Archambeault Josyula R Rao Pankaj Rohatgi IBM."

Similar presentations

Chapter 2: Digital Modulation

Chapter 2: Digital Modulation
Signal Encoding Techniques

Signal Encoding Techniques
Chapter : Digital Modulation 4.2 : Digital Transmission

Chapter : Digital Modulation 4.2 : Digital Transmission
The generation of random numbers is too important to be left to chance.” 1 -- Robert R. Coveyou Oak Ridge National Laboratory.

"The generation of random numbers is too important to be left to chance.” 1 -- Robert R. Coveyou Oak Ridge National Laboratory.
Spread Spectrum Chapter 7.

Spread Spectrum Chapter 7.
Spread Spectrum Chapter 7. Spread Spectrum Input is fed into a channel encoder Produces analog signal with narrow bandwidth Signal is further modulated.

Spread Spectrum Chapter 7. Spread Spectrum Input is fed into a channel encoder Produces analog signal with narrow bandwidth Signal is further modulated.
University of Malta ICECS 2010 Terence Zarb, Ivan Grech, Edward Gatt, Owen Casha, Joseph Micallef Presented by: Terence Zarb Department of Microelectronics.

University of Malta ICECS 2010 Terence Zarb, Ivan Grech, Edward Gatt, Owen Casha, Joseph Micallef Presented by: Terence Zarb Department of Microelectronics.
Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013.

Tempest Emanations Jacklyn Truong University of Tulsa April 16, 2013.
1. INTRODUCTION In order to transmit digital information over * bandpass channels, we have to transfer the information to a carrier wave of.appropriate.

1. INTRODUCTION In order to transmit digital information over * bandpass channels, we have to transfer the information to a carrier wave of.appropriate.
Power, EM and all that: Is your crypto device really secure? Pankaj Rohatgi Dakshi Agrawal, Bruce Archambeault, Suresh Chari, Josyula R Rao IBM T.J. Watson.

Power, EM and all that: Is your crypto device really secure? Pankaj Rohatgi Dakshi Agrawal, Bruce Archambeault, Suresh Chari, Josyula R Rao IBM T.J. Watson.
Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK www.co.umist.ac.uk.

Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK
COMMUNICATION SYSTEM EEEB453 Chapter 3 (III) ANGLE MODULATION

COMMUNICATION SYSTEM EEEB453 Chapter 3 (III) ANGLE MODULATION
Electromagnetism chapter 21

Electromagnetism chapter 21
Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.

Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.
Chapter 5 Analog Transmission.

Chapter 5 Analog Transmission.
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Storey: Electrical & Electronic Systems © Pearson Education Limited 2004 OHT 5.1 Signals and Data Transmission  Introduction  Analogue Signals  Digital.

Storey: Electrical & Electronic Systems © Pearson Education Limited 2004 OHT 5.1 Signals and Data Transmission  Introduction  Analogue Signals  Digital.
FHSS vs. DSSS Presented by Ali Alhajhouj. Presentation Outline Introduce the issues involved in the system behaviors for FHSS and DSSS systems used in.

FHSS vs. DSSS Presented by Ali Alhajhouj. Presentation Outline Introduce the issues involved in the system behaviors for FHSS and DSSS systems used in.
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.

1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.
ULg - EMC Lab Cost 286 Wroclaw1 Research activities in Liège Ir. V. Beauvois, Ir. S. Coets, Ir. M. Renard and Ir. Ph. Camus

ULg - EMC Lab Cost 286 Wroclaw1 Research activities in Liège Ir. V. Beauvois, Ir. S. Coets, Ir. M. Renard and Ir. Ph. Camus

Similar presentations

Ads by Google