Practical operation extraction from electromagnetic leakage for side-channel analysis and reverse engineering

“…Our approach compares favourably to the one proposed in [8], in terms of computational efficiency of deriving the template (we only require averaging a set of collected values to derive the template) and in terms of data required to build the template itself (we achieve a classification accuracy above 99.9% with a single trace as a template, and an alignment jitter below 1 µs). We note, however, that our environment is less affected by strong disturbances, as the case study platform of [8] is endowed with a Wi-Fi radio front-end, which is enabled during side channel measurements. A recent work [9], tackles an attacker model with a further relaxation in the requirements, i.e., the attacker only knows some technical details of the target platform (such as the operating frequency) and the structure of the cryptographic primitive at hand (e.g., it is constituted by a countable loop, as it is a symmetric block cipher).…”

“…This comes at the cost of a timing overhead due to the context-change among threads, and the interleaved execution of computations which only act as a noisegeneration process. On the front of cryptographic primitive identification from side channel leakage, the authors of [8] proposed a method to select which cryptographic primitive, among a set of profiled ones, is being executed on an ESP32 embedded microcontroller platform. The approach adopted in [8] also performs trace realignment after classification; in particular, it compares three different classification strategies (mean-square error minimization in both time and frequency domain and neural network classification), achieving a 96.47 classification accuracy and a 34 µs timing jitter in realigning the primitive executions.…”

“…On the front of cryptographic primitive identification from side channel leakage, the authors of [8] proposed a method to select which cryptographic primitive, among a set of profiled ones, is being executed on an ESP32 embedded microcontroller platform. The approach adopted in [8] also performs trace realignment after classification; in particular, it compares three different classification strategies (mean-square error minimization in both time and frequency domain and neural network classification), achieving a 96.47 classification accuracy and a 34 µs timing jitter in realigning the primitive executions. Our approach compares favourably to the one proposed in [8], in terms of computational efficiency of deriving the template (we only require averaging a set of collected values to derive the template) and in terms of data required to build the template itself (we achieve a classification accuracy above 99.9% with a single trace as a template, and an alignment jitter below 1 µs).…”

“…The approach adopted in [8] also performs trace realignment after classification; in particular, it compares three different classification strategies (mean-square error minimization in both time and frequency domain and neural network classification), achieving a 96.47 classification accuracy and a 34 µs timing jitter in realigning the primitive executions. Our approach compares favourably to the one proposed in [8], in terms of computational efficiency of deriving the template (we only require averaging a set of collected values to derive the template) and in terms of data required to build the template itself (we achieve a classification accuracy above 99.9% with a single trace as a template, and an alignment jitter below 1 µs). We note, however, that our environment is less affected by strong disturbances, as the case study platform of [8] is endowed with a Wi-Fi radio front-end, which is enabled during side channel measurements.…”

Locating Side Channel Leakage in Time through Matched Filters

“…Our approach compares favourably to the one proposed in [8], in terms of computational efficiency of deriving the template (we only require averaging a set of collected values to derive the template) and in terms of data required to build the template itself (we achieve a classification accuracy above 99.9% with a single trace as a template, and an alignment jitter below 1 µs). We note, however, that our environment is less affected by strong disturbances, as the case study platform of [8] is endowed with a Wi-Fi radio front-end, which is enabled during side channel measurements. A recent work [9], tackles an attacker model with a further relaxation in the requirements, i.e., the attacker only knows some technical details of the target platform (such as the operating frequency) and the structure of the cryptographic primitive at hand (e.g., it is constituted by a countable loop, as it is a symmetric block cipher).…”

“…This comes at the cost of a timing overhead due to the context-change among threads, and the interleaved execution of computations which only act as a noisegeneration process. On the front of cryptographic primitive identification from side channel leakage, the authors of [8] proposed a method to select which cryptographic primitive, among a set of profiled ones, is being executed on an ESP32 embedded microcontroller platform. The approach adopted in [8] also performs trace realignment after classification; in particular, it compares three different classification strategies (mean-square error minimization in both time and frequency domain and neural network classification), achieving a 96.47 classification accuracy and a 34 µs timing jitter in realigning the primitive executions.…”

“…On the front of cryptographic primitive identification from side channel leakage, the authors of [8] proposed a method to select which cryptographic primitive, among a set of profiled ones, is being executed on an ESP32 embedded microcontroller platform. The approach adopted in [8] also performs trace realignment after classification; in particular, it compares three different classification strategies (mean-square error minimization in both time and frequency domain and neural network classification), achieving a 96.47 classification accuracy and a 34 µs timing jitter in realigning the primitive executions. Our approach compares favourably to the one proposed in [8], in terms of computational efficiency of deriving the template (we only require averaging a set of collected values to derive the template) and in terms of data required to build the template itself (we achieve a classification accuracy above 99.9% with a single trace as a template, and an alignment jitter below 1 µs).…”

“…The approach adopted in [8] also performs trace realignment after classification; in particular, it compares three different classification strategies (mean-square error minimization in both time and frequency domain and neural network classification), achieving a 96.47 classification accuracy and a 34 µs timing jitter in realigning the primitive executions. Our approach compares favourably to the one proposed in [8], in terms of computational efficiency of deriving the template (we only require averaging a set of collected values to derive the template) and in terms of data required to build the template itself (we achieve a classification accuracy above 99.9% with a single trace as a template, and an alignment jitter below 1 µs). We note, however, that our environment is less affected by strong disturbances, as the case study platform of [8] is endowed with a Wi-Fi radio front-end, which is enabled during side channel measurements.…”

Locating Side Channel Leakage in Time through Matched Filters

“…Electromagnetic side-channel analysis exploits unintentional electromagnetic leakages captured from integrated circuits to reveal secret information, especially in the area of crypto devices. Electromagnetic emission is used to identify the devices and operations in [12,13]. Screen contents are detected via electromagnetic side-channel information in [14].…”

Analysis of Electromagnetic Information Leakage Based on Cryptographic Integrated Circuits

Side-channel disassembly on a System-on-Chip: A practical feasibility study