2020
DOI: 10.1109/access.2020.3025022
|View full text |Cite
|
Sign up to set email alerts
|

SCNIFFER: Low-Cost, Automated, Efficient Electromagnetic Side-Channel Sniffing

Abstract: Electromagnetic (EM) side-channel analysis (SCA) is a prominent tool to break mathematically-secure cryptographic engines, especially on resource-constrained devices. Presently, to perform EM SCA on an embedded device, the entire chip is manually scanned and the MTD (Minimum Traces to Disclosure) analysis is performed at each point on the chip to reveal the secret key of the encryption algorithm. However, an automated end-to-end framework for EM leakage localization, trace acquisition, and the attack has been … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
15
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
1

Relationship

1
5

Authors

Journals

citations
Cited by 27 publications
(15 citation statements)
references
References 23 publications
0
15
0
Order By: Relevance
“…However, an automated end-to-end framework for EM leakage localization, trace acquisition and the attack has been missing. Recently, we proposed SCNIFFER, which is a low-cost, automated EM side-channel leakage sniffing platform to perform efficient end-to-end side-channel attacks [32]. Using a leakage measure such as test vector leakage assessment (TVLA), or the signal to noise ratio (SNR), we propose a greedy gradient-search heuristic that converges to one of the points of highest EM leakage on the chip (dimension: N × N) within O(N) iterations, and then performs correlational EM analysis (CEMA) at that point (Figure 9a).…”
Section: Low-cost Automated Em Sca Attack Framework: Scniffermentioning
confidence: 99%
See 3 more Smart Citations
“…However, an automated end-to-end framework for EM leakage localization, trace acquisition and the attack has been missing. Recently, we proposed SCNIFFER, which is a low-cost, automated EM side-channel leakage sniffing platform to perform efficient end-to-end side-channel attacks [32]. Using a leakage measure such as test vector leakage assessment (TVLA), or the signal to noise ratio (SNR), we propose a greedy gradient-search heuristic that converges to one of the points of highest EM leakage on the chip (dimension: N × N) within O(N) iterations, and then performs correlational EM analysis (CEMA) at that point (Figure 9a).…”
Section: Low-cost Automated Em Sca Attack Framework: Scniffermentioning
confidence: 99%
“…Using a leakage measure such as test vector leakage assessment (TVLA), or the signal to noise ratio (SNR), we propose a greedy gradient-search heuristic that converges to one of the points of highest EM leakage on the chip (dimension: N × N) within O(N) iterations, and then performs correlational EM analysis (CEMA) at that point (Figure 9a). This reduces the CEMA attack time by ∼N times compared to an exhaustive MTD analysis, and by >20× compared to choosing an attack location at random [32].…”
Section: Low-cost Automated Em Sca Attack Framework: Scniffermentioning
confidence: 99%
See 2 more Smart Citations
“…In order to perform EM-SCA for acquiring forensic insights from a particular IoT device or a smartphone, the EM radiation patterns of the target device have to be profiled and incorporated into EM-SCA methods. The profiling of a particular device starts with the required specialised hardware, including DUTs and data acquisition equipment [7]. The actual work on developing the EM-SCA technique for analysing EM data of the particular DUT comes as the second step.…”
Section: Introductionmentioning
confidence: 99%