Physically Observable Side Channels

Question 1

Basics of an inverter

Answer 1

When A == 0, charge capacitor, output becomes 1

When A == 1, discharge capacitor, output becomes 0

Question 2

How do we tell a 0 vs 1 in a power side channel?

Answer 2

When A == 0, we need to charge capacitor. Power graph will be logarithmic. When A == 1, we discharge capacitor, will get short burst of energy

Question 3

What information can be obtained from power consumption?

Answer 3

How many bits were toggled

Question 4

Difference between power and EM SC

Answer 4

EM SCs are a bit more observable than the power side channel, even though they don’t contain any more information

Question 5

How is an EM SC created

Answer 5

The changes in current in an inverter create pulses in the EM field

Question 6

What are the two ways IC emit EM

Answer 6

• Conductive emissions - signal is radiated from the pins in the circuit
• Electric and magnetic near-field emissions - EM field is generated due to current inside the IC

Question 7

how are conductive emissions measured?

Answer 7

antennas

Question 8

how are E and M near-field emissions measured?

Answer 8

E and M probes

Question 9

Thermal Dissipation Side Channel

Answer 9

When the capacitor is charged, the resistor releases heat => not very fine-grained

Question 10

Acoustic Side Channel

Answer 10

Mechanical vibrations of capacitor lead to acoustic vibrations

Question 11

What tools can we use to measure power SC?

Answer 11

real-time oscilloscope, real-time spectrum analyzer, and software defined radio

Question 12

real-time vs sampling oscilloscope

Answer 12

real-time takes samples over one run of execution, sampling averages samples over many runs

Question 13

real-time oscilloscope measures what?

Answer 13

A signal with respect to time

Question 14

spectrum analyzer measures what?

Answer 14

A signal with respect to frequency

Question 15

Which is better spectrum analyzer or oscilloscope?

Answer 15

Spectrum analyzer - has better noise floor, can change frequency bandwidth

Question 16

Software defined radio’s differentiator

Answer 16

has many configuration options

Question 17

what can we learn from a power/em SC?

Answer 17

• Repetitive patterns in trace indicate general structure of program (loops, etc)
• Time - what happens when, program flow
• Amplitude - what happens at a given moment in time, data flow

Question 18

How will the same operation consume power with different operands?

Answer 18

It will have different values

Question 19

Chassis potential side channel?

Answer 19

???

Question 20

Approach for simple Power/EM analysis attacks

Answer 20

• Visually inspect traces, looking at best/worst case inputs

- Look for patterns , timing differences, amplitude differences

Question 21

What can patterns in simple power/EM analysis leak?

Answer 21

• Key length (number of rounds or iterations)
• Memory accesses
• Implementation details
• Key (if really bad implementation)

Question 22

What can amplitude in simple power/EM analysis leak?

Answer 22

• Exact operand values (extreme case)
• Hamming weight or hamming distance
• Operation being executed
• RE of implementation details

Question 23

What can timing in simple power/EM analysis leak?

Answer 23

• Data dependent branching

- Execution of additional operations

Question 24

Differential Power/EM Analysis Attack

Answer 24

homework assignment! This works because the different groups (LSB = 0 and 1) are split correctly only when the key is correct ==> can actually see the power difference. When key is not correct, differences are averaged out