Versions Compared

Version Old Version 2 New Version Current
Changes made by

Sara Faour

Sara Faour

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Title of the paper: A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics

Available at: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjjjY_KmOb_AhW0RqQEHZqqAh8QFnoECBIQAQ&url=https%3A%2F%2Fwww.sciencedirect.com%2Fscience%2Farticle%2Fpii%2FS1742287618303840&usg=AOvVaw3L5zzhlf_j9KwPtHOKli4Q&opi=89978449

...

Hardware that causes electromagnetic emissions

How EM signals are generated from different components of a computer system?

  • As derived from Maxwell's equations, EM waves can be generated by electric currents varying over time.

  • Modern digital computer systems have a large number of components that depend on electric pulses or alternating currents for their operations, such as the CPU and RAM.

What kind of information they may carry?

  • EM emission signals from these two components contain a significant amount of side-channel information regarding the events related to software execution and data handling.

  • On most IoT devices, the CPU and RAM are included in microcontroller (MCU) chips making it the most important EM source on-board.

...

The EM emission frequencies of a target device is unpredictable due to its dependability on various hardware characteristics. Therefore, it is difficult to have a universal purpose device that can be used to observe EM emissions from a target device and interpret side-channel information.

What types of methods and tools can be used to capture these signals?

  • Small magnetic loop antennas can be used for the purpose of detecting EM emissions.

  • The most commonly used equipment to capture EM signals are oscilloscopes and spectrum analyzers with high sample rates.

  • The digitized data these devices capture can be subsequently analyzed in signal analysis software.

  • Other hardware components that can be used to detect and digitize EM signals are Software defined radios (SDRs) A $40 software-defined radio

Connection between CPU instructions and electromagnetic emission

...

While it is evident from existing studies that EM side-channel leakage is available across various type of CPUs, further studies are necessary to identify the effect of different CPU architectures to the produced EM emissions.

Electromagnetic emissions as a signature

...

  • Quisquater et al. (2001) practically demonstrated that EM analysis is a viable option to the aforementioned power analysis attack on computer CPUs. By precisely moving the EM probe over a microcontroller, the authors were able to build an accurate 3-dimensional EM signature of the chip running an idle loop. It was shown that the radiation spectrum of each processor was sufficiently unique to use as a distinguishable
    feature for processor identification. These experiments were performed in a Faraday cage to minimize the external noise effects and the EM emissions were captured using a small magnetic loop antenna (diameter ~ 3 mm).

  • ⚠️ Recently, Camurati et al. (2018) made an important discovery that extended the previously known capabilities of EM side-channel analysis of cryptographic operations on IoT devices. It was shown that mixed-signal processors, such as system-on-chips (SoCs), that contains a radio transceiver and a CPU on the same silicon die, can cause long distance EM leakages. This occurs when the CPU noise gets modulated into the radio transceiver's emission e extending the range of the CPU EM side-channel. As the usage of SoCs is getting increasingly popular on IoT devices, this latest type of EM side-channel leakage, called screaming channels, has significantly increased the potential attack surface.

Analysis on wireless-powered devices

This paragraph mainly RFID tags, refer to the paper for further details.

Countermeasures to electromagnetic side-channels

...

  • minimizing metal parts in a chip to reduce EM emissions

  • using Faraday cage like packaging

  • making the chip less power consuming (which leads to less unintentional emissions)

  • asynchronism (i.e., design the chip not to use a central system clock and instead operate asynchronously),

  • using dual line logic (i.e., using two lines that in combination of two bits represents a state instead of a single line that simply represent 0 or 1 states).

  • Furthermore, it has been shown that it is possible to mathematically model an electronic chip during the design phase to identify and avoid potential information leakages through EM side-channels.

Standards and tools

Refer to the paper for further details on standards and tools.

Multiple commercial and open source products exist that can be used to break encryption on microcontroller based IoT devices.

...