Physical model of sensitive data leakage from PC-based cryptographic systems
- 35 Downloads
In this paper, we present an examination of several side-channel attack scenarios on PC-based cryptosystems. Our goal was the development of a unified physical model for sensitive information leakage. The main focus of our work was electromagnetic side channels since signals with high signal-to-noise ratio (SNR) can be more conveniently captured. Moreover, the attacker can make correlations of the EM signal with other types of side-channel signals (such as voltage fluctuations and acoustic emanations). It shows that there may be a common source for a vulnerable signal that passes through several sides channels. We have simulated several attacks on targeted cryptosystems with distinct instruction sets. Trace analysis reveals empirical evidence. which corresponds to the theoretical principles of the mechanisms x86 and x64 processors. Hardware reasons for leakage come from the instructions and data in the processor cache, to be specific, from the fluctuations of power consumption, leading to changes in the voltage regulator of the processor. Thus, the fluctuations in LC circuits result in leakage on multiple side channels. In general, the obtained data together with the principles of signal formation can be used in vulnerability testing, which can examine side-channel robustness of cryptographic software on the first steps of development.
KeywordsCryptography SCA Cache Electromagnetic emanation
Funding was provided by Russian Science Foundation (RU) (Grant No. 19-19-00566).
- 1.Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis (extended version). In: IACR Cryptology ePrint Archive, 2013:857 (2013)Google Scholar
- 2.Genkin, D., Pipman, I., Tromer, E.: Get your hands off my laptop: physical side-channel key-extraction attacks on PCs. In: CHES, pp. 242–260 (2014)Google Scholar
- 3.Genkin, D., Pachmanov, L., Pipman, I., Tromer, E,: Stealing keys from PCs by radio: cheap electromagnetic attacks on windowed exponentiation. In: IACR Cryptology ePrint Archive, 2015:170 (2015)Google Scholar
- 4.Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999)Google Scholar
- 5.Nicolaescu, D., Veidenbaum, A., Nicolau, A.: Reducing data cache energy consumption via cached load/store queue. In: Proceedings of the 9th international symposium on low power electronics and design (ISLPED’03), Seoul (Corea) (2003)Google Scholar
- 8.Intel. Intel 64 and IA-32 Architectures Optimization Reference Manual. http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html
- 9.Fog, A.: Instruction tables: lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs. http://www.agner.org/optimize/
- 10.Cachegrind: a cache and branch-prediction profiler. http://valgrind.org/docs/manual/cg-manual.html