Localized Electromagnetic Analysis of Cryptographic Implementations
High resolution inductive probes enable precise measurements of the electromagnetic field of small regions on integrated circuits. These precise measurements allow to distinguish the activity of registers on the circuit that are located at different distances to the probe. This location-dependent information can be exploited in side-channel analyses of cryptographic implementations. In particular, cryptographic algorithms where the usage of registers depends on secret information are affected by side-channel attacks using localized electromagnetic analysis. Binary exponentiation algorithms which are used in public key cryptography are typical examples for such algorithms. This article introduces the concept of localized electromagnetic analysis in general. Furthermore, we present a case study where we employ a template attack on an FPGA implementation of the elliptic curve scalar multiplication to prove that location-dependent leakage can be successfully exploited. Conventional countermeasures against side-channel attacks are ineffective against location-dependent side-channel leakage. As an effective general countermeasure, we promote that the assignment of registers to physical locations should be repeatedly randomized during execution.
KeywordsSide-channel analysis electromagnetic near-field location-dependent leakage template attack FPGA ECC
Unable to display preview. Download preview PDF.
- 4.Fan, J., Guo, X., De Mulder, E., Schaumont, P., Preneel, B., Verbauwhede, I.: State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures. In: IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2010 (2010)Google Scholar
- 6.Hofreiter, P., Laackmann, P.: Electromagnetic espionage from smart cards - attacks and countermeasures. Secure 6, 40–43 (2002)Google Scholar
- 7.Kirschbaum, M., Schmidt, J.M.: Learning from electromagnetic emanations - a case study for iMDPL. In: Workshop Proceedings COSADE 2011, pp. 50–55 (2011)Google Scholar
- 8.Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- 14.National Institute of Standards and Technology: Recommended elliptic curves for federal government use (July 1999)Google Scholar
- 16.Real, D., Valette, F., Drissi, M.: Enhancing correlation electromagnetic attack using planar near-field cartography. In: Design, Automation Test in Europe Conference Exhibition, DATE 2009, pp. 628–633 (April 2009)Google Scholar
- 17.Sauvage, L., Guilley, S., Flament, F., Danger, J., Mathieu, Y.: Cross-correlation cartography. In: International Conference on Reconfigurable Computing and FPGAs (ReConFig 2010), pp. 268–273 (December 2010)Google Scholar
- 18.Sauvage, L., Guilley, S., Mathieu, Y.: Electromagnetic radiations of fpgas: High spatial resolution cartography and attack on a cryptographic module. ACM Trans. Reconfigurable Technol. Syst. 2, 4:1–4:24 (2009)Google Scholar
- 21.Skorobogatov, S.: Optical fault masking attacks. In: 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 23–29 (August 2010)Google Scholar