Fine-grained methods for using EM fields measured near computing chips to evaluate data leakage

Access full-text files



Journal Title

Journal ISSN

Volume Title



This thesis presents novel fine-grained methods that show electromagnetic (EM) fields measured near chips during computations can be effectively used to evaluate data leakage. Several near-field measurement techniques combined with appropriate statistical analyses are introduced in the dissertation. The proposed EM side-channel analysis (SCA) methods are used to rapidly localize information leakage on the chip, identify optimal reusable measurement setups to minimize marginal cost of future evaluations, and infer the data values of interest. These methods are used to perform measurement-based evaluations of data leakage from several embedded system applications: (i) Using encryption keys of the advanced encryption standard (AES) algorithm as the data of interest, a multi-stage measurement protocol is introduced to rapidly identify chip locations which are most likely to leak the key, as well as the actual key value; the method was found to be ~2× to ~37× faster than alternatives while using them to evaluate the SCA resilience of several baseline and hardened implementations of AES; (ii) Assuming processor instructions as the data of interest, a hierarchical disassembler is developed to recover the execution trace of programs from a general-purpose micro-controller; the method was found to recover ~97% instructions from several application benchmarks; (iii) Using Bluetooth payload as the data of interest, vulnerable locations on a Bluetooth Low Energy server implementation are isolated, and the data values of the payload are estimated; while the exact data values were not found, the Hamming Weight (HW) of test data was identified with 100% accuracy. These methods provide feasible alternatives to an exhaustive evaluation where data is recovered after measuring all possible computations at every single probe configuration. The feasibility of these methods is inherently dependent on the restrictions placed on evaluators, i.e., the threat model. Thus, a systematic study of protocols suited for different threat models are performed, which also includes the marginal cost comparisons of different SCA attack modalities. Finally, the thesis also introduces novel metrics and modelling methods that improve potency of side-channel security evaluations.


LCSH Subject Headings