CORSICA: A Framework for Conducting Real-World Side-Channel Analysis

With the abundance of computing devices in our everyday life, such as IoT devices, improving their security has become a number one priority. While the major focus lies on software security, hardware vulnerabilities are often not considered. Here, particularly side-channel attacks pose a realistic threat to such systems. However, conducting Side-Channel Analysis (SCA) to evaluate those threats currently requires deep expert knowledge, a lab environment, and numerous manual steps. Therefore, it is often ignored in security considerations.In this paper, we analyze the challenges when conducting SCA on consumer-grade devices using template-matching based triggering techniques. By introducing a three-staged framework called CORSICA, we elaborate the obstacles and deficiencies of current state-of-the-art techniques and provide potential solutions for them. Moreover, we validate our claims by introducing a method for semi-automatic extraction of a waveform template of an AES-128 encryption that can be used in combination with a template-matching triggering system. This extraction is based on generic meta information and is demonstrated on a consumer-grade ARM processor board.

[1]  Ingrid Verbauwhede,et al.  Design and Implementation of a Waveform-Matching Based Triggering System , 2016, COSADE.

[2]  Cécile Canovas,et al.  Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database , 2018, IACR Cryptol. ePrint Arch..

[3]  Victor Lomné,et al.  A Side Journey to Titan , 2021, IACR Cryptol. ePrint Arch..

[4]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[5]  Amir Moradi,et al.  Leakage Detection with the x2-Test , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[6]  Daniel Gruss,et al.  PLATYPUS: Software-based Power Side-Channel Attacks on x86 , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[7]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[8]  Ingrid Verbauwhede,et al.  DPA, Bitslicing and Masking at 1 GHz , 2015, IACR Cryptol. ePrint Arch..

[9]  P. Rohatgi,et al.  Test Vector Leakage Assessment ( TVLA ) methodology in practice , 2013 .

[10]  Zhizhang Chen,et al.  ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research , 2014, COSADE.

[11]  Shreyas Sen,et al.  X-DeepSCA: Cross-Device Deep Learning Side Channel Attack* , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[12]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[13]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[14]  Amir Moradi,et al.  DL-LA: Deep Learning Leakage Assessment: A modern roadmap for SCA evaluations , 2019, IACR Cryptol. ePrint Arch..

[15]  Benedikt Heinz,et al.  Strengths and Limitations of High-Resolution Electromagnetic Field Measurements for Side-Channel Analysis , 2012, CARDIS.

[16]  Michael Tunstall,et al.  SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip , 2015, CHES.

[17]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).