Far-field Correlation Electromagnetic Analysis attacks against AES in real world applications

Master thesis (2018)

Authors

F. van Tienen Electrical Engineering, Mathematics and Computer Science

Contributors

J.C.A. van der Lubbe (mentor)

J. Haesakkers (graduation committee member)

G. Stoevelaar (graduation committee member)

R. Boix Carpi (graduation committee member)

Faculty

Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science

To reference this document use:

http://resolver.tudelft.nl/uuid:50d1a4f2-2458-47f5-a176-3439cefcc20b

More Info

expand_more

Published Date

2018-7

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

In almost every device cryptographic functions are used to protect data and sensitive information from being intercepted. A commonly used encryption algorithm is the Advanced Encryption Standard (AES), which is a symmetric block cypher. Side-channel attacks against AES are well known and are often performed either directly on the surface of the integrated circuit or by attaching wires to the target device. These attacks are more difficult for devices with tamper protection, which can detect such an attack because the device enclosure must be removed. This limits the attack possibilities of these side-channel attacks for these real-world applications. Attacks using electromagnetic radiation from a further distance, called the far-field, can be used to prevent opening the enclosure.

For these power based side-channel attacks against AES, power traces must be recorded with the exact timing before an encryption or decryption starts. This is used to align the recorded traces and perform statistical analysis to extract the secret key. In order to achieve this often an GPIO trigger is used to indicate the start of a new trace. When such an GPIO trigger is not available a smart trigger can be used, which uses a pattern to generate a trigger based on the measured power. This removes the need for making a connection with the target device.

In this thesis an approach for performing non-invasive far-field side-channel attacks against multiple target devices is evaluated. For this approach near-field analysis is performed to analyse the target leakage, with the use of Test Vector Leakage Assessment. Then for each of these targets far-field side-channel attacks are attempted using a Software Defined Radio set-up and several smart triggers are tested in real-world scenarios. The results of these attacks showed that far-field side-channel attacks without an artificial trigger are possible, and thus the enclosure of the target device can stay in tact and non-invasive attacks can be performed. For the Microsemi SF2 Basic development kit attacks up to a distance of 15 cm can be achieved in an office environment. This means that far-field side-channel attacks against AES are possible in real world applications, and when designing cryptographic devices precautions must be made to protect against these attacks.

Files

Report.pdf

(.pdf | 14.1 Mb)