Systematic Literature Review of EM-SCA Attacks on Encryption

Cryptography is vital for data security, but cryptographic algorithms can still be vulnerable to side-channel attacks (SCAs), physical assaults exploiting power consumption and EM radiation. SCAs pose a significant threat to cryptographic integrity, compromising device keys. While literature on SCAs focuses on real-world devices, the rise of sophisticated devices necessitates fresh approaches. Electromagnetic side-channel analysis (EM-SCA) gathers information by monitoring EM radiation, capable of retrieving encryption keys and detecting malicious activity. This study evaluates EM-SCA's impact on encryption across scenarios and explores its role in digital forensics and law enforcement. Addressing encryption susceptibility to EM-SCA can empower forensic investigators in overcoming encryption challenges, maintaining their crucial role in law enforcement. Additionally, the paper defines EM-SCA's current state in attacking encryption, highlighting vulnerable and resistant encryption algorithms and devices, and promising EM-SCA approaches. This study offers a comprehensive analysis of EM-SCA in law enforcement and digital forensics, suggesting avenues for further research

Fine-grained methods for using EM fields measured near computing chips to evaluate data leakage

This thesis presents novel fine-grained methods that show electromagnetic (EM) fields measured near chips during computations can be effectively used to evaluate data leakage. Several near-field measurement techniques combined with appropriate statistical analyses are introduced in the dissertation. The proposed EM side-channel analysis (SCA) methods are used to rapidly localize information leakage on the chip, identify optimal reusable measurement setups to minimize marginal cost of future evaluations, and infer the data values of interest. These methods are used to perform measurement-based evaluations of data leakage from several embedded system applications: (i) Using encryption keys of the advanced encryption standard (AES) algorithm as the data of interest, a multi-stage measurement protocol is introduced to rapidly identify chip locations which are most likely to leak the key, as well as the actual key value; the method was found to be ~2× to ~37× faster than alternatives while using them to evaluate the SCA resilience of several baseline and hardened implementations of AES; (ii) Assuming processor instructions as the data of interest, a hierarchical disassembler is developed to recover the execution trace of programs from a general-purpose micro-controller; the method was found to recover ~97% instructions from several application benchmarks; (iii) Using Bluetooth payload as the data of interest, vulnerable locations on a Bluetooth Low Energy server implementation are isolated, and the data values of the payload are estimated; while the exact data values were not found, the Hamming Weight (HW) of test data was identified with 100% accuracy. These methods provide feasible alternatives to an exhaustive evaluation where data is recovered after measuring all possible computations at every single probe configuration. The feasibility of these methods is inherently dependent on the restrictions placed on evaluators, i.e., the threat model. Thus, a systematic study of protocols suited for different threat models are performed, which also includes the marginal cost comparisons of different SCA attack modalities. Finally, the thesis also introduces novel metrics and modelling methods that improve potency of side-channel security evaluations.Electrical and Computer Engineerin