research-article

Scandalee: a side-channel-based disassembler using local electromagnetic emanations

Authors:

Christof PaarAuthors Info & Claims

DATE '15: Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition

Pages 139 - 144

Published: 09 March 2015 Publication History

Get Access

Abstract

Side-channel analysis has become a well-established topic in the scientific community and industry over the last one and a half decade. Somewhat surprisingly, the vast majority of work on side-channel analysis has been restricted to the "use case" of attacking cryptographic implementations through the recovery of keys. In this contribution, we show how side-channel analysis can be used for extracting code from embedded systems based on a CPU's electromagnetic emanation. There are many applications within and outside the security community where this is desirable. In cryptography, it can, e.g., be used for recovering proprietary ciphers and security protocols. Another broad application field is general security and reverse engineering, e.g., for detecting IP violations of firmware or for debugging embedded systems when there is no debug interface or it is proprietary.

A core feature of our approach is that we take localized electromagnetic measurements that are spatially distributed over the IC being analyzed. Given these multiple inputs, we model code extraction as a classification problem that we solve with supervised learning algorithms. We apply a variant of linear discriminant analysis to distinguish between the multiple classes. In contrast to previous approaches, which reported instruction recognition rates between 40--70%, our approach detects more than 95% of all instructions for test code, and close to 90% for real-world code. The methods are thus very relevant for use in practice. Our method performs dynamic code recognition, which has both advantages (only the program parts that are actually executed are observed) but also limitations (rare code executions are difficult to observe).

References

[1]

P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Proceedings of CRYPTO 1996, volume 1109 of Lecture Notes in Computer Science, pages 104--113. Springer, 1996.

Digital Library

Google Scholar

[2]

P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. J. Wiener, editor, Proceedings of CRYPTO 1999, volume 1666 of Lecture Notes in Computer Science, pages 388--397. Springer, 1999.

Digital Library

Google Scholar

[3]

Jean-Jacques Quisquater and David Samyde. ElectroMagnetic Analysis (EMA): Measures and countermeasures for smart cards. In E-SMART '01: Proceedings of the International Conference on Research in Smart Cards, pages 200--210, London, UK, 2001. Springer.

Digital Library

Google Scholar

[4]

Martin Goldack. Side-channel based reverse engineering for microcontrollers. Diploma thesis, Ruhr-University Bochum, 2008. https://www.emsec.rub.de/media/attachments/files/2012/10/da_goldack.pdf.

Google Scholar

[5]

Thomas Eisenbarth, Christof Paar, and Björn Weghenkel. Building a side channel based disassembler. Transactions on Computational Science, 10: 78--99, 2010.

Digital Library

Google Scholar

[6]

IC Insights, Inc. MCU market on migration path to 32-bit and ARM-based devices. http://www.icinsights.com/news/bulletins/MCU-Market-On-Migration-Path-To-32bit-And-ARMbased-Devices/.

Google Scholar

[7]

Jean-Jacques Quisquater and David Samyde. Automatic code recognition for smartcards using a Kohonen neural network. In Peter Honeyman, editor, CARDIS. USENIX, 2002.

Digital Library

Google Scholar

[8]

Mehari Msgna, Konstantinos Markantonakis, and Keith Mayes. Precise instruction-level side channel profiling of embedded processors. In Xinyi Huang and Jianying Zhou, editors, Information Security Practice and Experience, volume 8434 of Lecture Notes in Computer Science, pages 129--143. Springer, 2014.

Digital Library

Google Scholar

[9]

Microchip Technology Inc. PIC16F631/677/685/687/689/690 Data Sheet, 2007. http://ww1.microchip.com/downloads/en/DeviceDoc/41262d.pdf.

Google Scholar

[10]

Jerome H. Friedman. Another approach to polychotomous classification. Technical report, Department of Statistics, Stanford University, 1996.

Google Scholar

[11]

ARM Limited. Cortex-M0 Devices Generic User Guide, A edition, 2009. http://infocenter.arm.com/help/topic/com.arm.doc.dui0497a/DUI0497A_cortex_m0_r0p0_generic_ug.pdf.

Google Scholar

Cited By

View all

Mahmoud DLenders VStojilović M(2022)Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous EraACM Computing Surveys10.1145/349833755:3(1-40)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498337
Park JXu XJin YForte DTehranipoor M(2018)Power-based side-channel instruction-level disassemblerProceedings of the 55th Annual Design Automation Conference10.1145/3195970.3196094(1-6)Online publication date: 24-Jun-2018
https://dl.acm.org/doi/10.1145/3195970.3196094
Dürmuth MOswald DPastewka NPayer MMangard SWeippl EKatzenbeisser SFan XGüneysu T(2016)Side-Channel Attacks on Fingerprint Matching AlgorithmsProceedings of the 6th International Workshop on Trustworthy Embedded Devices10.1145/2995289.2995294(3-13)Online publication date: 28-Oct-2016
https://dl.acm.org/doi/10.1145/2995289.2995294
Show More Cited By

Index Terms

Scandalee: a side-channel-based disassembler using local electromagnetic emanations

Recommendations

Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds
EUROCRYPT'10: Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques

AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). While for AES-128, ...
Impossible differential cryptanalysis of reduced-round ARIA and Camellia

This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no ...
DES with any reduced masked rounds is not secure against side-channel attacks

The literature offers several efficient masking methods for providing resistance to side-channel attacks against iterative block ciphers, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). One of the proposed methods is to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

DATE '15: Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition

March 2015

1827 pages

ISBN:9783981537048

General Chair:
Wolfgang Nebel
OFFIS & University of Oldenburg, DE
,
Program Chair:
David Atienza
EPFL, CH

Publisher

EDA Consortium

San Jose, CA, United States

Publication History

Published: 09 March 2015

Check for updates

Qualifiers

Research-article

Conference

DATE '15

Sponsor:

EDAA
EDAC
SIGDA
Russian Acadamy of Sciences

DATE '15: Design, Automation and Test in Europe

March 9 - 13, 2015

Grenoble, France

Acceptance Rates

DATE '15 Paper Acceptance Rate 206 of 915 submissions, 23%;

Overall Acceptance Rate 518 of 1,794 submissions, 29%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
125
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mahmoud DLenders VStojilović M(2022)Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous EraACM Computing Surveys10.1145/349833755:3(1-40)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498337
Park JXu XJin YForte DTehranipoor M(2018)Power-based side-channel instruction-level disassemblerProceedings of the 55th Annual Design Automation Conference10.1145/3195970.3196094(1-6)Online publication date: 24-Jun-2018
https://dl.acm.org/doi/10.1145/3195970.3196094
Dürmuth MOswald DPastewka NPayer MMangard SWeippl EKatzenbeisser SFan XGüneysu T(2016)Side-Channel Attacks on Fingerprint Matching AlgorithmsProceedings of the 6th International Workshop on Trustworthy Embedded Devices10.1145/2995289.2995294(3-13)Online publication date: 28-Oct-2016
https://dl.acm.org/doi/10.1145/2995289.2995294
Callan RBehrang FZajic APrvulovic MOrso AZeller ARoychoudhury A(2016)Zero-overhead profiling via EM emanationsProceedings of the 25th International Symposium on Software Testing and Analysis10.1145/2931037.2931065(401-412)Online publication date: 18-Jul-2016
https://dl.acm.org/doi/10.1145/2931037.2931065

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds

Impossible differential cryptanalysis of reduced-round ARIA and Camellia

DES with any reduced masked rounds is not secure against side-channel attacks