Abstract
For the last ten years, side channel research has focused on extracting data leakage with the goal of recovering secret keys of embedded cryptographic implementations. For about the same time it has been known that side channel leakage contains information about many other internal processes of a computing device.
In this work we exploit side channel information to recover large parts of the program executed on an embedded processor. We present the first complete methodology to recover the program code of a microcontroller by evaluating its power consumption only. Besides well-studied methods from side channel analysis, we apply Hidden Markov Models to exploit prior knowledge about the program code. In addition to quantifying the potential of the created side channel based disassembler, we highlight its diverse and unique application scenarios.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Bishop, C.M.: Pattern Recognition and Machine Learning (Information Science and Statistics). Springer, Heidelberg (August 2006)
Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)
Clavier, C.: Side Channel Analysis for Reverse Engineering (Scare) - an Improved Attack Against a Secret a3/a8 gsm Algorithm. Cryptology ePrint Archive, Report 2004/049 (2004), http://eprint.iacr.org/
Durbin, R., Eddy, S., Krogh, A., Mitchison, G.: Biological Sequence Analysis: Probabilistic Models of Proteins and Nucleic Acids. Cambridge University Press, Cambridge (1998)
Fink, G.A.: Markov Models for Pattern Recognition. Springer, Heidelberg (2008)
Goldack, M.: Side-Channel Based Reverse Engineering for Microcontrollers. Master’s thesis, Ruhr-Universität Bochum, Germany (2008)
Igel, C., Glasmachers, T., Heidrich-Meisner, V.: Shark. Journal of Machine Learning Research 9, 993–996 (2008)
Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and other Systems. In: Koblitz, N.I. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
MacKay, D.: Information Theory, Inference and Learning Algorithms. Cambridge University Press, Cambridge (2003)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks. Springer, Heidelberg (2007)
Microchip Technology Inc. MPASM Assembler, MPLINK Object Linker, MPLIB Object Librarian User’s Guide (2005), http://ww1.microchip.com/downloads/en/DeviceDoc/33014J.pdf
Novak, R.: Side-Channel Attack on Substitution Blocks. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 307–318. Springer, Heidelberg (2003)
Permadi, E.: The Hardware Side of Cryptography. Personal Blog, http://edipermadi.wordpress.com/
Quisquater, J.-J., Samyde, D.: Automatic Code Recognition for Smart Cards using a Kohonen Neural Network. In: Proceedings of the 5th Smart Card Research and Advanced Application Conference, CARDIS 2002. USENIX Association, Berkeley (2002)
Rabiner, L.R.: A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition. Proceedings of the IEEE 77(2), 257–286 (1989)
Rechberger, C., Oswald, E.: Practical Template Attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005)
Schindler, W., Lemke, K., Paar, C.: A Stochastic Model for Differential Side Channel Cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)
Skorobogatov, S.P.: Semi-Invasive Attacks – A New Approach to Hardware Security Analysis. PhD thesis, University of Cambridge (April 2005), http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf
Standaert, F.-X., Archambeau, C.: Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008)
Standaert, F.-X., Koeune, F., Schindler, W.: How to Compare Profiled Side-Channel Attacks. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 485–498. Springer, Heidelberg (2009)
Tolmie, S.: PIC Sample Code in C, http://www.microchipc.com/
Vermoen, D.: Reverse Engineering of Java Card Applets using Power Analysis. Master’s thesis, TU Delft (2006), http://ce.et.tudelft.nl/publicationfiles/1162_634_thesis_Dennis.pdf
Web site. Program Code for Keeloq Decryption, http://www.pic16.com/bbs/dispbbs.asp?boardID=27&ID=19437
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Eisenbarth, T., Paar, C., Weghenkel, B. (2010). Building a Side Channel Based Disassembler. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science X. Lecture Notes in Computer Science, vol 6340. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17499-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-17499-5_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17498-8
Online ISBN: 978-3-642-17499-5
eBook Packages: Computer ScienceComputer Science (R0)