Cryptology ePrint Archive: Report 2014/190

The Temperature Side Channel and Heating Fault Attacks

Michael Hutter and Jörn-Marc Schmidt

Abstract: In this paper, we present practical results of data leakages of CMOS devices via the temperature side channel---a side channel that has been widely cited in literature but not well characterized yet. We investigate the leakage of processed data by passively measuring the dissipated heat of the devices. The temperature leakage is thereby linearly correlated with the power leakage model but is limited by the physical properties of thermal conductivity and capacitance. We further present heating faults by operating the devices beyond their specified temperature ratings. The efficiency of this kind of attack is shown by a practical attack on an RSA implementation. Finally, we introduce data remanence attacks on AVR microcontrollers that exploit the Negative Bias Temperature Instability (NBTI) property of internal SRAM cells. We show how to recover parts of the internal memory and present first results on an ATmega162. The work encourages the awareness of temperature-based attacks that are known for years now but not well described in literature. It also serves as a starting point for further research investigations.

Category / Keywords: implementation / Temperature, Side Channels, Fault Injection, Negative Bias Temperature Instability, AVR, Smart Cards

Original Publication (with minor differences): CARDIS 2013

Date: received 12 Mar 2014, last revised 27 Mar 2014

Contact author: michael hutter at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Note: corrected male/female mistake in the paper about a cited publication.

Version: 20140327:144744 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]