Paper 2016/473

Exploiting the Physical Disparity: Side-Channel Attacks on Memory Encryption

Thomas Unterluggauer and Stefan Mangard


Memory and disk encryption is a common measure to protect sensitive information in memory from adversaries with physical access. However, physical access also comes with the risk of physical attacks. As these may pose a threat to memory confidentiality, this paper investigates contemporary memory and disk encryption schemes and their implementations with respect to Differential Power Analysis (DPA) and Differential Fault Analysis (DFA). It shows that DPA and DFA recover the keys of all the investigated schemes, including the tweakable block ciphers XEX and XTS. This paper also verifies the feasibility of such attacks in practice. Using the EM side channel, a DPA on the disk encryption employed within the ext4 file system is shown to reveal the used master key on a Zynq Z-7010 system on chip. The results suggest that memory and disk encryption secure against physical attackers is at least four times more expensive.

Available format(s)
Publication info
Published elsewhere. COSADE 2016
memory encryptionside-channel attackpower analysisDPAfault analysisDFAext4
Contact author(s)
thomas unterluggauer @ iaik tugraz at
2016-05-17: received
Short URL
Creative Commons Attribution


      author = {Thomas Unterluggauer and Stefan Mangard},
      title = {Exploiting the Physical Disparity: Side-Channel Attacks on Memory Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2016/473},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.