Paper 2019/230

Location, location, location: Revisiting modeling and exploitation for location-based side channel leakages

Christos Andrikos, Lejla Batina, Lukasz Chmielewski, Liran Lerman, Vasilios Mavroudis, Kostas Papagiannopoulos, Guilherme Perin, Giorgos Rassias, and Alberto Sonnino


Near-field microprobes have the capability to isolate small regions of a chip surface and enable precise measurements with high spatial resolution. Being able to distinguish the activity of small regions has given rise to the location-based sidechannel attacks, which exploit the spatial dependencies of cryptographic algorithms in order to recover the secret key. Given the fairly uncharted nature of such leakages, this work revisits the location side-channel to broaden our modeling and exploitation capabilities. Our contribution is threefold. First, we provide a simple spatial model that partially captures the effect of location-based leakages. We use the newly established model to simulate the leakage of different scenarios/countermeasures and follow an information-theoretic approach to evaluate the security level achieved in every case. Second, we perform the first successful location-based attack on the SRAM of a modern ARM Cortex-M4 chip, using standard techniques such as difference of means and multivariate template attacks. Third, we put forward neural networks as classifiers that exploit the location side-channel and showcase their effectiveness on ARM Cortex-M4, especially in the context of single-shot attacks and small memory regions. Template attacks and neural network classifiers are able to reach high spacial accuracy, distinguishing between 2 SRAM regions of 128 bytes each with 100% success rate and distinguishing even between 256 SRAM byte-regions with 32% success rate. Such improved exploitation capabilities revitalize the interest for location vulnerabilities on various implementations, ranging from RSA/ECC with large memory footprint, to lookup-table-based AES with smaller memory usage.

Available format(s)
Publication info
Published elsewhere. Minor revision. ASIACRYPT 2019
Side-channel analysislocation leakagemicroprobetemplate attackneural networkARM Cortex-M
Contact author(s)
kostaspap88 @ gmail com
2019-09-11: last of 2 revisions
2019-02-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Christos Andrikos and Lejla Batina and Lukasz Chmielewski and Liran Lerman and Vasilios Mavroudis and Kostas Papagiannopoulos and Guilherme Perin and Giorgos Rassias and Alberto Sonnino},
      title = {Location, location, location: Revisiting modeling and exploitation for location-based side channel leakages},
      howpublished = {Cryptology ePrint Archive, Paper 2019/230},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.