Cryptology ePrint Archive: Report 2019/230

Location, location, location: Revisiting modeling and exploitation for location-based side channel leakages

Christos Andrikos and Lejla Batina and Lukasz Chmielewski and Liran Lerman and Vasilios Mavroudis and Kostas Papagiannopoulos and Guilherme Perin and Giorgos Rassias and Alberto Sonnino

Abstract: Near-field microprobes have the capability to isolate small regions of a chip surface and enable precise measurements with high spatial resolution. Being able to distinguish the activity of small regions has given rise to the location-based sidechannel attacks, which exploit the spatial dependencies of cryptographic algorithms in order to recover the secret key. Given the fairly uncharted nature of such leakages, this work revisits the location side-channel to broaden our modeling and exploitation capabilities. Our contribution is threefold. First, we provide a simple spatial model that partially captures the effect of location-based leakages. We use the newly established model to simulate the leakage of different scenarios/countermeasures and follow an information-theoretic approach to evaluate the security level achieved in every case. Second, we perform the first successful location-based attack on the SRAM of a modern ARM Cortex-M4 chip, using standard techniques such as difference of means and multivariate template attacks. Third, we put forward neural networks as classifiers that exploit the location side-channel and showcase their effectiveness on ARM Cortex-M4, especially in the context of single-shot attacks and small memory regions. Template attacks and neural network classifiers are able to reach high spacial accuracy, distinguishing between 2 SRAM regions of 128 bytes each with 100% success rate and distinguishing even between 256 SRAM byte-regions with 32% success rate. Such improved exploitation capabilities revitalize the interest for location vulnerabilities on various implementations, ranging from RSA/ECC with large memory footprint, to lookup-table-based AES with smaller memory usage.

Category / Keywords: implementation / Side-channel analysis, location leakage, microprobe, template attack, neural network, ARM Cortex-M

Date: received 26 Feb 2019

Contact author: kostaspap88 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20190228:190423 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]