Paper 2023/693

LeakyOhm: Secret Bits Extraction using Impedance Analysis

Saleh Khalaj Monfared, Worcester Polytechnic Institute
Tahoura Mosavirik, Worcester Polytechnic Institute
Shahin Tajik, Worcester Polytechnic Institute

The threat of physical side-channel attacks and their countermeasures is a widely researched field. Most physical side-channel attacks rely on the unavoidable influence of computation or storage on voltage or current fluctuations. Such data-dependent influence can be exploited by, for instance, power or electromagnetic analysis. In this work, we introduce a novel non-invasive physical side-channel attack, which exploits the data-dependent changes in the impedance of the chip. Our attack relies on the fact that the temporarily stored contents in registers alter the physical characteristics of the circuit, which results in changes in the die's impedance. To sense such impedance variations, we deploy a well-known RF/microwave method called scattering parameter analysis, in which we inject sine wave signals with high frequencies into the system's power distribution network (PDN) and measure the echo of the signals. We demonstrate that according to the content bits and physical location of a register, the reflected signal is modulated differently at various frequency points enabling the simultaneous and independent probing of individual registers. Such side-channel leakage violates the $t$-probing security model assumption used in masking, which is a prominent side-channel countermeasure. To validate our claims, we mount non-profiled and profiled impedance analysis attacks on hardware implementations of unprotected and high-order masked AES. We show that in the case of profiled attack, only a single trace is required to recover the secret key. Finally, we discuss how a specific class of hiding countermeasures might be effective against impedance leakage.

Available format(s)
Attacks and cryptanalysis
Publication info
Impedance AnalysisSide-Channel AttackScattering ProfilingMasked ImplementationTemplate Attacks
Contact author(s)
skmonfared @ wpi edu
tmosavirik @ wpi edu
stajik @ wpi edu
2023-09-14: last of 5 revisions
2023-05-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Saleh Khalaj Monfared and Tahoura Mosavirik and Shahin Tajik},
      title = {LeakyOhm: Secret Bits Extraction using Impedance Analysis},
      howpublished = {Cryptology ePrint Archive, Paper 2023/693},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.