Description
Side-channel based attacks (SCBA) are mostly found in the field of cryptoanalysis,
where a side-channel is used to figure out a secret key or the inner workings of a
cryptographic system. But lately this kind of attack has been adapted to different
areas.
One of these areas is side-channel based disassembling, where a side-channel,
like power consumption or electromagnetic emanation (EM) is used to determine
which instruction is currently being executed by the CPU. Until now, this was mostly
applied to 8-bit micro-controller (MCU), where the noise factor is mostly negligible,
and no concurrent pipeline exists.
In contrast, this thesis focuses on the implementation and testing of an EM based
side-channel disassembler on a 32-bit RISC-V core using Machine Learning (ML).
First, EM traces were recorded. Then, several statistical analyses were performed
to check the susceptibility of the CPU to a side-channel attack. This was done by
first performing a fixed vs. fixed t-test, followed by a correlated point of interest
(CPOI) analysis. As the results were promising, attacks were performed.
Template attack (TA)s and attacks using machine learning where performed with
the goal to determine the underlying instructions of the respective EM trace.
Although no attack was performed successfully, there is still a large potential in
this research field.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching