Reverse Engineering Microprocessor Content Using Electromagnetic Radiation
MetadataVis full innførsel
Moore’s law has, for almost half a century, described a trend in which the number of transistors in integrated circuits have been doubled every year. Properties, such as processing speed, memory capacity and physical size of circuits, are strongly linked to Moore’s prediction. Integrated circuits, such as microprocessors, therefore get smaller yet more and more powerful. The combination of smaller size and larger capacity allow more and more functionality to be included in small microprocessor devices, such as smart phones and smart cards. This includes security related functions, such as confidentiality, integrity, availability and non-repudiation. The use of microprocessor devices is said to make fraud more difficult, however, research has found them susceptible to side-channel attacks. Sensitive information can escape via side-channels such as power consumption or electromagnetic radiation (EMR). When a microprocessor executes its program, power consumption (or resulting EMR) can be used to reveal the content of program and/or data memory of the microprocessor. The correlation between power consumption and microprocessor activity has found many uses: to recover cryptographic keys, to reveal hidden hardware faults, to create a covert channel or to reverse engineer the code executed. This is concerning, considering the increasing demand for and dependability upon microprocessors in secure applications. This thesis contributes by building a more realistic model of the arsenal available to an adversary engaged in reverse engineering microprocessor content through the electromagnetic side-channel. This includes; (i) presenting a new attack, resembling wireless skimming, (ii) a method for in-depth analysis of EMR and better understanding of what and how much EMR is necessary to launch an attack, (iii) a new power model that better explains the underlying phenomena and (iv) a non-invasive method for reverse engineering physical properties based on EMR. The Wireless Covert Channel Attack (WCCA) contributes towards exploiting the electromagnetic side-channel in a new attack and attack scenario for microprocessor smart cards. The attack brings together knowledge from different fields; electromagnetic sidechannels, covert channels and subversion. The scenario assumes that a highly skilled insider is able to hide a small program (subversive code) on a microprocessor smart card in an early stage of the products life cycle. During normal use of the smart card, the subversive code intentionally manipulates the electromagnetic side-channel, creating a covert channel that can potentially broadcast the cards internal secrets to a nearby receiver. The attack is launched without possession of the card and is, therefore, unlikely to be detected by the user. The feasibility of the attack has been demonstrated on modern, high-security cards with all available security features activated, which demonstrates that attacks resembling wireless skimming are feasible. This contribution highlights the importance of life-cycle security focus for products used in secure applications. Challenges faced by WCCA and other side-channel attacks are: What and how much of the available EMR is necessary to launch an attack, and how do choices affect the efficiency of the attack? This thesis recognizes reverse engineering microprocessor content as a pattern recognition problem, and can therefore address these challenges as a feature selection problem. A comparison of several multi-class feature selection methods by their performance in a WCCA application is provided. Combining these results with the template attack provides a method for in-depth analysis of the electromagnetic side-channel. This method was applied to data transfer on the microprocessor’s internal buses, which gave new insight as to the underlying phenomena and revealed that commonly used power models are not suitable to explain the level of detail achieved by Bayesian classification (e.g. template attack). This thesis provides the hypothesis that the classification results can be explained by layout dependent phenomena (LDP). LDP include; (i) inductance and capacitance of conductors, (ii) inductance and capacitance between conductors, (iii) wireless transmission characteristics (i.e. antenna properties) of conductors and other circuit elements and (iv) complex combinations of these phenomena. Simulations and experiments are provided that give new insight as to how capacitance between bus-wires (capacitive crosstalk) influence the energy dissipation and the resulting radiated electromagnetic field in any physical implementation of a digital circuit (e.g. microprocessor). A new power model, based on capacitive crosstalk, is proposed, which better explains the classification results achieved. This can improved side-channel exploitation capabilities. The new power model shows that energy dissipation (i.e. EMR) is a function of internal physical structures of the microprocessor. It can therefore improve the performance of sidechannel attacks that rely upon a good power model to be successful (e.g. power analysis attacks). A spinoff of this result is that if the microprocessor activity is known, it should be possible to reverse engineer physical structures of the microprocessor. This thesis provides a non-invasive method for determining the relative position of internal bus wires based on known transition pattern and the influence of capacitive crosstalk on EMR. By including other LDP it should be possible to reverse engineer other physical structures of the microprocessor. This is, to the best of our knowledge, a new application area for electromagnetic side-channel information and holds potential for future work.
SerieDoktorgradsavhandlinger ved Høgskolen i Gjøvik;2/2011
Doctoral dissertations at Gjøvik University College;2/2011