Electronics Guide

Electromagnetic Analysis

Electromagnetic analysis (EMA) captures the electromagnetic emanations from electronic devices during cryptographic operations. These emanations correlate with internal data values and operations, potentially revealing secret keys.

Simple electromagnetic analysis (SEMA) directly interprets emanation patterns to identify operations and data. Different instructions produce different electromagnetic signatures, and by observing these signatures during cryptographic operations, an attacker may identify which operations occur. If the sequence of operations depends on key bits, the key can be recovered.

Differential electromagnetic analysis (DEMA) uses statistical techniques to extract key information from many measurements. By correlating emanations with hypothesized intermediate values for different key guesses, the correct key hypothesis produces higher correlation than incorrect guesses. DEMA can succeed even when individual measurements are noisy.

Higher-order attacks combine multiple points in the emanation trace to defeat countermeasures that split sensitive values. These attacks require more measurements but can overcome protections designed against first-order analysis.

Measurement equipment for EMA includes near-field probes positioned close to target devices, broadband amplifiers, and high-speed digitizers. Software tools process captured traces to perform statistical analysis and extract key information.

Power Analysis

Power analysis attacks measure the power consumption of devices during cryptographic operations. The current drawn by CMOS circuits depends on the data being processed, creating a power signature that leaks information.

Simple power analysis (SPA) directly interprets power traces to identify operations. Conditional branches based on key bits may produce visibly different power patterns, revealing the key to visual inspection.

Differential power analysis (DPA) applies statistical techniques to extract key information from noisy measurements. By measuring power during many cryptographic operations with known inputs, an attacker can correlate power consumption with hypothesized intermediate values to determine the correct key.

Power analysis requires less expensive equipment than electromagnetic analysis and may be easier to set up. However, electromagnetic analysis can provide spatial resolution unavailable to power analysis, potentially isolating specific circuit blocks.

Timing Attacks

Timing attacks exploit variations in execution time that depend on secret data. If cryptographic operations take different amounts of time depending on key or data values, measuring these timing differences can reveal secrets.

Cache timing attacks exploit microprocessor cache behavior. Memory accesses that hit the cache are faster than those that miss. If cache access patterns depend on secret data, measuring timing variations reveals information about those secrets.

Branch prediction and speculative execution create additional timing channels. Processor optimizations that depend on data values can create measurable timing differences exploitable by attackers.

Timing attacks can sometimes be conducted remotely over networks, without physical access to target devices. Network timing measurements are noisier but can still succeed with sufficient measurements.

Acoustic Analysis

Electronic components produce acoustic emissions through mechanical effects of electrical switching. Capacitors, inductors, and transformers can emit sounds correlated with the data being processed.

Keyboard acoustic analysis captures the sounds of typing to recover entered text. Different keys produce different sounds due to mechanical and positional differences, enabling keystroke recognition.

Processor acoustic emissions from voltage regulators and decoupling capacitors can reveal cryptographic operations. While challenging to exploit, acoustic channels have been demonstrated against various targets.

Acoustic attacks can use commodity equipment including smartphone microphones, making them accessible to unsophisticated attackers if targets are within acoustic range.

Electromagnetic Fault Injection

Electromagnetic fault injection (EMFI) uses localized electromagnetic pulses to induce faults in target devices. A probe positioned near the target generates a brief, intense electromagnetic field that disrupts circuit operation.

EMFI can induce various fault types depending on the pulse characteristics and target location:

• Bit flips in registers or memory cells
• Instruction skips where processors fail to execute specific instructions
• Data corruption on internal buses
• Clock glitches affecting timing-critical operations

Precise spatial targeting allows EMFI to affect specific circuit blocks while leaving others undisturbed. This selectivity enables sophisticated attacks targeting particular security-critical operations.

EMFI equipment ranges from simple coils driven by high-current pulses to sophisticated probe stations with precise positioning and timing control. The precision achievable with advanced equipment enables attacks that simpler setups cannot accomplish.

Voltage Glitching

Voltage glitching involves briefly disrupting the power supply to induce faults. Momentary voltage drops or spikes can cause computational errors that compromise security.

Glitches on the main power supply affect the entire device but may be easier to implement than targeted attacks. Timing the glitch to coincide with security-critical operations is essential for successful exploitation.

Voltage fault injection is particularly effective against devices with limited security features. Simple microcontrollers may have readily exploitable vulnerabilities to voltage manipulation.

Power supply filtering and monitoring can detect some voltage attacks, but sophisticated glitches that remain within normal operating ranges may escape detection.

Clock Glitching

Clock glitching introduces disturbances in clock signals to cause timing violations. Momentary clock speed increases can cause setup or hold time violations, leading to incorrect data capture.

Clock attacks are often easier to implement than voltage attacks because clock signals are more accessible. External crystal oscillators and clock inputs provide attack surfaces.

Faults induced by clock glitching affect operations at specific clock edges, potentially providing precise control over which instructions are affected.

Internal clock generation and monitoring can protect against external clock manipulation, but may add cost and complexity to designs.

Laser Fault Injection

Laser fault injection uses focused light to induce localized faults through the photoelectric effect. Lasers can target specific transistors or memory cells with high precision.

Frontside attacks through the device package require optical access, which may be prevented by opaque packaging. Backside attacks through the silicon substrate can target devices with opaque frontside packaging.

Laser attacks require expensive equipment including precision positioning systems and appropriate laser sources. However, they offer unmatched precision for targeting specific circuit elements.

Countermeasures against laser attacks include active light sensors, metal shielding layers, and randomized circuit layouts that make targeting difficult.

Differential Fault Analysis

Differential fault analysis (DFA) exploits faulty computations to extract cryptographic keys. By comparing correct outputs with faulty outputs produced by fault injection, attackers can derive key information.

DFA against block ciphers like AES can recover the key from a small number of faulty ciphertexts. Mathematical analysis relates the difference between correct and faulty outputs to specific key bytes.

Effective DFA requires controlled fault injection that produces exploitable faults without completely corrupting the output. Random or excessive faults may not provide useful information.

Countermeasures against DFA include redundant computation with comparison, randomized execution, and fault detection mechanisms that suppress faulty outputs.

Near-Field Probing

Near-field electromagnetic probes positioned close to integrated circuits can capture emanations from specific circuit regions. Small loop and dipole probes provide spatial resolution enabling analysis of individual functional blocks.

Scanning across the device surface while capturing emanations creates electromagnetic maps showing where information-leaking signals originate. This spatial information guides targeted analysis and helps identify security-critical components.

Near-field probing stations include precision positioning systems, broadband amplifiers, and synchronized acquisition systems. Automated scanning and analysis software processes collected data.

Probe resolution is limited by probe size and the distance to the target. Smaller probes provide better resolution but capture weaker signals. Probing through packaging is possible but reduces resolution and signal strength.

Electromagnetic Injection

Electromagnetic probes can inject signals into circuits as well as receive them. Injected signals can alter circuit behavior, interfere with legitimate signals, or carry modulated information into the device.

Signal injection through power supply or I/O connections can introduce malicious signals into devices. Filtering and isolation protect against conducted injection, but determined attackers may find paths around protections.

Near-field injection provides spatial selectivity for targeting specific circuit regions. Combined with precise timing, injection can affect particular operations while leaving others undisturbed.

The boundary between electromagnetic fault injection and electromagnetic injection is blurred; both use similar techniques but may target different effects.

RF and Microwave Probing

Higher frequency probing extends electromagnetic analysis to microwave frequencies where modern processors operate. Multi-gigahertz signals require specialized equipment but may reveal information not accessible at lower frequencies.

Microwave probing can couple to on-chip interconnects and clock distribution networks. These high-frequency structures may carry information-rich signals.

Equipment for microwave probing includes spectrum analyzers, microwave probes, and high-bandwidth digitizers. The complexity and cost of this equipment limits its accessibility.

Wireless Channel Attacks

Radio channels are inherently accessible to anyone within range, creating opportunities for attacks:

Eavesdropping captures wireless transmissions for analysis. Even encrypted communications reveal traffic patterns and timing that may provide useful intelligence. Unencrypted or weakly encrypted communications can be directly compromised.

Jamming prevents legitimate communication by overwhelming receivers with interference. Targeted jamming can selectively disable specific communications while leaving others operational.

Spoofing injects false signals that receivers accept as legitimate. Authentication mechanisms protect against spoofing but may be bypassed or overwhelmed.

Relay attacks extend the range of short-range protocols by relaying signals between distant points. Keyless entry systems and contactless payment cards are vulnerable to relay attacks that overcome intended range limitations.

RFID and NFC Security

Radio frequency identification (RFID) and near-field communication (NFC) systems face specific electromagnetic security threats:

Skimming reads RFID credentials at distances greater than intended. Attackers can capture card data from targets passing through reader range, enabling cloning or fraudulent use.

Relay attacks allow attackers to make payments or gain access by relaying communication between a victim's card and a reader controlled by the attacker. Real-time relay defeats range limitations.

Power analysis of RFID tags can reveal secret keys stored on tags, enabling cloning of access credentials or payment cards.

Shielding using RFID-blocking wallets and sleeves prevents unauthorized reading. Proper wallet design actually provides signal attenuation rather than complete blocking.

Bluetooth and WiFi Attacks

Short-range wireless technologies including Bluetooth and WiFi have electromagnetic security implications:

Protocol attacks exploit weaknesses in security protocols, but electromagnetic access enables these attacks from distances greater than designers anticipated with directional antennas.

Deauthentication attacks disconnect legitimate clients by spoofing management frames. This can enable downgrade attacks or denial of service.

Evil twin attacks create malicious access points that impersonate legitimate networks. Clients connecting to the evil twin expose their traffic to attackers.

Tracking uses unique identifiers broadcast by wireless devices to follow individuals. MAC address randomization provides some protection but may be defeated.

Secure Design Principles

Designing hardware resistant to electromagnetic attacks requires attention throughout the design process:

Constant-time implementation ensures that execution time does not depend on secret data values. This protects against timing attacks and may reduce power and electromagnetic leakage.

Balanced logic styles use dual-rail or similar techniques where power consumption is independent of data values. These approaches increase area and power but reduce side-channel leakage.

Randomization techniques including masking, shuffling, and dummy operations obscure the relationship between secret values and observable properties. Multiple levels of randomization provide defense in depth.

Fault detection mechanisms identify when errors occur and suppress faulty outputs. Redundant computation with comparison is a common approach, though it increases power and area.

Secure Elements

Secure elements are dedicated hardware components designed to protect sensitive operations and data:

Smart cards and secure microcontrollers implement physical countermeasures against side-channel and fault attacks. Certification testing verifies resistance to known attack techniques.

Hardware security modules (HSMs) protect cryptographic keys and perform secure operations within tamper-resistant enclosures. HSMs provide certified protection for sensitive applications.

Trusted Platform Modules (TPMs) provide hardware-based security functions including secure key storage and attestation. TPMs protect against software attacks but may still be vulnerable to physical attacks.

Secure enclaves in general-purpose processors isolate sensitive computations from potentially compromised operating systems. While primarily addressing software attacks, some implementations include electromagnetic protections.

Physical Unclonable Functions

Physical unclonable functions (PUFs) derive cryptographic keys from manufacturing variations unique to each device. PUFs provide hardware-bound authentication and key generation:

SRAM PUFs use the initial state of SRAM cells at power-up, which varies between devices due to random manufacturing variations.

Ring oscillator PUFs compare frequencies of nominally identical oscillators, which vary due to manufacturing tolerances.

Arbiter PUFs measure timing differences through nominally identical paths, exploiting delay variations from manufacturing.

PUFs face challenges from environmental variation, aging, and potential electromagnetic attacks that might characterize or influence PUF responses.

Hardware Trojans

Hardware Trojans are malicious modifications to electronic circuits that create backdoors, leak information, or sabotage operation. Trojans may be introduced during design, fabrication, or assembly:

Design-stage Trojans are modifications to design files by malicious insiders or through compromised design tools. These Trojans may be difficult to detect because they appear as intended design features.

Fabrication-stage Trojans are modifications during semiconductor manufacturing. Untrusted foundries could insert Trojans that are not present in the design files.

Assembly-stage Trojans include substitution of counterfeit or modified components during board assembly. Supply chain controls must verify component authenticity.

Trojans may be designed to remain dormant until triggered by specific conditions, evading detection during normal testing.

Trojan Detection

Electromagnetic techniques contribute to hardware Trojan detection:

Side-channel analysis compares the electromagnetic signatures of suspect devices against known-good references. Trojans that affect power consumption or electromagnetic emissions may be detected through statistical analysis.

Ring oscillator networks detect process variations that might indicate unauthorized modifications. Trojans that modify nearby circuits may affect ring oscillator frequencies.

Imaging techniques including X-ray, infrared, and acoustic microscopy can reveal physical modifications to chips or boards.

Trojan detection remains challenging because well-designed Trojans are small relative to the overall circuit and may be specifically designed to evade detection techniques.

Counterfeit Detection

Counterfeit electronic components pose reliability and security risks. Detection techniques include:

Visual inspection identifies obvious counterfeits through marking errors, package defects, or evidence of remarking.

Electrical testing verifies that components meet specifications. Counterfeits may fail parametric tests or behave differently under stress conditions.

Material analysis using X-ray fluorescence or other techniques verifies that materials match manufacturer specifications.

Physical inspection including decapsulation and microscopy examines die markings and construction details.

Supply chain security programs establish trusted sources, maintain chain of custody, and implement testing appropriate to risk levels.

Attacker Capabilities

Electromagnetic attacks require varying levels of resources and expertise:

Low-resource attackers can conduct basic attacks using inexpensive equipment. Simple power analysis, timing attacks, and basic fault injection are accessible to moderately skilled individuals with modest budgets.

Well-resourced attackers have access to sophisticated equipment and expert knowledge. Advanced attacks including differential power analysis, electromagnetic analysis, and laser fault injection require specialized equipment and expertise.

Nation-state attackers can apply essentially unlimited resources to high-value targets. They may develop novel attack techniques and have capabilities not publicly known.

Protection measures should be calibrated to the anticipated threat level. Protecting against sophisticated attacks is expensive, and not all assets warrant such protection.

Risk Assessment

Risk assessment considers the value of protected assets, the capability of potential attackers, and the cost and effectiveness of protection measures:

Asset valuation identifies what is at stake if security is compromised. Financial losses, safety impacts, privacy violations, and reputational damage all contribute to asset value.

Threat modeling identifies who might attack, why they would attack, and what capabilities they might bring. Realistic threat models avoid both under-protection and over-protection.

Vulnerability assessment identifies weaknesses that threats might exploit. Understanding electromagnetic vulnerabilities requires specialized expertise and may require testing.

Cost-benefit analysis compares the cost of protection against the expected loss from successful attacks. Protection should be proportionate to risk.

Continuous Assessment

Threat landscapes evolve as new attack techniques are developed and new technologies create new vulnerabilities:

Academic research regularly publishes new attack techniques and countermeasures. Staying current with research ensures awareness of emerging threats.

Standards evolution reflects changing understanding of threats and defenses. Updated certification requirements may indicate new threats that should be addressed.

Incident analysis from attacks on similar systems provides real-world threat intelligence. Learning from others' experiences improves defensive posture.

Red team exercises test defenses against realistic attacks. Regular testing validates protection effectiveness and identifies weaknesses.

Circuit-Level Countermeasures

Circuit-level countermeasures reduce information leakage and fault susceptibility:

Dual-rail logic styles make power consumption and electromagnetic emissions independent of data values. Every data value and its complement are represented, so transitions always involve equal numbers of rising and falling edges.

Asynchronous circuits eliminate the clock signal that provides a reference for attacks. Without a clock, synchronizing measurements with operations becomes more difficult.

On-chip shielding and filtering reduce electromagnetic emissions and increase immunity to external fields. Metal layers and decoupling capacitors can contain or absorb interference.

Active tampering countermeasures detect environmental conditions (temperature, voltage, light, electromagnetic fields) outside normal ranges and trigger protective responses.

Algorithm-Level Countermeasures

Algorithm-level countermeasures protect secrets regardless of circuit implementation:

Masking splits secret values into multiple shares such that the shares reveal nothing individually. Operations on masked values maintain the sharing, protecting intermediate values from leakage.

Shuffling randomizes the order of operations so that attackers cannot predict which operation produces a given measurement. Combined with masking, shuffling provides defense in depth.

Blinding randomizes inputs and outputs to cryptographic operations, preventing attackers from correlating measurements with known values.

Protocol-level protections including limits on authentication attempts and key freshness requirements limit the measurements attackers can obtain.

System-Level Countermeasures

System-level countermeasures address threats that individual components cannot mitigate:

Shielding enclosures contain electromagnetic emissions and protect against external interference. The level of shielding should match the threat model.

Filtering on power and signal lines prevents conducted attack paths and reduces conducted emissions.

Physical security controls access to prevent adversaries from positioning equipment for attacks. Tamper-evident features reveal attempted physical access.

Environmental monitoring detects unusual conditions that might indicate attacks. Responses can include shutdown, key erasure, or alerting.

Operational Countermeasures

Operational practices complement technical protections:

Key management limits the exposure of individual keys. Key rotation, hierarchical key structures, and secure key destruction reduce the value of extracted keys.

Anomaly detection identifies unusual patterns that might indicate attacks. Failed authentication attempts, unusual access patterns, or unexpected system behavior trigger investigation.

Incident response procedures address suspected or confirmed electromagnetic attacks. Rapid response limits damage and enables learning from incidents.

Detection and Identification

Electromagnetic attacks may be detected through various indicators:

• Anomalous sensor readings from tamper detection systems
• Unusual patterns in system behavior or authentication failures
• Physical evidence of device tampering or proximity of unknown equipment
• Intelligence indicating specific threats against the organization
• Security research revealing vulnerabilities in deployed systems

Early detection enables response before attackers achieve their objectives. However, sophisticated attacks may evade detection entirely.

Containment and Eradication

Once an electromagnetic attack is suspected or confirmed, response focuses on limiting damage:

Immediate actions may include removing potentially compromised devices from service, revoking potentially compromised keys, and enhancing monitoring for related activity.

Evidence preservation maintains system state and logs for later analysis. Changes to systems should be documented to distinguish attack effects from response actions.

Root cause analysis determines how the attack succeeded and what information or capabilities were compromised. This analysis informs both remediation and prevention.

Recovery and Lessons Learned

Recovery returns systems to secure operation while lessons learned prevent recurrence:

System restoration may require redeployment of equipment, key regeneration, and verification of system integrity before returning to service.

Improvement actions address vulnerabilities exploited in the attack. Technical, procedural, and monitoring improvements reduce the risk of similar attacks.

Information sharing within appropriate communities helps others defend against similar attacks. Threat intelligence benefits from shared experience.