Far Field Electromagnetic Side Channel Analysis of AES

Abstract: Side-Channel Attacks (SCAs) have become a realistic threat to implementations of cryptographic algorithms. By utilizing the unintentionally leaked side-channel information during the execution of a cryptographic algorithm, it is possible to bypass the theoretical strength of the algorithm and extract its secret key. Recently, far-field electromagnetic (EM) emissions have been used in SCAs to extract keys from mixed- signal chips used in wireless communication protocols (such as Bluetooth). In such type of chips, the EM leakage is mixed with radio carrier and accidentally amplified by the antenna. Attacks exploiting such far-field EM side-channels may succeed over a much longer distance than the attacks based on near-field EM side-channels. Therefore, it is necessary to further investigate far-field EM side channels.In this thesis, we perform far-field EM side-channel attacks using two techniques: correlation and template analysis. We analyse an Arm Cortex-M4 microprocessor implementation of Advanced Encryption Standard (AES)-128 with a Bluetooth module on different distances up to 50cm. We first evaluate how the inter-chip diversity and the distance can affect the attack efficiency of template analysis. Our current results show that a template constructed using traces from one device captured at distance d can recover the secret key from 4,000 traces from the d device captured at the same distance d. However, if the distance is changed, or if traces are captured from different devices, the attack fails. This shows that it is not sufficient to build a template based on traces captured from a single device at a fixed distance. In addition, we present a pre- processing technique for allocating leakage points, which can significantly improve the attack efficiency of correlation analysis.