When I've presented side-channel power analysis attacks, I always use an oscilloscope or ADC that measures analog voltage variations. This is logical because side-channel power analysis attacks exploit the small changes in device power when it executes different instructions or even processes different data. This made it seem like a purely analog attack. Attackers need measurement access, such as a shunt resistor or electromagnetic probe. But what if attackers could use a purely digital interface, one that is already on your board, like the JTAG interface?
Things you always thought were safe might have hidden dangers. In this case, I will show you how a a side-channel power analysis attack occurs through the JTAG interface. But first, the background.
Back in the March 2024 issue of Circuit Cellar (Issue 404, "It's About Time: When Timing Attacks Reveal Power Usage), I recreated the work of a paper presented at CHES 2023 titled "JitSCA: Jitter-based Side-Channel Analysis in Picoscale Resolution", by Kai Schoos, Sergej Meschkov, Mehdi B. Tahoori, and Dennis R. E. Gnad.[1] In this article, I will present an extension of my talk at CHES 2024. If you want to see the full article entitled "Phase Modulation Side Channels: Jittery JTAG for On-Chip Voltage Measurements"[2] use a link to both the original paper and my extension available in article resources.
PHASE MODULATION LEAKAGE
In my March 2024 column, I recreated the JitSCA paper to demonstrate how small changes in the phase of a clock directly leak a power trace. In the previous column, I used a basic voltage divider; here, I'm using an RF mixer component. While RF mixers are normally used to create a signal based on frequency differences, they will also give an output related to a phase difference of two signals.
This story is from the September 2024 edition of Circuit Cellar.
Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.
Already a subscriber ? Sign In
This story is from the September 2024 edition of Circuit Cellar.
Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.
Already a subscriber? Sign In
Renesas New RA8 Entry-Line MCU Groups Brings High Performance of Arm Cortex-M85 Processor to Cost-Sensitive Applications with Market-Leading CoreMark Performance
Renesas Electronics Corp., a premier supplier of advanced semiconductor solutions, introduced the RA8E1 and RA8E2 microcontroller (MCU) groups, extending the industry's most powerful series of MCUs.
Same Sky Expands AMT Absolute Encoder Line to Support Larger Shaft Sizes
Same Sky's Motion & Control Group announced the addition of a new series to its innovative AMT absolute encoder family designed to support larger motor shaft sizes from 9mm to 15.875mm (5/8 inch).
XP Power Launches New Series of Low-Profile, Baseplate-Cooled DC-DC Brick Converters
The RDF150 and RDF200 series are the latest additions to the RDF series of low-profile, baseplate-cooled, ultra-wide input DC-DC brick converters, which is already available in power outputs of 25W and 50W.
HMI Introduces Ultra-Low Voltage 12-bit GPIO Expander with Interrupt Output
HMI, a leading provider of advanced analog and power management technologies, announced the launch of its HL5310, an innovative ultra-low voltage 12-bit GPIO expander featuring interrupt output.
The Future of Embedded Chip Design Navigating the Chip Creation Space
Custom Silicon at Lower Cost, Reduced Development Time
The Long and Winding Road
From Maxim's RS-232 to WeMos ESP32: So Much to Do, So Little Time
Start to Finish Driving LCDs
Lumex Display with Microchip Driver for a TI MCU
Easing the Path for App Releases
Managed Development of React Native with Expo
Datasheet: Tiny Embedded Boards
Deliver Power, Performance, and Versatility in Meager Square Millimeters
Harvesting Ambient Energy
Hybrid Power Sources Cut IoT Battery Dependency
