SpringerLink
Log in

On the Security of Off-the-Shelf Microcontrollers: Hardware Is Not Enough

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12609))

  • 577 Accesses

Abstract

We complete the state-of-the-art on the side-channel security of real-world devices by analysing two 32-bit microcontrollers equipped with an unprotected co-processor. Our results show that (i) the lack of understanding of their hardware architecture can be circumvented with standard detection tools – for this purpose, we combine a simple variation of the Test Vector Leakage Assessment methodology with Signal-to-Noise Ratio estimations, which enables the efficient identification of attack vectors; (ii) standard distinguishers then lead to powerful key recoveries with less than 5,000 traces; and (iii) preprocessing like the continuous wavelet transform can be useful in such a black box evaluation context.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Concretely, we only evaluate Eq. 6 at a finite number of coordinates since exploring the entire continuous domain is unpractical.

  2. 2.

    This number corresponds to the AES core and excludes data loadings.

  3. 3.

    For CPA attacks, as they do not output probabilities but correlation scores, the rank estimation algorithm is not optimal and may not represent the worst-case [8]. We then use it as a heuristic bound on the security level of our targets.

  4. 4.

    We are aware of two independent teams who observed similar results.

References

  1. Archambeau, C., Peeters, E., Standaert, F., Quisquater, J.: Template attacks in principal subspaces. In: Goubin L., Matsui M. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2006. CHES 2006. Lecture Notes in Computer Science, vol. 4249, pp. 1–14. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_1

  2. Bellizia, D., et al.: Mode-level vs. implementation-level physical security in symmetric cryptography. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 369–400. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_13

    Chapter  Google Scholar 

  3. Berti, F., Guo, C., Pereira, O., Peters, T., Standaert, F.: TEDT, a leakage-resist AEAD mode for high physical security applications. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(1), 256–320 (2020)

    Google Scholar 

  4. Berti, F., Pereira, O., Peters, T., Standaert, F.: On leakage-resilient authenticated encryption with decryption leakages. IACR Trans. Symmetric Cryptol. 2017(3), 271–293 (2017)

    Article  Google Scholar 

  5. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  6. Bronchain, O., Standaert, F.: Side-channel countermeasures’ dissection and the limits of closed source security evaluations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020, 1–25 (2020)

    Google Scholar 

  7. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  8. Choudary, M.O., Poussier, R., Standaert, F.-X.: Score-based vs. probability-based enumeration – a cautionary note. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 137–152. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49890-4_8

    Chapter  Google Scholar 

  9. Cooper, J., Mulder, E.D., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test vector leakage assessment (TVLA) methodology in practice. In: ICMC (2013)

    Google Scholar 

  10. Debande, N., Souissi, Y., Elaabid, M.A., Guilley, S., Danger, J.: Wavelet transform based pre-processing for side channel analysis. In: MICRO Workshops, pp. 32–38. IEEE Computer Society (2012)

    Google Scholar 

  11. Dinu, D., Kizhvatov, I.: EM analysis in the IoT context: lessons learned from an attack on thread. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 73–97 (2018)

    Article  Google Scholar 

  12. Durvaux, F., Standaert, F.-X.: From improved leakage detection to the detection of points of interests in leakage traces. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 240–262. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_10

    Chapter  MATH  Google Scholar 

  13. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: a complete break of the KeeLoq code hop** scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_12

    Chapter  MATH  Google Scholar 

  14. Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side channel resistance validation. In: NIST Non-Invasive Attack Testing Workshop (2011)

    Google Scholar 

  15. Liu, J., et al.: Small tweaks do not help: differential power analysis of MILENAGE implementations in 3G/4G USIM cards. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 468–480. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_24

    Chapter  Google Scholar 

  16. Mangard, S.: Hardware countermeasures against DPA – a statistical analysis of their effectiveness. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222–235. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24660-2_18

    Chapter  Google Scholar 

  17. Mangard, S., Oswald, E., Standaert, F.: One for all - all for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5, 100–110 (2011)

    Article  Google Scholar 

  18. Moradi, A., Kasper, M., Paar, C.: Black-box side-channel attacks highlight the importance of countermeasures. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27954-6_1

    Chapter  Google Scholar 

  19. Moradi, A., Schneider, T.: Improved side-channel analysis attacks on **linx bitstream encryption of 5, 6, and 7 series. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 71–87. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-43283-0_5

    Chapter  MATH  Google Scholar 

  20. Poussier, R., Standaert, F.-X., Grosso, V.: Simple key enumeration (and rank estimation) using histograms: an integrated approach. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 61–81. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_4

    Chapter  MATH  Google Scholar 

  21. Ronen, E., Shamir, A., Weingarten, A., O’Flynn, C.: IoT goes nuclear: Creating a Zigbee chain reaction. In: IEEE Symposium on Security and Privacy, pp. 195–212. IEEE Computer Society (2017)

    Google Scholar 

  22. Schneider, T., Moradi, A.: Leakage assessment methodology - extended version. J. Cryptogr. Eng. 6(2), 85–99 (2016)

    Article  Google Scholar 

  23. Semiconductors, N.: Kinetis k82 datasheet (2015). https://www.nxp.com/docs/en/data-sheet/K82P121M150SF5.pdf

  24. Semiconductors, N.: Kinetis k82 reference manual (2015). https://www.nxp.com/docs/en/reference-manual/K82P121M150SF5RM.pdf

  25. ST: Stm32l422cb datasheet (2018). https://www.st.com/resource/en/datasheet/stm32l422cb.pdf

  26. ST: Stm32l422cb reference manual (2018). https://www.st.com/resource/en/reference_manual/dm00151940-stm32l41xxx42xxx43xxx44xxx45xxx46xxx-advanced-armbased-32bit-mcus-stmicroelectronics.pdf

  27. Unterstein, F., Schink, M., Schamberger, T., Tebelmann, L., Ilg, M., Heyszl, J.: Retrofitting leakage resilient authenticated encryption to microcontrollers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 365–388 (2020)

    Article  Google Scholar 

  28. Welch, B.L.: The generalization of ‘student’s’ problem when several different population variances are involved. Biometrika 34, 28–35 (1947)

    MathSciNet  MATH  Google Scholar 

  29. Zhou, Y., Yu, Yu., Standaert, F.-X., Quisquater, J.-J.: On the need of physical security for small embedded devices: a case study with COMP128-1 implementations in SIM cards. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 230–238. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_20

    Chapter  Google Scholar 

Download references

Acknowledgments

We thank Colin O’Flynn for useful feedback about the paper. François-Xavier Standaert is a Senior Research Associate of the Belgian Fund for Scientific Research (FNRS-F.R.S.). Work funded in parts by the European Union through the ERC project SWORD (724725) and the European Union & Walloon Region FEDER USERMedia project 501907379156.

Author information

Authors and Affiliations

  1. Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium

    Balazs Udvarhelyi, Antoine van Wassenhove, Olivier Bronchain & François-Xavier Standaert

Authors
  1. Balazs Udvarhelyi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antoine van Wassenhove
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Olivier Bronchain
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Balazs Udvarhelyi .

Editor information

Editors and Affiliations

  1. eShard, Pessac, France

    Pierre-Yvan Liardet

  2. Leiden University and KU Leuven, Leiden, The Netherlands

    Nele Mentens

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Udvarhelyi, B., van Wassenhove, A., Bronchain, O., Standaert, FX. (2021). On the Security of Off-the-Shelf Microcontrollers: Hardware Is Not Enough. In: Liardet, PY., Mentens, N. (eds) Smart Card Research and Advanced Applications. CARDIS 2020. Lecture Notes in Computer Science(), vol 12609. Springer, Cham. https://doi.org/10.1007/978-3-030-68487-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-68487-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-68486-0

  • Online ISBN: 978-3-030-68487-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation