Attacking at non-harmonic frequencies in screaming-channel attacks

TL;DR

This paper investigates screaming-channel attacks at non-harmonic frequencies, challenging the assumption that leakage is confined to clock harmonics. It introduces two leakage localisation methods—t-test based and pattern-detection—and demonstrates leakage presence across a broad spectral band. Experimental results on a Bluetooth-enabled mixed-signal device show that non-harmonic leakage can recover the AES-128 key with comparable efficiency to harmonic leakage, even in noisy conditions and at several meters distance, often with fewer traces. The work broadens the attack surface for EM side-channel threats and motivates the development of defenses that consider non-harmonic leakage channels.

Abstract

Screaming-channel attacks enable Electromagnetic (EM) Side-Channel Attacks (SCAs) at larger distances due to higher EM leakage energies than traditional SCAs, relaxing the requirement of close access to the victim. This attack can be mounted on devices integrating Radio Frequency (RF) modules on the same die as digital circuits, where the RF can unintentionally capture, modulate, amplify, and transmit the leakage along with legitimate signals. Leakage results from digital switching activity, so the hypothesis of previous works was that this leakage would appear at multiples of the digital clock frequency, i.e., harmonics. This work demonstrates that compromising signals appear not only at the harmonics and that leakage at non-harmonics can be exploited for successful attacks. Indeed, the transformations undergone by the leaked signal are complex due to propagation effects through the substrate and power and ground planes, so the leakage also appears at other frequencies. We first propose two methodologies to locate frequencies that contain leakage and demonstrate that it appears at non-harmonic frequencies. Then, our experimental results show that screaming-channel attacks at non-harmonic frequencies can be as successful as at harmonics when retrieving a 16-byte AES key. As the RF spectrum is polluted by interfering signals, we run experiments and show successful attacks in a more realistic, noisy environment where harmonic frequencies are contaminated by multi-path fading and interference. These attacks at non-harmonic frequencies increase the attack surface by providing attackers with an increased number of potential frequencies where attacks can succeed.

Figures (13)

• Figure 1: Leakage presence over the spectrum: The Fourier transform of a signal having a period Tclk consists of peaks at both odd harmonics (green peaks) and even harmonics (blue peaks) of frequency $F_{clk}$ = $1/T_{clk}$.
• Figure 2: Screaming-channel attacks: The conventional leakage of the digital part perturbates the rf module of the analog part, present on the same die. The radio transceivers here modulate the leakage around the frequency of the legitimate signal and transmit it at a longer distance (up to several meters).
• Figure 3: Experimental setup: (\ref{['fig:wired_setup']}) shows our wired setup for noiseless experiments and (\ref{['fig:setup_7meters']}) an attacker at 7 meters from the victim. This last one contains: 1) (blue arrow) the victim PCA10040 device running AES and transmitting a Bluetooth signal at $2.4$ GHz.; and 2) (orange arrow) the sdr device that collects the data-correlated leakage from the victim.
• Figure 4: Signal processing steps for leakage collection: a) The SDR device collects the leakage at the targeted frequency, potentially containing leakage. b) Trace segmentation is processed on the demodulated signal. c) After being segmented, the leakage is low-pass filtered at 550KHz to reduce noise.
• Figure 5: vt guillaume_VirtualTriggeringTechnique_2022: Knowing the precise duration between 2 cp executions $L_{cp}$ enables the segmentation of a raw trace. Splitting this raw trace in segments whose starts are separated by $L_{cp}$ returns segments all containing leakage of one cp execution. Averaging these segments returns a reduced-noise segment, which can be used as a pattern