Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SPERO: Simultaneous Power/EM Side-channel Dataset Using Real-time and Oscilloscope Setups

Yunkai Bai, Rabin Yu Acharya, Domenic Forte

TL;DR

This work tackles the vulnerability of AES implementations to side-channel attacks by leveraging simultaneous power and EM leakage through a compact, open-source platform (RASCv3) and a paired SPERO dataset. The approach integrates higher-resolution ADCs, a larger FPGA, and a printable near-field antenna to enable real-time dual-channel key extraction for both unmasked and masked AES, including a second-order attack on masking. Key contributions include the design and benchmarking of RASCv3 against oscilloscope-based setups, demonstration of real-time and offline dual-channel attacks, and the release of SPERO in ASCAD-compatible format for community use. The work advances practical, portable SCA research and provides valuable data for defense evaluation and further methodological development.

Abstract

Cryptosystem implementations often disclose information regarding a secret key due to correlations with side channels such as power consumption, timing variations, and electromagnetic emissions. Since power and EM channels can leak distinct information, the combination of EM and power channels could increase side-channel attack efficiency. In this paper, we develop a miniature dual-channel side-channel detection platform, named RASCv3 to successfully extract subkeys from both unmasked and masked AES modules. For the unmasked AES, we combine EM and power channels by using mutual information to extract the secret key in real-time mode and the experiment result shows that less measurements-to-disclosure (MTD) is used than the last version (RASCv2). Further, we adopt RASCv3 to collect EM/Power traces from the masked AES module and successfully extract the secret key from the masked AES module in fewer power/EM/dual channel traces. In the end, we generate an ASCAD format dataset named SPERO, which consists of EM and power traces collected simultaneously during unmasked/masked AES module doing encryption and upload to the community for future use.

SPERO: Simultaneous Power/EM Side-channel Dataset Using Real-time and Oscilloscope Setups

TL;DR

This work tackles the vulnerability of AES implementations to side-channel attacks by leveraging simultaneous power and EM leakage through a compact, open-source platform (RASCv3) and a paired SPERO dataset. The approach integrates higher-resolution ADCs, a larger FPGA, and a printable near-field antenna to enable real-time dual-channel key extraction for both unmasked and masked AES, including a second-order attack on masking. Key contributions include the design and benchmarking of RASCv3 against oscilloscope-based setups, demonstration of real-time and offline dual-channel attacks, and the release of SPERO in ASCAD-compatible format for community use. The work advances practical, portable SCA research and provides valuable data for defense evaluation and further methodological development.

Abstract

Cryptosystem implementations often disclose information regarding a secret key due to correlations with side channels such as power consumption, timing variations, and electromagnetic emissions. Since power and EM channels can leak distinct information, the combination of EM and power channels could increase side-channel attack efficiency. In this paper, we develop a miniature dual-channel side-channel detection platform, named RASCv3 to successfully extract subkeys from both unmasked and masked AES modules. For the unmasked AES, we combine EM and power channels by using mutual information to extract the secret key in real-time mode and the experiment result shows that less measurements-to-disclosure (MTD) is used than the last version (RASCv2). Further, we adopt RASCv3 to collect EM/Power traces from the masked AES module and successfully extract the secret key from the masked AES module in fewer power/EM/dual channel traces. In the end, we generate an ASCAD format dataset named SPERO, which consists of EM and power traces collected simultaneously during unmasked/masked AES module doing encryption and upload to the community for future use.
Paper Structure (19 sections, 16 equations, 7 figures, 6 tables, 1 algorithm)

This paper contains 19 sections, 16 equations, 7 figures, 6 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Overview of RASC
  3. What is RASC?
  4. Structure and Specs of RASCv3
  5. Working Modes of RASC
  6. Comparison between RASC and oscilloscope
  7. Near-field Antenna Design
  8. Antenna Principles and Considerations
  9. Antenna Designs Per RASC Version
  10. Quantitative Antenna Comparison
  11. Masked/Unmasked AES Cracking Experiments
  12. Introduction to Masked and Unmasked AES
  13. SPERO Dataset
  14. AES code
  15. Experiment Setup
  16. ...and 4 more sections

Figures (7)

  • Figure 1: RASCv3 cross-sectional structure and CONOP.
  • Figure 2: RASCv3 schematic.
  • Figure 3: Size comparison of oscilloscope, RASCv2, and RASCv3.
  • Figure 4: Near-field antenna comparison. Left is the commercial EM probe, Right top is the printable antenna for RASCv3 board 3. The right middle is the near-field antenna on RASCv3 board 2. The right bottom is the internal antenna inside RASCv2 board 2.
  • Figure 5: Near-field antenna magnitude comparison.
  • ...and 2 more figures