Active electromagnetic attacks on secure hardware

The field of side-channel attacks on cryptographic hardware has been extensively studied. In many cases it is easier to derive the secret key from these attacks than to break the cryptography itself. One such side-channel attack is the electromagnetic side-channel attack, giving rise to electromagnetic analysis (EMA). EMA, when otherwise known as 'TEMPEST' or 'compromising eman-ations', has a long history in the military context over almost the whole of the twentieth century. The US military also mention three related attacks , believed to be: HIJACK (modulation of secret data onto conducted signals), NONSTOP (modulation of secret data onto radiated signals) and TEAPOT (intentional malicious emissions). In this thesis I perform a fusion of TEAPOT and HIJACK/NONSTOP techniques on secure integrated circuits. An attacker is able to introduce one or more frequencies into a cryptographic system with the intention of forcing it to misbehave or to radiate secrets. I demonstrate two approaches to this attack. To perform the reception, I assess a variety of electromagnetic sensors to perform EMA. I choose an inductive hard drive head and a metal foil electric field sensor to measure near-field EM emissions. The first approach, named the re-emission attack, injects frequencies into the power supply of a device to cause it to modulate up baseband signals. In this way I detect data-dependent timing from a 'secure' micro-controller. Such up-conversion enables a more compact and more distant receiving antenna. The second approach involves injecting one or more frequencies into the power supply of a random number generator that uses jitter of ring oscillators as its random number source. I am able to force injection locking of the oscillators, greatly diminishing the entropy available. I demonstrate this with the random number generators on two commercial devices. I cause a 2004 EMV banking smartcard to fail statistical test suites by generating a periodicity. For a secure 8-bit microcontroller that has been used in banking ATMs, I am able to reduce the random number entropy from 2 32 to 225. This enables a 50% probability of a successful attack on cash withdrawal in 15 attempts. Acknowledgments This work would not have been possible without the support of a large number of people. Firstly, a number of parts were done in collaboration with others. I'd like to thank the following for the contributions they made: • Andrew West laid out the antennas for the Lochside Emissions Testing Block (ETB). • …