Leaky Noise: New Side-Channel Attack Vectors in Mixed-Signal IoT Devices
Keywords:microcontroller, side-channel, leakage assessment, ADC, noise, power, analysis, on-chip, remote, software, internet-of-things, mbedtls, freertos, cpa
Microcontrollers and SoC devices have widely been used in Internet of Things applications. This also brings the question whether they lead to new security threats unseen in traditional computing systems. In fact, almost all modern SoC chips, particularly in the IoT domain, contain both analog and digital components, for various sensing and transmission tasks. Traditional remote-accessible online systems do not have this property, which can potentially become a security vulnerability. In this paper we demonstrate that such mixed-signal components, namely ADCs, expose a new security threat that allows attackers with ADC access to deduce the activity of a CPU in the system. To prove the leakage, we perform leakage assessment on three individual microcontrollers from two different vendors with various ADC settings. After showing a correlation of CPU activity with ADC noise, we continue with a leakage assessment of modular exponentiation and AES. It is shown that for all of these devices, leakage occurs for at least one algorithm and configuration of the ADC. Finally, we show a full key recovery attack on AES that works despite of the limited ADC sampling rate. These results imply that even remotely accessible microcontroller systems should be equipped with proper countermeasures against power analysis attacks, or restrict access to ADC data.
How to Cite
Copyright (c) 2019 Dennis R. E. Gnad, Jonas Krautter, Mehdi B. Tahoori
This work is licensed under a Creative Commons Attribution 4.0 International License.