Cryptographic Side-Channel Analysis on the Primary Side of Switching-Mode Power Supplies
Attacks based on side-channel analyses have been demonstrated to be practical on a wide variety of devices ranging from small single-purpose chips to large general-purpose SoCs and CPUs. As a consequence, standards and end-users are increasingly demanding that devices be resistant to side-channel attacks. Typically, a successful analysis requires some proximity to a device to acquire either a measurement of the current flowing into the device or the change in the electromagnetic field around a device. This raises an interesting question that is especially relevant in the context of FIPS/CMVP and defense applications. How applicable are these attacks for devices that meet tamper-resistance/tamper-detection, or EM resistance standards, by means of a metal enclosure and or EM shield? While our practical experience indicates that commercial systems with tamper-resistant/tamper-responding enclosures meeting FIPS 140 requirements still leak a small amount of EM energy sufficient for side-channel attacks, one can imagine that products could be specifically designed with far more extensive EM shielding to suppress potentially compromising EM emissions. For such systems, the only viable access to side-channel information would be the external power supply, for example, the primary line of a device’s internal switching-mode power supply (SMPS) that supplies its internal components. This presentation demonstrates that even the primary side of a SMPS signal contains enough information to successfully mount attacks based on side-channel leakage.