Enhancing side-channel analysis through measurement, and high-power IEMI generation

TR Number

Date

2026-01-07

Journal Title

Journal ISSN

Volume Title

Publisher

Virginia Tech

Abstract

In today's interconnected world, the use of hardware security modules (HSMs) or trusted platform modules (TPMs) has been growing rapidly. These devices are the foundation of many security measures, using cryptographic algorithms to ensure the confidentiality and integrity of sensitive data. For example, an HSM in the vehicle's electronic control units (ECU) safeguards vehicle communications and functional control systems using cryptography. However, these devices are not immune to attacks, as an adversary can gain easy physical access (or be in close vicinity) to the device or communication medium. One such attack is side-channel analysis (SCA). This work proposes an effective methodology to launch power SCA and increase the efficiency of the attack by improving the measurements. The research examines heuristics related to measurement parameters, investigate ways to optimize the parameters, determine their effects empirically, and provide a theoretical analysis to support the findings. This work introduces a novel, measurement-focused methodology that is attack-agnostic, leveraging multi-sensor fusion with a Kalman filter to enhance SCA data resolution and significantly reduce the number of measurements needed for successful attacks. We propose and realize a low-cost, low-noise, multi-sensor measurement board to demonstrate the effectiveness of our approach. The board enables the independent but coupled measurement of both a device's power consumption and the associated electromagnetic field it produces, which we combine with a Kalman filter to improve the accuracy of the power measurement. This enhanced data quality can significantly boost the efficiency of SCA, independent of the chosen attack method(s).

The second phase of this research investigates intentional electromagnetic interference (IEMI), a wireless attack where an adversary uses an electromagnetic field in close proximity to induce a specific secondary effect on a target device. Unlike typical cyberattacks that exploit software vulnerabilities, this attack bypass conventional cybersecurity defenses by targeting the hardware layer directly with limited or zero physical access to the target device. The research focuses on the hardware architecture and design of two distinct amplifier types: one capable of operating across a wide range of frequencies, and a second that functions as a high-power single-tone amplifier capable of sourcing power to radiators in the kilowatts range. This work demonstrates the effectiveness of the proposed hardware through two distinct applications: wireless vehicle fingerprinting and a novel "wireless spiking" technique on smart locks, where an attacker wirelessly bypasses standard security measures to lock or unlock the device.

Description

Keywords

Side Channel Analysis, Sensor Fusion, Hardware Security, IEMI, Amplifier

Citation