{"title":"嵌入式蓝牙低功耗模块数据泄漏的EM侧信道分析","authors":"Vishnuvardhan V. Iyer, Ali E. Yılmaz","doi":"10.1109/WAMICON57636.2023.10124916","DOIUrl":null,"url":null,"abstract":"A two-phase measurement method is presented to evaluate Bluetooth low energy (BLE) modules’ vulnerability to electromagnetic side-channel analysis attacks. In both phases, signals are collected by probing the fields near the surface of a chip that operates as a generic attribute profile (GATT) server, while it receives and processes data via Bluetooth. In Phase I, first optimal measurement configurations—time intervals, probe positions, probe orientations—are identified by computing the analysis-of-variance (ANOVA) F-statistic on signals collected from a multitude of such configurations while a few carefully chosen data are repeatedly sent to the GATT server. Then, these configurations are used to construct a reference database by collecting additional signals as specific additional data are sent to the GATT server. In Phase II, the chip is monitored using the optimal measurement configurations and the collected signals are compared to those in the database to extract the data. This side-channel analysis attack is shown to recover the Hamming weights of arbitrary data sent to the GATT server with ~99% success rate.","PeriodicalId":270624,"journal":{"name":"2023 IEEE Wireless and Microwave Technology Conference (WAMICON)","volume":"118 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"EM Side-Channel Analysis of Data Leakage Near Embedded Bluetooth Low Energy Modules\",\"authors\":\"Vishnuvardhan V. Iyer, Ali E. Yılmaz\",\"doi\":\"10.1109/WAMICON57636.2023.10124916\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A two-phase measurement method is presented to evaluate Bluetooth low energy (BLE) modules’ vulnerability to electromagnetic side-channel analysis attacks. In both phases, signals are collected by probing the fields near the surface of a chip that operates as a generic attribute profile (GATT) server, while it receives and processes data via Bluetooth. In Phase I, first optimal measurement configurations—time intervals, probe positions, probe orientations—are identified by computing the analysis-of-variance (ANOVA) F-statistic on signals collected from a multitude of such configurations while a few carefully chosen data are repeatedly sent to the GATT server. Then, these configurations are used to construct a reference database by collecting additional signals as specific additional data are sent to the GATT server. In Phase II, the chip is monitored using the optimal measurement configurations and the collected signals are compared to those in the database to extract the data. This side-channel analysis attack is shown to recover the Hamming weights of arbitrary data sent to the GATT server with ~99% success rate.\",\"PeriodicalId\":270624,\"journal\":{\"name\":\"2023 IEEE Wireless and Microwave Technology Conference (WAMICON)\",\"volume\":\"118 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE Wireless and Microwave Technology Conference (WAMICON)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAMICON57636.2023.10124916\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Wireless and Microwave Technology Conference (WAMICON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAMICON57636.2023.10124916","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
EM Side-Channel Analysis of Data Leakage Near Embedded Bluetooth Low Energy Modules
A two-phase measurement method is presented to evaluate Bluetooth low energy (BLE) modules’ vulnerability to electromagnetic side-channel analysis attacks. In both phases, signals are collected by probing the fields near the surface of a chip that operates as a generic attribute profile (GATT) server, while it receives and processes data via Bluetooth. In Phase I, first optimal measurement configurations—time intervals, probe positions, probe orientations—are identified by computing the analysis-of-variance (ANOVA) F-statistic on signals collected from a multitude of such configurations while a few carefully chosen data are repeatedly sent to the GATT server. Then, these configurations are used to construct a reference database by collecting additional signals as specific additional data are sent to the GATT server. In Phase II, the chip is monitored using the optimal measurement configurations and the collected signals are compared to those in the database to extract the data. This side-channel analysis attack is shown to recover the Hamming weights of arbitrary data sent to the GATT server with ~99% success rate.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
