Electromagnetic Attacks and Countermeasures
Introduction and History
EM is a side-channel with a long history of rumors and leaks associated with its use for espionage. It is well known that defense organizations across the world are paranoid about limiting EM emanations from their equipment and facilities and conduct research on EM attacks and defenses in total secrecy. In the United States, such work is classified under the codename “TEMPEST” which is believed to be an acronym for “transient electromagnetic pulse emanation standard”. In January 2001, in response to a Freedom of Information Act (FOIA) request, some documents related to TEMPEST such as NACSIM 5000 tempest fundamentals, NACSEM 5112 NONSTOP evaluation techniques and NSTISSI no. 7000 TEMPEST countermeasures for facilities were released in redacted form and can be downloaded from the website http://www.cryptome.org.
KeywordsSmart Card Clock Signal Simple Power Analysis Montgomery Multiplication Wideband Radio
- D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi. The EM side-channel(s). In B. Kaliski, Ç. K. Koç, and C. Paar editors, Proceedings of CHES 2002, Lecture Notes in Computer Science, vol. 2523, pp. 29–45, Springer, 2002.Google Scholar
- A. V. Borovik and C. D. Walter. A Side Channel Attack on Montgomery Multiplication. Private technical report, Datacard platform seven, July 1999.Google Scholar
- S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi. Towards sound approaches to counteract power-analysis attacks. In M. Wiener editor, Proceedings of Advances in Cryptology, CRYPTO ’99 Lecture Notes in Computer Science, vol. 1666, pp. 398–412, Springer, 1999.Google Scholar
- Dynamic R1550. Dynamic Sciences International Inc, R 1550 Receiver. Spec- ifications available at http://www.dynamic-sciences.com/r1550.html.
- K. Gandolfi, C. Mourtel, and F. Olivier. Electromagnetic analysis: Concrete results. In Ç. K. Koç, D. Naccache, and C. Paar editors, Proceedings of CHES 2001, Lecture Notes in Computer Science, vol. 2162, pp. 251–261, Springer, 2001.Google Scholar
- L. Goubin and J. Patarin. DES and Differential power analysis (The “Duplication” method). In Ç. K. Koç and C. Paar editors, Proceedings of CHES 1999, Lecture Notes in Computer Science, vol. 1717, pp. 158–172. Springer, 1999.Google Scholar
- P. C. Kocher and J. Jaffe, and B. Jun. Differential power analysis. In M. Wiener editor, Proceedings of Advances in Cryptology CRYPTO ’99, Lecture Notes in Computer Science, vol. 1666, pp. 388–397, Springer-Verlag, 1999.Google Scholar
- M. G. Kuhn and R. J. Anderson. Soft tempest: Hidden data transmission using electromagnetic emanations. In D. Aucsmith editor, Information Hiding 1998, Lecture Notes in Computer Science 1525, pp. 124–143, Springer-Verlag, 1998.Google Scholar
- J.-J. Quisquater and D. Samyde. Electromagnetic analysis (EMA): Measures and countermeasures for smart cards. In Proceedings of e-Smart 2001, Lectures Notes in Computer Science (LNCS), vol. 2140, pp. 200–210, Springer, 2001.Google Scholar
- W. Schindler. A Timing attack against RSA with chinese remainder theorem. In Ç. K. Koç and C. Paar (eds.) Proceedings of CHES 2000, Lecture Notes in Computer Science, vol. 1965, pp. 109–124, Springer, 2000.Google Scholar
- W. van Eck. Electromagnetic radiation from video display units: An evesdropping risk? Computers & Security, vol. 4, pp. 269–286, 1985.Google Scholar
- C. D. Walter and S. Thompson. Distinguishing exponent digits by observing modular subtractions. In D. Naccache editor, Proceedings of CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020, pp. 192–207, 2001.Google Scholar