1. Introduction
The numbers and applications of embedded devices and/or the Internet of Things (IoT) are prevailing [
1]. Therefore, the security issues of such devices have drawn much attention recently [
2]. One such security threat is a side-channel attack (SC attack or SCA) [
3]. SCAs exploit informative emissions from integrated circuits (ICs), which can be in the form of electromagnetic radiation (EMR), sound, light, power consumption, and/or timing information.
There are SCA studies related to special-purpose embedded systems [
4,
5,
6,
7]. However, there are relatively few discussions about the EMR of SCAs on general-purpose microcontrollers (MCUs). It has been observed [
8,
9,
10] that when different machine instructions are executed in an MCU, the EMR patterns emitted by the MCU are slightly different. This means there is some execution sequence information leaked through the EMR SC. We call it an “EM-leak” pattern corresponding to each instruction execution EMR SC leakage in this paper. Although it is hard for humans to identify such EM-leak patterns (
Figure 1), numerical analysis [
11] or neural networks (NNs) can be applied to find them.
Every program content and its execution sequence of the same MCU are then identified through the mapping set [
10]. All the necessary instructions can be mapped to these patterns using a specific characterization program (test program) that contains all the EM-leak patterns. The mapping set of “(EM-leak-1, instruction-1),…, (EM-leak-n, instruction-n)” can be constructed once all of the mappings have been found.
The efforts of the work series ([
9,
10,
12,
13,
14]) are generally to build two frameworks: one for data acquisition (methodologies, techniques, platforms, etc.) and the other for data analysis (methodologies, NN model and architectures, generalization of different MCU architecture measurement foundations, etc.) on single-type MCU EM-leak problems. However, this paper focuses on the data acquisition platform improvements only, which mostly belong to the data acquisition part of the work series. As the performance comparisons are to be made meaningfully from the whole system (fair comparisons), the proposed platform comparisons must be described based on the integration of the two frameworks with other parts of the two frameworks remaining the same (an ablation study). We can only choose [
10] for comparison because it is state of the art to the best of the authors’ knowledge.
The current EM-leak studies generally focus on specific functional chips (DSPs, encryption/decryption chips, among others) [
4,
5,
6,
7], while the work series focuses on general-purpose MCU EM-leak issues. In addition, the MCU-EM-leak issues are much harder compared to the specific function chip EM-leak problems. This is because this issue can be generalized to a binary classification problem, which is a special case of this research (a multiple classification problem).
The platform is not used for the encryption process. The purpose of the measurement platform is to gather EMR from MCUs in order to reduce the possibility of SCAs. However, other research on the EMR information leakage of specific chips can benefit from this research.
Each measurement in [
10] has 1,000,000 samples (sample points) of the EMR signal taken every 10 ms. The EMR data sampling rate is 100 samples within µs. The 10 ms EMR measurement period includes approximately 256 machine instructions executed during the period. The EM-leak patterns can be mapped to these instructions using the techniques proposed by [
10]. The data processing procedures can be briefly described as follows: The EMR data are first divided into fragments of EM leaks. By mapping each EM leak into each instruction (
Figure 1), the mapped instruction sequence can be determined. This means the context of any instruction execution sequence can be identified after the mapping set is determined. The mapping procedure will be described in
Section 2.
Although [
10] can be used for a preliminary EMR SCA, there are still difficulties with detail analysis and for different types of embedded systems. In [
10], every EM leak contains 273 samples, and the identification is performed by an NN. The instruction can be roughly identified from the EM leak by the NN. Although it is better than random guessing (about 6.25% accuracy) for six times improvement, the analysis accuracy is still very low (top1 accuracy
37.78%). However, it is the best result to the authors’ knowledge.
The measurement may be the source of the problem. The delicate fluctuation characteristics of the waveform might not be captured because each EM leak only has 273 samples. This could result in the NN learning too few features, which would lower analysis precision. The low resolution also hinders the method applied to other types of MCU architectures, such as FPGA-based softcore MCUs. The accuracy of the final data analysis will be impacted by the fact that every movement of the measurement platform will result in a small positional displacement and subtle data measurement distortion.
Due to the above problems, this paper proposes an automated EM-leak measurement method. It uses a Cartesian robot as the measurement platform, which not only reduces the motion displacement but also improves the sampling rate using automation. These improvements can increase EM-leak features used in NN analysis.
In the previous study [
10], the device under test (DUT) was limited to general-purpose MCUs (the DUT is the microchip dsPIC33EP512MC202 MCU). As the original platform can only be moved and measured manually, it is only suitable for ASIC-like MCU EM-leak analysis. For more flexible circuit designs, such as FPGAs, the platform cannot find any features good enough for EM-leak pattern identification. It may be that, at low resolutions, the pattern features cannot be effectively identified, and the mapping fails.
The proposed automation platform in this paper increases the sampling rate up to 1428 samples within µs (14X higher than [
10]) and reduces motion displacement errors, thereby improving signal analysis and mapping capabilities. Thus, the proposed platform extends the EM-leak feature analysis to FPGA-IPs as a new DUT and increases the application field.
This paper adopts the similar NN analysis method as [
10] and focuses on improving an integrated software and hardware platform to improve measurement stability, automatic controllability, and measurement repeatability, and reduce measurement manpower.
5. Conclusions
The usage of embedded devices is increasing, and the security concerns of these devices are important. This paper optimizes the design of an electromagnetic side-channel leakage (EM-leak) measurement platform.
To make accurate EM-leak measurements upon different DUTs (dsPIC MCU and FPGA-IP), a previously designed platform is improved in this paper. By modifying the original platform to the gantry-type robotic arm, the positional stability and repeatability of the measurements are improved. Using the synchronization signal normalization algorithm, EM-leak fragmentation accuracy is improved.
When data are collected automatedly, manual interventions and errors can be reduced. As the data measuring resolution increases, more EM-leak features can be extracted for neural network (NN) model training and verification. The improvements can help to build better EM-leak identification models and finally improve prediction accuracy.
From the authors’ viewpoint, the proposed platform indeed makes non-trivial improvements. Through the proposed platform, the sampling rate is increased by 14.28 times, and the resolution is increased by 14.28 times. Due to the GI reduction skills we introduced, the measurement time needed can be reduced from 14.28X to 3.16X. In addition, using the automation algorithm, the on-site manpower can be further reduced to 0.0196X.
When the resolution is increased, the top1 NN accuracy of the dsPIC is slightly improved by 1.46%. There is a new DUT in this paper: an FPGA-CPU-IP. To the authors’ best knowledge, this is the first report that the EM-leak measurement platform can be extended to other types of FPGA-CPU-IP DUTs. The accuracy is quite high compared to the previous platform; the top1 accuracy is 98.71%. In the previous study, a valid NN model could not even be built. Its accuracy even outperforms the dsPIC both in the original and new proposed platforms.
We think the possible reason may be that the CPU0 is easier to be distinguished at higher resolutions. However, the dsPIC microcontroller is a two-stage pipelined MCU. When an instruction is executed, the EM-leak pattern contains two consecutive instructions that are executed at the same time inside the MCU, which complicates the model identification process. Therefore, although the improvement of resolution is beneficial to EM-leak analysis, the pipelined MCU is inherently more difficult to identify. As the NN model building method and the data processing procedures are the same, the observation justifies that a higher sample rate may be essential.
Through this paper, a newly proposed platform indeed improves the NN model accuracy on the EM-leak analysis problem with fewer positional errors, higher data acquisition resolution, better data process algorithms, and more control automation. The platform can be extended to different types of ICs for EM-leak studies. In the future, the authors will continue to improve the platform and data processing algorithms for better EM-leak understanding.