Combined Internal Attacks on SoC-FPGAs: Breaking AES with Remote Power Analysis and Frequency-based Covert Channels

In recent years, the field of side-channel analysis has observed a revolution in the design of the attack methodology. Conventional approaches which require the use of highly specialized equipment like oscilloscopes and spectrum analyzers, despite highly precise, might be regarded as impractical in some scenarios. On the other hand, the use of less-accurate internal sensors which can monitor the power footprint of a circuit has risen in popularity. Delay sensors have shown promising results. These structures are interesting since they can be implemented from regular hardware resources available in most circuits. This means that components already available in the target platform might be leveraged to implement a side-channel attack. Moreover, it has been shown that is not necessary to have direct access to the platform to carry out such an attack; which implies that if there is a remote link such as Ethernet, an adversary might be able to perform Remote Power Analysis (RPA) of the system. So far, the main challenge for the success of this kind of attack is the problem of cutting and aligning the power traces. This is usually achieved through secondary digital channels which carry some trigger information. In this paper, we simplify the conditions for an RPA attack to take place. Namely, our method mitigates the need for connecting digital triggers to the remote sensor. We demonstrate this approach by performing a successful key recovery on a hardware implementation of AES.