Arm PSA-Certified IoT Chip Security: A Case Study

作     者：Fei Chen Duming Luo Jianqiang Li Victor C.M.Leung Shiqi Li Junfeng Fan Fei Chen;Duming Luo;Jianqiang Li;Victor C.M.Leung;Shiqi Li;Junfeng Fan

作者机构：College of Computer Science and Software EngineeringShenzhen UniversityShenzhen 518060China Department of Electrical and Computer Engineeringthe University of British ColumbiaVancouverBC V6T 1Z4Canada Open Security ResearchInc.Shenzhen 518000China 

出 版 物：《Tsinghua Science and Technology》 (清华大学学报（自然科学版（英文版）)

年 卷 期：2023年第28卷第2期

页      面：244-257页

核心收录：

学科分类：080904[工学-电磁场与微波技术] 12[管理学] 13[艺术学] 0809[工学-电子科学与技术（可授工学、理学学位）] 08[工学] 1305[艺术学-设计学（可授艺术学、工学学位）] 0810[工学-信息与通信工程] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 081104[工学-模式识别与智能系统] 080402[工学-测试计量技术及仪器] 0804[工学-仪器科学与技术] 081001[工学-通信与信息系统] 081101[工学-控制理论与控制工程] 0811[工学-控制科学与工程] 

基　　金：This work was partially supported by the National Natural Science Foundation of China(Nos.61872243 and U1713212) Guangdong Basic and Applied Basic Research Foundation(No.2020A1515011489) the Natural Science Foundation of Guangdong Province-Outstanding Youth Program(No.2019B151502018) Shenzhen Science and Technology Innovation Commission(No.R2020A045) 

主　　题：Internet of Things(IoT)security chip Arm Platform Security Architecture(PSA)certification electromagnetic side-channel attack Advanced Encryption Standard(AES)encryption key leakage 

摘      要：With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem *** security significantly relies on the security of the underlying hardware chip,which often contains critical information,such as encryption *** understand existing IoT chip security,this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture(PSA)Level 2 *** analysis shows that the chip leaks part of the encryption key and presents a considerable security ***,we use commodity equipment to collect electromagnetic traces of the *** a statistical T-test,we find that the target chip has physical leakage during the AES encryption *** further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard(AES)encryption *** the basis of the intermediate value correlation analysis,we recover half of the 16-byte AES encryption *** repeat the process for three different tests;in all the tests,we obtain the same result,and we recover around 8 bytes of the 16-byte AES encryption ***,experimental results indicate that despite the Arm PSA Level 2 certification,the target security chip still suffers from physical *** layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.