Physical MITRE EMB3D and ADF Mapping

Device includes a microprocessor (MITRE EM3ED PID-11)

Cryptographic Algorithm Implementation

• Keys: Cryptographic Algorithm Implementation | Cryptographic Algorithm Implementation | Cryptographic Operation
• Description: Cryptographic algorithm implementation emits exploitable information to the side-channel

• Attack Vectors and Threats:

  • Power Side-Channel (MITRE EM3ED TID-101)

    • Secret-dependent operations lead to secret extraction through measuring power consumption

    • Key-dependent exponentiation leads to single-trace key extraction through measuring power consumption

    • Key-dependent multiplication leads to key extraction through measuring power consumption

    • Correlation between power consumption and key material in an unprotected cryptographic implementation leads to key extraction

    • Second order correlation between power consumption and key material in a first-order protected cryptographic implementation leads to key extraction

    • Nth order correlation between power consumption and key material in an (n-1)-order protected cryptographic implementation leads to key extraction

    • Misaligned traces can be aligned using alignment techniques

  • Electromagnetic Side-Channel (MITRE EM3ED TID-102)

    • Key-dependent exponentiation leads to single-trace key extraction through measuring electromagnetic emanations

    • Key-dependent multiplication leads to key extraction through measuring electromagnetic emanations

    • Correlation between electromagnetic emanations and key material in an unprotected cryptographic implementation leads to key extraction

    • Second order correlation between electromagnetic emanations and key material in a first-order protected cryptographic implementation leads to key extraction

    • Nth order correlation between electromagnetic emanations and key material in an (n-1)-order protected cryptographic implementation leads to key extraction

    • Function mapping from EM

  • FA (MITRE EM3ED TID-105)

    • Differential fault analysis

    • Voltage Glitching causes fault leading to key extraction using differential fault analysis

    • Clock glitching causes fault leading to key extraction using differential fault analysis

    • Laser fault injection causes fault leading to key extraction using differential fault analysis

    • Electromagnetic fault injection causes fault leading to key extraction using differential fault analysis

  • SEM (MITRE EM3ED TID-102)

    • Function mapping from photo-emission

Controller Implementation

• Keys: Controller Implementation | Controller Implementation | CPU Implementation | CPU | MCU | Microprocessor | SoC
• Description: Controller/CPU Implementation missbehaviour can disclose sensitive data

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Voltage glitching leads to instruction skip

    • Clock glitching leads to instruction skip

    • Laser fault injection leads to instruction skip

    • Electromagnetic fault injection leads to instruction skip

    • Differential fault analysis

    • Enabling debug interface via fault injection

    • Bus transaction injection

  • FIB (MITRE EM3ED TID-105)

    • FIB modification

    • FIB modification

Countermeasure Implementation

• Keys: Countermeasure Implementation | Counter-measure Implementation
• Description: Disabling countermeasure leads to making the device vulnerable again

• Attack Vectors and Threats:

  • FIB (MITRE EM3ED TID-105)

    • Shield Bypass

MMU

• Keys: MMU | Memory Management | Memory Management Unit
• Description: Memory management unit

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • LCE Instruction flow modification (through micro-probing)

RSA

• Keys: RSA | Rivest–Shamir–Adleman
• Description: Rivest–Shamir–Adleman (RSA) algorithm

• Attack Vectors and Threats:

  • Power Side-Channel (MITRE EM3ED TID-101)

    • Key-dependent exponentiation leads to single-trace key extraction through measuring power consumption

  • Electromagnetic Side-Channel (MITRE EM3ED TID-102)

    • Key-dependent exponentiation leads to single-trace key extraction through measuring electromagnetic emanations

RSA Exponentiation

• Keys: RSA Exponentiation | RSA Exponentiation
• Description: Key-dependent exponentiation leads to single-trace key extraction through measuring power consumption

• Attack Vectors and Threats:

  • Power Side-Channel (MITRE EM3ED TID-101)

    • Key-dependent exponentiation leads to single-trace key extraction through measuring power consumption

  • Electromagnetic Side-Channel (MITRE EM3ED TID-102)

    • Key-dependent exponentiation leads to single-trace key extraction through measuring electromagnetic emanations

ECC

• Keys: ECC | Elliptic-Curve Cryptography
• Description: Elliptic-curve cryptography (ECC)

• Attack Vectors and Threats:

  • Power Side-Channel (MITRE EM3ED TID-101)

    • Key-dependent multiplication leads to key extraction through measuring power consumption

  • Electromagnetic Side-Channel (MITRE EM3ED TID-102)

    • Key-dependent multiplication leads to key extraction through measuring electromagnetic emanations

ECC Multiplication

• Keys: ECC Multiplication | ECC Multiplication
• Description: Key-dependent multiplication leads to key extraction through measuring power consumption

• Attack Vectors and Threats:

  • Power Side-Channel (MITRE EM3ED TID-101)

    • Key-dependent multiplication leads to key extraction through measuring power consumption

  • Electromagnetic Side-Channel (MITRE EM3ED TID-102)

    • Key-dependent multiplication leads to key extraction through measuring electromagnetic emanations

Speculation

• Keys: Speculation | Speculative HW
• Description: Optimizations leading to speculative execution in the hardware

• Attack Vectors and Threats:

  • Speculative Execution (MITRE EM3ED TID-103)

    • The CPU can execute instructions transiently (being reverted before their results are committed to the architectural state), sometimes operating on secret operands they were not supposed to access. Traces of these executions can leak the secret values.

    • Transient execution that results from mispredicted conditional branches can cause persistent changes in the microarchitecture, which can be used to intentionally leak secrets from a victim process using a covert channel

    • Transient execution that results from mispredicted indirect branches can cause persistent changes in the microarchitecture, which can be used to intentionally leak secrets from a victim process using a covert channel

    • Transient execution that results from mispredicted return instructions can cause persistent changes in the microarchitecture, which can be used to intentionally leak secrets from a victim process using a covert channel

    • Transient execution that results from mispredicted store-to-load dependencies can cause persistent changes in the microarchitecture, which can be used to intentionally leak secrets from a victim process using a covert channel

  • Power Consumption Analysis Side Channel (MITRE EM3ED TID-101)

  • Electromagnetic Analysis Side Channel (MITRE EM3ED TID-102)

  • Microarchitectural Side Channels (MITRE EM3ED TID-103)

  • Hardware Fault Injection – Control Flow Modification (MITRE EM3ED TID-105)

Device includes a hardware access port (e.g., UART, JTAG) (MITRE EM3ED PID-15)

Debug Interface

• Keys: Debug Interface
• Description: Debug Interface provides acces to internal units

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Enabling debug interface via fault injection

  • FIB (MITRE EM3ED TID-105)

    • JTAG reactivation

  • Privileged Access Port (MITRE EM3ED TID-116)

    • Use test pads to gain privileges

  • Firmware/Data Extraction via Hardware Interface (MITRE EM3ED TID-115)

  • Latent Privileged Access Port (MITRE EM3ED TID-116)

  • Latent Hardware Debug Port Allows Memory/Code Manipulation (MITRE EM3ED TID-119)

ADF-Only Surfaces (No MITRE EM3ED PID)

FW

• Keys: FW | Firmware
• Description: Firmware missbehaviour

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Enabling debug interface via fault injection

Charge Pump

• Keys: Charge Pump
• Description: Charge Pump is a circuit that generates high voltages for memory operations, and can be a target for physical attacks (e.g., via FIB) to prevent or force data erasure.

• Attack Vectors and Threats:

  • FIB (MITRE EM3ED TID-105)

    • Prevent Flash Operation

Device includes peripheral chips and integrated data buses (MITRE EM3ED PID-13)

Bus Interface

• Keys: Bus Interface
• Description: Bus interface

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Bus transaction injection

  • Unverified Peripheral Firmware Loaded (MITRE EM3ED TID-113)

  • Peripheral Data Bus Interception (MITRE EM3ED TID-114)

Device includes Memory/Storage (external to CPU) (MITRE EM3ED PID-12)

Memory

• Keys: Memory | Non-Volatile Memory
• Description: Device includes memory/storage external to CPU

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • LCE Instruction flow modification (through micro-probing)

  • FIB (MITRE EM3ED TID-105)

    • Prevent Flash Operation

    • Fuse modification

  • ROM Extraction (MITRE EM3ED TID-108)

    • ROM analytical dump with scrambled data (Retrieving ROM content from pictures)

    • Fuse reading after their copy to a dedicated RAM

    • Fuse optical readout

    • UV erase of Protection bits

  • SEM (MITRE EM3ED TID-102)

    • ROM optical dump (Retrieving ROM content from pictures)

Private Key

• Keys: Private Key | private key
• Description: Device contains memory, where sensitive data are stored

• Attack Vectors and Threats:

  • Power Side-Channel (MITRE EM3ED TID-101)

    • Key-dependent exponentiation leads to single-trace key extraction through measuring power consumption

    • Key-dependent multiplication leads to key extraction through measuring power consumption

  • Electromagnetic Side-Channel (MITRE EM3ED TID-102)

    • Key-dependent exponentiation leads to single-trace key extraction through measuring electromagnetic emanations

    • Key-dependent multiplication leads to key extraction through measuring electromagnetic emanations

  • FIB (MITRE EM3ED TID-105)

    • Fuse modification

  • ROM Extraction (MITRE EM3ED TID-108)

    • Fuse reading after their copy to a dedicated RAM

    • Fuse optical readout

ADF-Only Surfaces (No MITRE EM3ED PID)

FW

• Keys: FW | Firmware
• Description: Firmware missbehaviour

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Enabling debug interface via fault injection

Charge Pump

• Keys: Charge Pump
• Description: Charge Pump is a circuit that generates high voltages for memory operations, and can be a target for physical attacks (e.g., via FIB) to prevent or force data erasure.

• Attack Vectors and Threats:

  • FIB (MITRE EM3ED TID-105)

    • Prevent Flash Operation