Simple Electromagnetic Analysis

Description

Simple Electromagnetic Analysis (SEMA) is a cryptographic side-channel attack technique studied within 3GPP's security working group (SA3). Unlike fault attacks or invasive probing, SEMA is a passive attack where the adversary monitors the electromagnetic emanations leaking from a chip (e.g., a Universal Integrated Circuit Card (UICC) hosting a USIM) while it performs cryptographic operations like authentication (using the Milenage algorithm) or key generation. These emanations are caused by variations in current flow and switching activity within the semiconductor as it processes data. Crucially, the power consumption and EM signature of a transistor gate depend on the data bit (0 or 1) being processed. By placing a sensitive EM probe near the target device (e.g., a mobile phone or smart card reader), an attacker can capture a trace of the EM field over time.

The attack proceeds by acquiring many EM traces while the device processes known or chosen inputs. The attacker then performs statistical analysis, such as Differential Electromagnetic Analysis (DEMA), to correlate specific features in the EM trace (e.g., peaks, patterns) with intermediate values computed during the cryptographic algorithm. For instance, the attacker might hypothesize a portion of the secret key, compute the expected output of a Substitution box (S-box) operation in AES, and check for a correlation between this hypothetical value and the actual measured EM amplitude at a precise time sample. A strong correlation reveals the correctness of the key guess. Through iterative analysis of different parts of the algorithm, the full secret key can be extracted.

3GPP's involvement, documented in specifications like TS 35.934, focuses on evaluating the susceptibility of USIM/UICC platforms to such attacks and standardizing testing methodologies and countermeasures. The analysis considers the entire signal chain: the EM probe characteristics, the amplification and digitization of the signal, and the digital signal processing techniques used to extract the key. Countermeasures developed in response to SEMA threats include hardware-level techniques such as adding internal noise generators, implementing constant execution path algorithms, using power and EM shielding, and incorporating random delays in processing. Software countermeasures involve masking sensitive data with random values during computations to break the correlation between the emanations and the secret key.

Purpose & Motivation

SEMA and related side-channel attacks emerged as a significant threat with the proliferation of embedded cryptographic devices, such as smart cards and USIMs, which are physically accessible to an attacker (e.g., in a stolen phone). Traditional cryptographic security models assumed a 'black box' where the attacker only saw inputs and outputs, but side-channel attacks exploit physical implementation leaks. The purpose of studying SEMA within 3GPP is to proactively address these vulnerabilities in the mobile ecosystem before they can be exploited maliciously.

The creation of this body of work was motivated by the need to protect the long-term secrets stored on the USIM, notably the subscriber authentication key (K), which is the root of security for cellular network access. If K is extracted via SEMA, an attacker could clone a subscriber's identity or impersonate the network. Previous security evaluations often overlooked these physical attack vectors. By standardizing the analysis and resistance requirements, 3GPP aims to raise the bar for hardware security, ensuring that USIMs and other secure elements deployed in 3G, 4G, and 5G networks are resilient not just to logical attacks, but also to physical side-channel attacks. This protects both subscriber privacy and network integrity against sophisticated adversaries.