Impedance vs. Power Side-channel Vulnerabilities: A Comparative Study

TL;DR

This paper compares impedance and power side-channel vulnerabilities, demonstrating that impedance analysis can be more effective and robust in extracting cryptographic keys, highlighting its importance in security assessments.

Contribution

It provides the first comparative analysis of impedance and power side channels, showing impedance analysis's higher potential for cryptographic key extraction.

Findings

Impedance analysis outperforms power analysis in key extraction.

Impedance side channel is more robust in certain scenarios.

Power side channel sometimes fails where impedance analysis succeeds.

Abstract

Physical side channels emerge from the relation between internal computation or data with observable physical parameters of a chip. Previous works mostly focus on properties related to current consumption such as power consumption. The fundamental property behind current consumption occur from the impedance of the chip. Contemporary works have stared using chip impedance as a physical side channel in extracting sensitive information from computing systems. It leverages variations in intrinsic impedance of a chip across different logic states. However, there has been a lack of comparative studies. In this study, we conduct a comparative analysis of the impedance side channel, which has been limitedly explored, and the well-established power side channel. Through experimental evaluation, we investigate the efficacy of these side channels in extracting stored advanced encryption standard (AES) cryptographic key on a memory and analyze their performance. Our findings indicate that impedance analysis demonstrates a higher potential for cryptographic key extraction compared to power side-channel analysis (SCA). Moreover, we identify scenarios where power SCA does not yield satisfactory results, whereas impedance analysis proves to be more robust and effective. This work not only underscores the significance of impedance SCA in enhancing cryptographic security but also emphasizes the necessity for a deeper understanding of its mechanisms and implications.