>
curriculum/Digital Communications
section 12 of 142 min read

12. Hardware Security Implications, Recap

Digital communications and hardware security live next to each other, and the same math that makes communications work makes side-channels work.

  • Side-channel as channel. A power-analysis attack treats a CPU's instantaneous current draw as a noisy communication channel whose secret message is the key. The attacker uses cross-correlation (Chapter 3, Chapter 12, the same operation) to extract bits.
  • DPA vs Viterbi accelerators. Decoder hardware that branches on key-dependent metrics leaks key bits in its current. Modern designs add metric balancing and traceback randomization.
  • CRC is not a MAC. WEP's misuse of CRC-32 inside RC4 broke Wi-Fi privacy in 2001. Use HMAC, AES-GMAC, Poly1305, or other keyed authentication primitives.
  • Replay attacks. A correctly-formed and CRC-valid frame replayed unchanged is by definition still valid. CRC catches transmission errors, not malice. Replay protection requires sequence numbers, nonces, or timestamps.
  • Spread spectrum and spoofing. Civil GPS codes are public knowledge, so a spoofer with a software-defined radio can synthesize them. Encrypted military codes resist spoofing because their PN sequences are unknown to the attacker. The same spread-spectrum trick that hides the signal from jammers lets defenders authenticate signal source.
  • Fault injection vs ECC. Attackers try to glitch chips to flip multiple bits per ECC word, exceeding the code's correction capability. Stronger codes (BCH-T5, multi-bit Hamming, modern LDPC in flash) raise the bar. For ultra-high assurance, designs use lock-step redundant cores with comparator logic.
  • TEMPEST and modulation. Old printers, monitors, and even some modern HDMI cables unintentionally radiate the data they handle as faint AM/FM modulations of nearby clock harmonics. A properly tuned receiver can demodulate them at distance, recovering whatever was on screen. This is exactly the same math as AM/FM demodulation; the channel just was not meant to exist.
  • Encryption above modulation. Modulation and channel coding are designed for noise tolerance, not confidentiality. Always assume anyone can demodulate and decode your bits; rely on AES, ChaCha20, or post-quantum primitives to keep the contents private.