>
curriculum/Digital Signal Processing
section 8 of 113 min read

8. DSP and Hardware Security

DSP shows up in attacks and defenses across hardware security. A short tour.

8.1 Differential power analysis is a DSP problem

Capture power traces (a continuous-time current sampled at hundreds of MS/s). Each trace is an array xi[n]x_i[n]. The attacker has thousands of traces from random plaintexts. They:

  1. Filter and align the traces. Real-world acquisition has clock-jitter and trigger-noise; a few-sample misalignment kills correlation. Adaptive FIR filters and cross-correlation-based alignment (Section 8.2) bring traces into register.
  2. Predict an intermediate value (e.g., the Hamming weight of the AES SubBytes output) for a hypothesized key byte.
  3. Cross-correlate the prediction with the trace at each time point. If the hypothesized key is correct, there is a peak in the correlation at the time the chip processes that intermediate. Cross-correlation is essentially convolution with a time-reversed kernel: a DSP operation, fastest in the frequency domain via FFT.

So DPA, the most studied side-channel attack family, is defined in DSP terms: filter, align, correlate, FFT.

8.2 Trace alignment and adaptive filtering

Real chips have variable clock skew, random delays, and non-stationary noise. A captured trace from one acquisition is not at the same time alignment as another. Adaptive filters (LMS or RLS algorithms) are used to align traces against a reference.

LMS update rule: at each step, adjust filter coefficients in the direction that reduces alignment error. Same algorithm used in active noise cancellation in headphones and in echo cancellation in cellphones.

8.3 Spectral analysis of EM emanations

A chip's switching activity radiates EM. A near-field probe captures the radiation; an FFT reveals the spectrum. Different sub-circuits (cache, ALU, crypto core) operate at slightly different frequencies or harmonics; spectral analysis can localize them. Once localized, position the probe over the crypto core and you have a much higher SNR for side-channel attacks.

8.4 Anti-aliasing for trace acquisition

A side-channel attacker sampling at, say, 250 MS/s on a chip clocked at 100 MHz must filter out the harmonics above 125 MHz before sampling. Otherwise those harmonics alias into the band of interest and become noise. A bench-top low-pass filter ahead of the digitizer is part of every serious side-channel rig.

8.5 Defender's view: noise injection and filtering arms race

Defenders inject random clock jitter, dummy operations, and analog noise to disrupt DPA. Attackers respond with better filtering and longer averaging. The whole arms race is fundamentally a DSP signal-to-noise battle. The chapter on hardware security (Chapter 24) returns to this in depth.

8.6 Acoustic side channels

Typing on a keyboard generates acoustic emissions; each key has a different sound. An FFT plus classification reveals which key was typed. So does a refrigerator compressor's vibration signature, a hard disk's seek noise, and a 3D printer's path. All DSP problems.