Configuration and Collection Factors for Side-Channel Disassembly
This work addresses practical implementation challenges in side-channel analysis for embedded security, but it is incremental as it focuses on optimizing known parameters for a specific microcontroller and instruction set.
The paper investigated how specific test configuration and collection parameters, like input voltage and sample rate, affect the performance of side-channel analysis for instruction disassembly on a microcontroller, finding that optimal settings (e.g., 7V input voltage with 1 kiloohm shunt and 250-500 MSa/s sample rate) significantly impact classification accuracy, with data collection above the Nyquist rate being necessary.
Myriad uses, methodologies, and channels have been explored for side-channel analysis. However, specific implementation considerations are often unpublished. This paper explores select test configuration and collection parameters, such as input voltage, shunt resistance, sample rate, and microcontroller clock frequency, along with their impact on side-channel analysis performance. The analysis use case considered is instruction disassembly and classification using the microcontroller power side-channel. An ATmega328P microcontroller and a subset of the AVR instruction set are used in the experiments as the Device Under Test (DUT). A time-series convolutional neural network (CNN) is used to evaluate classification performance at clock-cycle fidelity. We conclude that configuration and collection parameters have a meaningful impact on performance, especially where the instruction-trace's signal to noise ratio (SNR) is impacted. Additionally, data collection and analysis well above the Nyquist rate is required for side-channel disassembly. We also found that 7V input voltage with 1 kiloohm shunt and a sample rate of 250-500 MSa/s provided optimal performance in our application, with diminishing returns or in some cases degradation at higher levels.