Side-channel analysis for years has had its main application in the field of smart cards. This presentation investigates the impact of side-channel analysis on embedded systems. Specifically, by examining aspects that make such attacks easier or more difficult on complex processors. The presentation is based on practical experience and explores emerging developments in this field.

The presentation briefly introduces the state of the art analysis techniques used on smart cards today. We define the types of embedded systems that these attacks may apply to and then we illustrate the differences and commonalities of side channel analysis on smart cards and embedded systems. Examples of performing power and electro-magnetic analysis on different embedded systems are given. We show the impact of multiple cores, boot protection and crypto operations in software versus hardware. An overall comparison is presented on relevant aspects we encountered between smart cards and embedded systems.

From our comparison we conclude with an overview of areas where embedded system are vulnerable to side channel analysis and areas where they present inherent obstacles. This allows us to provide a future outlook both in terms of impact of side channel analysis as where developments will take place on the offensive and defensive side.

About Job De Haas

Job de Haas holds an M.Sc. in Electrical Engineering and has a track record in the security industry of more than 15 years. He has experience evaluating the security of a wide range of embedded platforms, such as IPTV decoders, satellite receivers, mobile phones, PDAs, VoIP enabled devices and a range of modems (ADSL, Wireless). At Riscure, he is the senior specialist in charge of security testing of embedded devices for high-security environments. Amongst others, he assessed the protection of pay television systems against side channel and card sharing attacks for conditional access providers. Job has researched the security features and weaknesses of embedded technology for many years.