TID-102: Electromagnetic Analysis Side Channel
Threat Description
Devices will oftentimes emit different electromagnetic signals during different operations. Electromagnetic analysis involves the collection and analysis of these signals.
If devices are vulnerable to electromagnetic analysis attacks, it may be possible for attackers with physical device presence to extract secrets, such as encryption keys, by analyzing the electromagnetic radiation that is emitted by the device. By analyzing these frequencies and comparing them against one another, it may be possible to derive information about device data or operations.
Threat Maturity and Evidence
Proof of Concept
Differential Electromagnetic Analysis (DEMA) on FPGA
Researchers demonstrated “that DEMA can be performed against hardware implementation of AES using an FPGA.”
CWE
CWE-1300: Improper Protection of Physical Side Channels (Base)
“The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.”