SoC it to EM: electromagnetic side-channel attacks on a complex - - PowerPoint PPT Presentation

SoC it to EM: electromagnetic side-channel attacks on a complex system-on-chip

Jake Longo1 Elke De Mulder2 Dan Page1 Mike Tunstall2

1University Of Bristol,

Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB. UK.

2Rambus Cryptography Research Division,

425 Market Street, 11th Floor, San Francisco, CA 94105, United States.

16/09/15

jake.longo@bris.ac.uk SoC it to EM Slide 1 of 23

Presentation Layout

◮ Motivation? ◮ Methodology outline and execution ◮ Summary of attack results ◮ Further comments ◮ Future work

jake.longo@bris.ac.uk SoC it to EM Slide 2 of 23

Motivation?

Address some misconceptions of side-channel attacks on complex devices.

◮ High-clock rate targets → high sample rate equipment. ◮ Complex embedded systems → difficult DPA. ◮ High degree of parallelism → low SNR ∼ intrinsic side-channel resistance.

jake.longo@bris.ac.uk SoC it to EM Slide 3 of 23

Analysis Plan

◮ Target selection and identification ◮ Signal exploration ◮ Batch signal pre-processing ◮ Leakage detection ◮ Signal post-processing ◮ Textbook DPA

jake.longo@bris.ac.uk SoC it to EM Slide 4 of 23

Target Platform

BeagleBone Black Attack Environment

Hardware:

◮ ARM Cortex-A8 1 GHz CPU (High clock rate) ◮ ARM NEON SIMD (High degree of parallelism) ◮ TI proprietary cryptographic hardware (RNG, SHA-1, AES)

Software:

◮ Debian Wheezy (3.15) (Full unmodified Linux distribution) ◮ OpenSSL 1.0.1j (Bulk encryption)

jake.longo@bris.ac.uk SoC it to EM Slide 5 of 23

Target Selection and Identification

Integer core NEON core L1 I-cache L1 D-cache L2 cache OCP bridge 176 kB ROM 64 kB RAM OCP-based L3/L4 NoC interconnect PowerVR GPU Cryptographic co-processor 64 kB RAM Display controller Network controller UART SPI I2C USB . . . DMA RTC WDT JTAG . . . DDR-based memory interface jake.longo@bris.ac.uk SoC it to EM Slide 6 of 23

Target Selection and Identification

Integer core NEON core L1 I-cache L1 D-cache L2 cache OCP bridge 176 kB ROM 64 kB RAM OCP-based L3/L4 NoC interconnect PowerVR GPU Cryptographic co-processor 64 kB RAM Display controller Network controller UART SPI I2C USB . . . DMA RTC WDT JTAG . . . DDR-based memory interface

◮ OpenSSL software AES-128-CBC

jake.longo@bris.ac.uk SoC it to EM Slide 6 of 23

Target Selection and Identification

Integer core NEON core L1 I-cache L1 D-cache L2 cache OCP bridge 176 kB ROM 64 kB RAM OCP-based L3/L4 NoC interconnect PowerVR GPU Cryptographic co-processor 64 kB RAM Display controller Network controller UART SPI I2C USB . . . DMA RTC WDT JTAG . . . DDR-based memory interface

◮ OpenSSL software AES-128-CBC ◮ OpenSSL NEON Bitsliced AES-128-CBC

jake.longo@bris.ac.uk SoC it to EM Slide 6 of 23

Target Selection and Identification

Integer core NEON core L1 I-cache L1 D-cache L2 cache OCP bridge 176 kB ROM 64 kB RAM OCP-based L3/L4 NoC interconnect PowerVR GPU Cryptographic co-processor 64 kB RAM Display controller Network controller UART SPI I2C USB . . . DMA RTC WDT JTAG . . . DDR-based memory interface

◮ OpenSSL software AES-128-CBC ◮ OpenSSL NEON Bitsliced AES-128-CBC ◮ OpenSSL hardware accelerated AES-128-CBC

jake.longo@bris.ac.uk SoC it to EM Slide 6 of 23

NEON? “NEON technology is a 128-bit SIMD (Single Instruction, Multiple Data) architecture extension for the ARM Cortex™-A series processors.”

◮ Clear use-cases for wide datapath bit-slicing. ◮ Gradually being adopted to accelerate crypto imlementations.

[BS12]

D.J. Bernstein and P. Schwabe. “NEON Crypto”. In: CHES. LNCS 7428, 2012, pp. 320–339.

[Câm+13]

D.F. Câmara et al. “Fast Software Polynomial Multiplication on ARM Processors Using the NEON Engine”. In: CD-ARES. 2013, pp. 137–154.

[Hol+13]

• S. Holzer-Graf et al. “Efficient Vector Implementations of AES-Based

Designs: A Case Study and New Implemenations for Grøstl”. In: CT-RSA. 2013, pp. 145–161.

[Seo+14]

• H. Seo et al. “Montgomery Modular Multiplication on ARM-NEON

Revisited”. In: ICISC. 2014, pp. 328–342.

[Wan+15]

• J. Wang et al. “Higher-Order Masking in Practice: A Vector Implementation
• f Masked AES for ARM NEON”. In: CT-RSA. 2015, pp. 181–198.

jake.longo@bris.ac.uk SoC it to EM Slide 7 of 23

Cryptographic Co-processor?

AES

DMA Engine

something in a key some mode settings something out IRQ_0 IRQ_1 THE DOCUMENTATION HAS NOTHING ABOUT IT IT SORT OF LOOKS SOMETHING LIKE THIS... ...PROBABLY

jake.longo@bris.ac.uk SoC it to EM Slide 8 of 23

Signal Exploration (1)

Test loop

1 while true do 2

sleep(0.08);

3

• penssl aes-128-cbc -in pt.bin -out ct.bin;

4

sleep(0.025);

5

matrixMultiply -in pt.bin;

6 end

Spectrogram

10 20 30 40 50 60 70 80 Time (ms) 200 400 600 800 1000 1200 Frequency (MHz) −70 −65 −60 −55 −50 −45 −40 −35 −30 Power (db)

jake.longo@bris.ac.uk SoC it to EM Slide 9 of 23

Signal Exploration (1)

Test loop

1 while true do 2

sleep(0.08);

3

• penssl aes-128-cbc -in pt.bin -out ct.bin;

4

sleep(0.025);

5

matrixMultiply -in pt.bin;

6 end

Spectrogram

10 20 30 40 50 60 70 80 Time (ms) 200 400 600 800 1000 1200 Frequency (MHz) −70 −65 −60 −55 −50 −45 −40 −35 −30 Power (db)

jake.longo@bris.ac.uk SoC it to EM Slide 9 of 23

Signal Exploration (1)

Test loop

1 while true do 2

sleep(0.08);

3

• penssl aes-128-cbc -in pt.bin -out ct.bin;

4

sleep(0.025);

5

matrixMultiply -in pt.bin;

6 end

Spectrogram

10 20 30 40 50 60 70 80 Time (ms) 200 400 600 800 1000 1200 Frequency (MHz) −70 −65 −60 −55 −50 −45 −40 −35 −30 Power (db)

jake.longo@bris.ac.uk SoC it to EM Slide 9 of 23

Signal Exploration (1)

Test loop

1 while true do 2

sleep(0.08);

3

• penssl aes-128-cbc -in pt.bin -out ct.bin;

4

sleep(0.025);

5

matrixMultiply -in pt.bin;

6 end

Spectrogram

10 20 30 40 50 60 70 80 Time (ms) 200 400 600 800 1000 1200 Frequency (MHz) −70 −65 −60 −55 −50 −45 −40 −35 −30 Power (db)

jake.longo@bris.ac.uk SoC it to EM Slide 9 of 23

Signal Exploration (1)

Test loop

1 while true do 2

sleep(0.08);

3

• penssl aes-128-cbc -in pt.bin -out ct.bin;

4

sleep(0.025);

5

matrixMultiply -in pt.bin;

6 end

Spectrogram

10 20 30 40 50 60 70 80 Time (ms) 200 400 600 800 1000 1200 Frequency (MHz) −70 −65 −60 −55 −50 −45 −40 −35 −30 Power (db)

jake.longo@bris.ac.uk SoC it to EM Slide 9 of 23

Signal Pre-processing (1)

OpenSSL S/W Trace

2000 4000 6000 8000 10000 12000 Sample Index Amplitude

OpenSSL Frequency Response

Time (ms) 200 400 600 800 1000 1200 Frequency (MHz) −70 −65 −60 −55 −50 −45 −40 −35 −30 Power (db)

jake.longo@bris.ac.uk SoC it to EM Slide 10 of 23

Signal Pre-processing (1)

OpenSSL S/W Trace

2000 4000 6000 8000 10000 12000 Sample Index Amplitude

OpenSSL S/W Trace – Filtered

2000 4000 6000 8000 10000 12000 Sample Index Amplitude

OpenSSL Frequency Response

Time (ms) 200 400 600 800 1000 1200 Frequency (MHz) −70 −65 −60 −55 −50 −45 −40 −35 −30 Power (db)

jake.longo@bris.ac.uk SoC it to EM Slide 10 of 23

Signal Pre-processing (1)

OpenSSL S/W Trace

2000 4000 6000 8000 10000 12000 Sample Index Amplitude

OpenSSL S/W Trace – Filtered

2000 4000 6000 8000 10000 12000 Sample Index Amplitude

OpenSSL Frequency Response

Time (ms) 200 400 600 800 1000 1200 Frequency (MHz) −70 −65 −60 −55 −50 −45 −40 −35 −30 Power (db)

jake.longo@bris.ac.uk SoC it to EM Slide 10 of 23

Signal Pre-processing (1)

OpenSSL S/W Trace

2000 4000 6000 8000 10000 12000 Sample Index Amplitude

OpenSSL S/W Trace – Filtered

2000 4000 6000 8000 10000 12000 Sample Index Amplitude

OpenSSL S/W Trace – Filtered & De-modulated

2000 4000 6000 8000 10000 12000 Sample Index Amplitude

OpenSSL Frequency Response

Time (ms) 200 400 600 800 1000 1200 Frequency (MHz) −70 −65 −60 −55 −50 −45 −40 −35 −30 Power (db)

jake.longo@bris.ac.uk SoC it to EM Slide 10 of 23

Signal Pre-processing (2)

OpenSSL NEON Trace

10000 20000 30000 40000 50000 Sample Index Amplitude

OpenSSL NEON Trace – Filtered

10000 20000 30000 40000 50000 Sample Index Amplitude

OpenSSL NEON Trace – Filtered & De-modulated

10000 20000 30000 40000 50000 Sample Index Amplitude

jake.longo@bris.ac.uk SoC it to EM Slide 11 of 23

Signal Pre-processing (3)

OpenSSL H/W Trace

20000 30000 40000 50000 60000 70000 Sample Index Amplitude

◮ Number of peaks match number of encryptions!

YAY!

jake.longo@bris.ac.uk SoC it to EM Slide 12 of 23

Signal Pre-processing (3)

OpenSSL H/W Trace

20000 30000 40000 50000 60000 70000 Sample Index Amplitude

◮ Number of peaks match number of encryptions! ◮ Peaks track by Hamming weight of plaintext...

HMMMM... jake.longo@bris.ac.uk SoC it to EM Slide 12 of 23

Signal Pre-processing (3)

OpenSSL H/W Trace

20000 30000 40000 50000 60000 70000 Sample Index Amplitude

◮ Number of peaks match number of encryptions! ◮ Peaks track by Hamming weight of plaintext... ◮ Peaks are DMA strobes

DAMN!

jake.longo@bris.ac.uk SoC it to EM Slide 12 of 23

Signal Pre-processing (3)

OpenSSL H/W Trace

20000 30000 40000 50000 60000 70000 Sample Index Amplitude

◮ Number of peaks match number of encryptions! ◮ Peaks track by Hamming weight of plaintext... ◮ Peaks are DMA strobes

DAMN!

jake.longo@bris.ac.uk SoC it to EM Slide 12 of 23

Leakage detection (1)

Fixed-versus-Random Test

1

PRG mf DUT

1

b λ

Fixed-versus-Random Test

1 mf $

← − {0, 1}128

2 for i ← 0 to n do 3

b

$

← − {0, 1}

4

if b = 0 then

5

mr

$

← − {0, 1}128

6

Λ0 ← Λ0 ∪ {λ(AES-128-CBCk(mr))}

7

else

8

Λ1 ← Λ1 ∪ {λ(AES-128-CBCk(mf ))}

9

end

10 end

Welch’s t-test

t =

¯ Λ0− ¯ Λ1

• σ2

|Λ0| + σ2 1 |Λ1|

jake.longo@bris.ac.uk SoC it to EM Slide 13 of 23

Leakage detection (2)

OpenSSL S/W Average

Sample Index Amplitude

OpenSSL NEON Average

Sample Index Amplitude

FvR OpenSSL S/W t-test

Sample Index −100 −50 50 100 t-statistic

FvR OpenSSL NEON t-test

Sample Index −100 −50 50 100 t-statistic

jake.longo@bris.ac.uk SoC it to EM Slide 14 of 23

Leakage detection (3)

OpenSSL H/W Average

Sample Index −300 −200 −100 100 200 Amplitude

FvR OpenSSL H/W t-test

Sample Index −6 −4 −2 2 4 6 t-statistic

jake.longo@bris.ac.uk SoC it to EM Slide 15 of 23

Leakage detection (4)

Semi Fixed-versus-Random

1

PRG msf DUT

1

b λ

Semi Fixed-versus-Random Example Vectors

round[00].input:A6FE44D9FF7596F884BEDBAAFDBD3ABE round[00].k_sch:382CDECF122333C71B124386107CE34F round[00].start:9ED29A16ED56A53F9FAC982CEDC1D9F1 round[01].s_box:0BB5B84755B10675DB914671557835A1 round[01].s_row:0BB146A155913547DB78B87555B50671 round[01].m_col:3919CEB3707467D5E88D575C195F7FAE . . . round[09].k_sch:EDF9BA88533EBAB600001D3E003C1D00 round[10].start:0D848A8D000000000000000000000000 round[10].s_box:D75F7E5D636363636363636363636363 round[10].s_row:D76363636363635D63637E63635F6363 round[10].k_sch:305DD9EB6363635D63637E63635F6363 round[10].s_out:E73EBA88000000000000000000000000

jake.longo@bris.ac.uk SoC it to EM Slide 16 of 23

Leakage detection (4)

Semi Fixed-versus-Random

1

PRG msf DUT

1

b λ

Semi Fixed-versus-Random Example Vectors

round[00].input:DBF0AE75B2BB6B56E89ECAC78188CF86 round[00].k_sch:C5D06552504A626F9F1B62E0B458A219 round[00].start:1E20CB27E2F109397785A82735D06D9F round[01].s_box:72B71FCC98A10112F597C2CC96703CDB round[01].s_row:72A1C2DB98973CCCF5701F1296B701CC round[01].m_col:05AD3A587925389B6C268D4F382C6C94 . . . round[09].k_sch:CD2CF959BC89F9320000C76B00A6C700 round[10].start:CD071DBF000000000000000000000000 round[10].s_box:BDC5A408636363636363636363636363 round[10].s_row:BD636363636363086363A46363C56363 round[10].k_sch:DFEA9A3A636363086363A46363C56363 round[10].s_out:6289F959000000000000000000000000

jake.longo@bris.ac.uk SoC it to EM Slide 16 of 23

Leakage detection (4)

Semi Fixed-versus-Random

1

PRG msf DUT

1

b λ

Semi Fixed-versus-Random Example Vectors

round[00].input:0B02F73CE36B4B962062B70737727265 round[00].k_sch:365FD0AE866D066A327CC70ED1BE4AD4 round[00].start:3D5D279265064DFC121E7009E6CC38B1 round[01].s_box:274CCC4F4D6FE3B0C97251018E4B07C8 round[01].s_row:276F51C84D72074FC94BCCB08E4CE301 round[01].m_col:66C2A9DC44EFE03C28A0CABC31291C24 . . . round[09].k_sch:4B028D14D2898D0E0000C81A0027C800 round[10].start:74860EAF000000000000000000000000 round[10].s_box:9244AB79636363636363636363636363 round[10].s_row:92636363636363796363AB6363446363 round[10].k_sch:B1EAEE77636363796363AB6363446363 round[10].s_out:23898D14000000000000000000000000

jake.longo@bris.ac.uk SoC it to EM Slide 16 of 23

Leakage detection (4)

Semi Fixed-versus-Random

1

PRG msf DUT

1

b λ

OpenSSL H/W Average

Sample Index −300 −200 −100 100 200 Amplitude

SFvR OpenSSL H/W t-test

Sample Index −150 −100 −50 50 100 150 200 250 300 t-statistic

jake.longo@bris.ac.uk SoC it to EM Slide 16 of 23

Signal Post-processing (1)

OpenSSL S/W Bulk Encryption

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Interrupted

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Difference Trace

1000 2000 3000 4000 5000 Sample Index Amplitude

jake.longo@bris.ac.uk SoC it to EM Slide 17 of 23

Signal Post-processing (1)

OpenSSL S/W Bulk Encryption

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Interrupted

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Difference Trace

1000 2000 3000 4000 5000 Sample Index Amplitude

jake.longo@bris.ac.uk SoC it to EM Slide 17 of 23

Signal Post-processing (1)

OpenSSL S/W Bulk Encryption

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Interrupted

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Difference Trace

1000 2000 3000 4000 5000 Sample Index Amplitude

jake.longo@bris.ac.uk SoC it to EM Slide 17 of 23

Signal Post-processing (1)

OpenSSL S/W Bulk Encryption

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Interrupted

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Difference Trace

1000 2000 3000 4000 5000 Sample Index Amplitude

jake.longo@bris.ac.uk SoC it to EM Slide 17 of 23

Signal Post-processing (1)

OpenSSL S/W Bulk Encryption

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Interrupted

1000 2000 3000 4000 5000 Amplitude

OpenSSL S/W Bulk Encryption Difference Trace

1000 2000 3000 4000 5000 Sample Index Amplitude

jake.longo@bris.ac.uk SoC it to EM Slide 17 of 23

Signal Post-processing (3)

Sample Index −300 −200 −100 100 200 Amplitude

Fourier Transform computation

X(f) = ∞

−∞ x(t)e−j2πftdt

Continuous Wavelet Transform computation

CWT(d, s) =

1 √ d

• f(t)ψ
• t−s

d

• dt

jake.longo@bris.ac.uk SoC it to EM Slide 18 of 23

Signal Post-processing (3)

Continuous Wavelet Transform computation

CWT(d, s) =

1 √ d

• f(t)ψ
• t−s

d

• dt

Sample Index −300 −200 −100 100 200 Amplitude

h g ↓ ↓ A[1] D[1] h g ↓ ↓ A[n] D[n]

jake.longo@bris.ac.uk SoC it to EM Slide 18 of 23

Signal Post-processing (3)

Continuous Wavelet Transform computation

CWT(d, s) =

1 √ d

• f(t)ψ
• t−s

d

• dt

Sample Index −300 −200 −100 100 200 Amplitude

h g ↓ ↓ A[1] D[1]

Sample Index −500 −400 −300 −200 −100 100 200 300 Amplitude Sample Index −300 −200 −100 100 200 Amplitude

jake.longo@bris.ac.uk SoC it to EM Slide 18 of 23

Signal Post-processing (3)

OpenSSL H/W Average

Sample Index −300 −200 −100 100 200 Amplitude

SFvR OpenSSL H/W t-test

Sample Index −150 −100 −50 50 100 150 200 250 300 t-statistic

OpenSSL H/W details (D[1])

Sample Index −300 −200 −100 100 200 Amplitude

SFvR OpenSSL H/W details (D[1]) t-test

Sample Index −150 −100 −50 50 100 150 200 250 300 t-statistic jake.longo@bris.ac.uk SoC it to EM Slide 19 of 23

Attack Results

Summary of Attack Results

Implementation Hardware Trigger Acquisitions Data T-tables ARM core GPIO-based 3000 46 kB T-tables ARM core Network-based 100 400 kB Hardware Co-processor DMA-based 500 000 7GB Bit-sliced NEON core GPIO-based 5000 625 kB

jake.longo@bris.ac.uk SoC it to EM Slide 20 of 23

Attack Results

Summary of Attack Results

Implementation Hardware Trigger Acquisitions Data T-tables ARM core GPIO-based 3000 46 kB T-tables ARM core Network-based 100 400 kB Hardware Co-processor DMA-based 500 000 7GB Bit-sliced NEON core GPIO-based 5000 625 kB

OpenSSL S/W Bit Correlation

Sample Index Correlation

OpenSSL S/W Bit Key Rank

200 400 600 800 1000 1200 1400 Number of Traces 50 100 150 200 250 Key Rank

jake.longo@bris.ac.uk SoC it to EM Slide 20 of 23

Attack Results

Summary of Attack Results

Implementation Hardware Trigger Acquisitions Data T-tables ARM core GPIO-based 3000 46 kB T-tables ARM core Network-based 100 400 kB Hardware Co-processor DMA-based 50 000 500 000 <1GB 7GB Bit-sliced NEON core GPIO-based 5000 625 kB

OpenSSL H/W HD Byte Correlation

Sample Index Correlation

OpenSSL H/W Byte Key Rank

10000 20000 30000 40000 50000 Number of Traces 50 100 150 200 250 Key Rank

jake.longo@bris.ac.uk SoC it to EM Slide 20 of 23

Attack Results

Summary of Attack Results

Implementation Hardware Trigger Acquisitions Data T-tables ARM core GPIO-based 3000 46 kB T-tables ARM core Network-based 100 400 kB Hardware Co-processor DMA-based 50 000 500 000 <1GB 7GB Bit-sliced NEON core GPIO-based 5000 625 kB

OpenSSL Neon HW Byte Correlation

Sample Index Correlation

OpenSSL Neon Byte Key Rank

500 1000 1500 2000 2500 3000 3500 4000 Number of Traces 50 100 150 200 250 Key Rank

jake.longo@bris.ac.uk SoC it to EM Slide 20 of 23

NEON Analysis

◮ NEON use-cases obviously extend beyond wide datapath for bit-slicing. ◮ Good: constant-time, e.g., for MAC verification /* Verify tag */ A = vceqq_u32(A, LOADU(c + 0)); return 0xFFFFFFFF == (vgetq_lane_u32(A, 0) & vgetq_lane_u32(A, 1) & vgetq_lane_u32(A, 2) & vgetq_lane_u32(A, 3)) ? 0 : -1;

x32[0] x32[1] d1 = y32[0] = x32[0] y32[1] x32[1] d2 = == == 1111 . . . 1 0000 . . . 0 d0 = vceq.u32 d0, d1, d2

jake.longo@bris.ac.uk SoC it to EM Slide 21 of 23

NEON Analysis

◮ NEON use-cases obviously extend beyond wide datapath for bit-slicing. ◮ Good: constant-time, e.g., for MAC verification /* Verify tag */ A = vceqq_u32(A, LOADU(c + 0)); return 0xFFFFFFFF == (vgetq_lane_u32(A, 0) & vgetq_lane_u32(A, 1) & vgetq_lane_u32(A, 2) & vgetq_lane_u32(A, 3)) ? 0 : -1; ◮ Bad: strong EM-based leakage; ad hoc countermeasures can be tricky.

20 40 60 80 100 120 Sample Index

jake.longo@bris.ac.uk SoC it to EM Slide 21 of 23

Conclusions Take away points:

◮ Device complexity does not necessitate a complex attack. Main core and NEON

attacks can both be carried out with a low-end oscilloscope and handmade probes.

◮ A clear attack methodology is invaluable to attack an unknown device. ◮ Using advanced hardware features (i.e. NEON SIMD) may accelerate an

implementation but also inadvertently introduce new side-channel leaks.

◮ OS-level software that targets embedded systems should (long-term) consider the

impact of side-channels attacks in deployment. Future Work:

◮ Semi-fixed versus random tests are a great tool but how do we translate this into a

leakage model?

◮ Hardware engine are increasingly common (ARMv8 architecture even has provisions

for it). How do we synchronise on a signal we can’t identify?

jake.longo@bris.ac.uk SoC it to EM Slide 22 of 23

Questions?

THANK YOU FOR THE TALK JUST ONE SMALL QUESTION... ...WHAT IS THIS DPA THINGY?

jake.longo@bris.ac.uk SoC it to EM Slide 23 of 23

Clock scaling?

300 MHz

100 200 300 400 500 Sample Index Amplitude

600 MHz

50 100 150 200 250 Sample Index Amplitude

800 MHz

50 100 150 200 Sample Index Amplitude

1000 MHz

20 40 60 80 100 120 140 160 Sample Index Amplitude jake.longo@bris.ac.uk SoC it to EM Slide 1 of 2

Clock scaling cleaned up!

300 MHz

100 200 300 400 500 Sample Index Amplitude

600 MHz

50 100 150 200 250 Sample Index Amplitude

800 MHz

50 100 150 200 Sample Index Amplitude

1000 MHz

20 40 60 80 100 120 140 160 Sample Index Amplitude jake.longo@bris.ac.uk SoC it to EM Slide 2 of 2