Side Channel Attacks on IoT Applications

  • Yan Yan

Student thesis: Doctoral ThesisDoctor of Philosophy (PhD)


The Internet of Things (IoT) has become a reality: small connected devices feature in everyday objects including childrens’ toys, TVs, fridges, heating control units, etc. Supply chains feature sensors throughout, and significant investments go into researching next-generation healthcare, where sensors monitor wellbeing. A future in which sensors and other (small) devices interact to create sophisticated applications seems just around the corner. All of these applications have a fundamental need for security and privacy and thus cryptography is deployed as part of an attempt to secure them.

This thesis explores a particular type of security threat against IoT devices, namely side channel attacks (SCA), that has been proven only more powerful over the years. In brief, a side channel attack targets the implementation of security measures and recovers secret data by exploiting execution related information. For instance, secret keys can be recovered by statistically analysing the timing or power consumption of the execution of cryptographic algorithms, or sometimes results of faulty executions; data protected in encrypted packets can be revealed by the length of packets and timing of responses.

Three vulnerabilities in IoT applications have been identified in this work including a flawed Random Number Generator (RNG) design, an effective application of Differential Power Analysis (DPA) and the practicability of Traffic Analysis (TA). These vulnerabilities commonly exist in many IoT scenarios and thus should be taken into account when designing new applications.
Date of Award19 Mar 2019
Original languageEnglish
Awarding Institution
  • The University of Bristol
SupervisorM E Oswald (Supervisor) & Theo Tryfonas (Supervisor)

Cite this