With the Transceiver you easily identify valuable signals hidden in noise. Now you can have a reliable pattern for triggering in the noisiest scenarios, boast the quality of your SCA measurements, or detect the presence of specific countermeasures (e.g. dummy rounds). With the software-defined-radio technology in the Transceiver, you can also apply it to measuring side channels of targets from a distance.
There are several reasons why you want to receive a more distinct signal with less noise:
- With a more distinct signal you can create an accurate and stable trigger for fault injection or starting a measurement.
- Less noisy traces decrease the number of traces needed for analysis.
- A well-filtered signal reveals more information on the program execution, including information on countermeasures implemented.
EM and RF setups are particularly sensitive to noise due to the the relatively large distance to the chip which allows for more signals to enter the measurement. The Transceiver reduces noise from concurrent processes or other components neighboring the target, allowing for a smoother and faster testing process. The real-time narrow band frequency filtering in the Transceiver makes it possible to improve the signal-to-noise ratio in any setup.
Find the signal that you are looking for
Low latency for accurate triggering for SCA and FI
Works on all modern chips because of large frequency range
Wide bandwidth captures any signal
Stable and clean patterns from the integrated demodulator
User interface via Software Defined Radio (SDR) open source
Open programming platform that allows for further customization
Benefits over software filtering
For side channel analysis, the Transceiver brings two advantages compared to digital filtering in software such as the post-processing step in a DPA software package:
- Filtering weak signals before digitization reduces the quantification noise when processed by the oscilloscope. Filtering noise reduces the oscilloscope’s required input range, resulting in less quantification errors.
- Total calculation time is shortened by using the transceiver before the digitization. Any analog signal processing step avoids calculation-intensive computations in software saving on analysis time. This applies particularly when dealing with large trace sets.
Transceiver benefits for triggering
A trigger device like the Riscure icWaves detects patterns in a signal in order to real-time trigger a measurement or a fault. By removing noise the Transceiver cleans the signal for pattern comparison. This makes detection of signals easier and triggering becomes possible even with noisy targets.
What happens inside the Transceiver? A signal going into the Transceiver goes through two steps, in real time:
- Band pass filter. Processes on chip are usually synchronous to a clock signal and therefore periodic. An example process is an asymmetric cryptographic operation. The signals emitted by the chip when running a process have a tendency to be limited to a certain frequency range or frequency ranges. To capture these frequency-constrained signals a band pass filter is applied. This improves the signal-to-noise ratio by concentrating on the frequency range of interest.
- AM demodulation.The built-in AM demodulation represents the power or amplitude of a signal within a certain frequency range. The frequency range of the AM demodulated is much lower compared to the signal coming out of the band-pass filter. This allows the signal to be captured and processed by an oscilloscope at a lower sample frequency and with less samples without losing information.
- Input signal level: Max -15 dBm into 50 Ohms
- Input signal frequency range: 10 MHz to 6 GHz
- Band pass center frequency: 10 MHz to 6 GHz
- Band pass width: 390 kHz to 160 MHz
- Sample frequency ADC/DAC: 200 Ms/s
- Output signal level: Up to 15 dBm into 50 Ohms
- Output signal frequency range: 0 – 30 MHz
- Hardware platform: Ettus USRP X310 with UBX-160, LFTX and LFRX daughterboards