Yanjiao Chen,Rui Guan,Xueluan Gong,Jianshuo Dong,Meng Xue

DOI: https://doi.org/10.1109/sp46215.2023.10179406

2023-01-01

Abstract:Recent studies show that machine learning models are vulnerable to model extraction attacks, where the adversary builds a substitute model that achieves almost the same performance of a black-box victim model simply via querying the victim model. To defend against such attacks, a series of methods have been proposed to disrupt the query results before returning them to potential attackers, greatly degrading the performance of existing model extraction attacks. In this paper, we make the first attempt to develop a defensepenetrating model extraction attack framework, named D- DAE, which aims to break disruption-based defenses. The linchpins of D- DAE are the design of two modules, i.e., disruption detection and disruption recovery, which can be integrated with generic model extraction attacks. More specifically, after obtaining query results from the victim model, the disruption detection module infers the defense mechanism adopted by the defender. We design a meta-learning-based disruption detection algorithm for learning the fundamental differences between the distributions of disrupted and undisrupted query results. The algorithm features a good generalization property even if we have no access to the original training dataset of the victim model. Given the detected defense mechanism, the disruption recovery module tries to restore a clean query result from the disrupted query result with well-designed generative models. Our extensive evaluations on MNIST, FashionMNIST, CIFAR-10, GTSRB, and ImageNette datasets demonstrate that D- DAE can enhance the substitute model accuracy of the existing model extraction attacks by as much as 82.24% in the face of 4 state-of-the-art defenses and combinations of multiple defenses. We also verify the effectiveness of D-DAE in penetrating unknown defenses in real-world APIs hosted by Microsoft Azure and Face++.

Si Gao,Elisabeth Oswald,Hua Chen,Wei Xi

DOI: https://doi.org/10.1007/978-3-030-15462-2_4

2019-01-01

Abstract:As one of the most prevalent SCA countermeasures, masking schemes are designed to defeat a broad range of side channel attacks. An attack vector that is suitable for low-order masking schemes is to try and directly determine the mask(s) (for each trace) by utilising the fact that often an attacker has access to several leakage points of the respectively used mask(s). Good examples for implementations of low-order masking schemes include the table re-computation schemes as well as the masking scheme in DPAContest V4.2. We propose a novel approach based on Independent Component Analysis (ICA) to efficiently utilise the information from several leakage points to reconstruct the respective masks (for each trace) and show it is a competitive attack vector in practice.

Shourong Hou,Yujie Zhou,Hongming Liu,Nianhao Zhu

DOI: https://doi.org/10.1109/iccsn.2017.8230283

2017-01-01

Abstract:Power Analysis (PA) is a powerful method to extract leakage information from theoretically secure cryptographic devices. In general, Differential Power Analysis (DPA) correlates the processed data with power consumption of devices through statistical analysis to reveal systems' secret key. A common approach to counteract DPA is a low-entropy lightweight masking strategy. This masking scheme, known as Rotating S-Boxes Masking (RSM), has inherent flaws in masks' hamming weights for software implementation. In this paper, an improved DPA (IDPA) for the RSM countermeasure is proposed in terms of smaller computational complexity and better success rate of recovering the secret key. Using the public power traces provided by the latest DPA Contest, we come to the conclusion that the IDPA method takes as low as 20 traces to retrieve the first 128-bits secret key when analyzing the first-order leakage information. Furthermore, our approach reduces significantly the number of traces, but still gets better attack effects compared with other DPA methods.

DOI: https://doi.org/10.1007/s13389-023-00312-6

2023-03-28

Journal of Cryptographic Engineering

Abstract:Deep-learning side-channel attacks, applying deep neural networks to side-channel attacks, are known that can easily attack some existing side-channel attack countermeasures such as masking and random jitter. While there have been many studies on profiled deep-learning side-channel attacks, a new approach that involves applying deep learning to non-profiled attacks was proposed in 2018. In our study, we investigate the structure of multi-layer perceptrons and points of interest for non-profiled deep-learning side-channel attacks using the ANSSI database with a masking countermeasure. The results of investigations indicate that it is better to use a simple network model, apply regularization to prevent over-fitting, and select a wide range of power traces that contain side-channel information as the points of interest. We also implemented AES-128 software implementation protected with the Rotating Sboxes Masking countermeasure, which has never been attacked by non-profiled deep-learning side-channel attacks, on the Xmega128 microcontroller and carried out non-profiled deep-learning side-channel attacks against it. Non-profiled deep-learning side-channel attacks successfully recovered all partial keys while the conventional power analysis could not. The attack results also showed that the least significant bit is the adequate selection for successful non-profiled deep-learning side-channel attacks, but the best labeling method may vary depending on the implementation of the countermeasure algorithm. We conducted two experimental analyses to clarify that deep-learning side-channel attacks learn mask values used in the masking countermeasure. One is the gradient visualization used in previous studies, and the other is a new analysis method using partial removal of power traces.

computer science, theory & methods

Qianmei Wu,Wei Cheng,Sylvain Guilley,Fan Zhang,Wei Fu

DOI: https://doi.org/10.46586/tches.v2022.i3.192-222

2022-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Code-based masking is a highly generalized type of masking schemes, which can be instantiated into specific cases by assigning different encoders. It captivates by its side-channel resistance against higher-order attacks and the potential to withstand fault injection attacks. However, similar to other algebraically-involved masking schemes, code-based masking is also burdened with expensive computational overhead. To mitigate such cost and make it efficient, we contribute to several improvements to the original scheme proposed by Wang et al. in TCHES 2020. Specifically, we devise a computationally friendly encoder and accordingly accelerate masked gadgets to leverage efficient implementations. In addition, we highlight that the amortization technique introduced by Wang et al. does not always lead to efficient implementations as expected, but actually decreases the efficiency in some cases. From the perspective of practical security, we carry out an extensive evaluation of the concrete security of code-based masking in the real world. On one hand, we select three representative variations of code-based masking as targets for an extensive evaluation. On the other hand, we aim at security assessment of both encoding and computations to investigate whether the state-of-the-art computational framework for code-based masking reaches the security of the corresponding encoding. By leveraging both leakage assessment tool and side-channel attacks, we verify the existence of “security order amplification” in practice and validate the reliability of the leakage quantification method proposed by Cheng et al. in TCHES 2021. In addition, we also study the security decrease caused by the “cost amortization” technique and redundancy of code-based masking. We identify a security bottleneck in the gadgets computations which limits the whole masked implementation. To the best of our knowledge, this is the first time that allows us to narrow down the gap between the theoretical security order under the probing model (sometimes with simulation experiments) and the concrete side-channel security level of protected implementations by code-based masking in practice.

Miao Yuan,Guoqiang Bai

DOI: https://doi.org/10.1109/cis.2015.101

2015-01-01

Abstract:Higher Order Differential Power Analysis (HODPA) has been introduced for more than ten years. Various combining functions are applied to attack the masked AES implementation, but finding an appropriate combining function is still a big issue. We study the weakness of absolute difference method when using multi-bit variables to mount an attack. In this paper, an optimized method is proposed to improve its efficiency. Simulation results based on different combining functions show that the success rate of our method is twice as high as that of normal absolute difference and sum combining function. Our idea is also confirmed by physical traces measured on a FPGA platform.

Xiangjun Lu,Chi Zhang,Pei Cao,Dawu Gu,Haining Lu

DOI: https://doi.org/10.46586/tches.v2021.i3.235-274

2021-01-01

Abstract:With the renaissance of deep learning, the side-channel community also notices the potential of this technology, which is highly related to the profiling attacks in the side-channel context. Many papers have recently investigated the abilities of deep learning in profiling traces. Some of them also aim at the countermeasures (e.g., masking) simultaneously. Nevertheless, so far, all of these papers work with an (implicit) assumption that the number of time samples in raw traces can be reduced before the profiling, i.e., the position of points of interest (PoIs) can be manually located. This is arguably the most challenging part of a practical black-box analysis targeting an implementation protected by masking. Therefore, we argue that to fully utilize the potential of deep learning and get rid of any manual intervention, the end-to-end profiling directly mapping raw traces to target intermediate values is demanded. In this paper, we propose a neural network architecture that consists of encoders, attention mechanisms and a classifier, to conduct the end-to-end profiling. The networks built by our architecture could directly classify the traces that contain a large number of time samples (i.e., raw traces without manual feature extraction) while whose underlying implementation is protected by masking. We validate our networks on several public datasets, i.e., DPA contest v4 and ASCAD, where over 100,000 time samples are directly used in profiling. To our best knowledge, we are the first that successfully carry out end-to-end profiling attacks. The results on the datasets indicate that our networks could get rid of the tricky manual feature extraction. Moreover, our networks perform even systematically better (w.r.t. the number of traces in attacks) than those trained on the reduced traces. These validations imply our approach is not only a first but also a concrete step towards end-to-end profiling attacks in the side-channel context.

Han Gan,Hongxin Zhang,Muhammad Saad Khan,Xueli Wang,Fan Zhang,Pengfei He

DOI: https://doi.org/10.1109/cc.2017.8068768

2017-01-01

China Communications

Abstract:Correlation power analysis (CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts (RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition (EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions (IMFs), we extract a certain intrinsic mode function (IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.

Weijia Wang,Yu Yu,François-Xavier Standaert,Dawu Gu,Sen Xu,Chi Zhang

DOI: https://doi.org/10.1007/978-3-319-52153-4_20

2017-01-01

Abstract:Profiled DPA is an important and powerful type of side-channel attacks (SCAs). Thanks to its profiling phase that learns the leakage features from a controlled device, profiled DPA outperforms many other types of SCA and are widely used in the security evaluation of cryptographic devices. Typical profiling methods (such as linear regression based ones) suffer from the overfitting issue which is often neglected in previous works, i.e., the model characterizes details that are specific to the dataset used to build it (and not the distribution we want to capture). In this paper, we propose a novel profiling method based on ridge regression and investigate its generalization ability (to mitigate the overfitting issue) theoretically and by experiments. Further, based on cross-validation, we present a parameter optimization method that finds out the most suitable parameter for our ridge-based profiling. Finally, the simulation-based and practical experiments show that ridge-based profiling not only outperforms 'classical' and linear regression-based ones (especially for nonlinear leakage functions), but also is a good candidate for the robust profiling.

Xiangjun Lu,Chi Zhang,Dawu Gu

DOI: https://doi.org/10.1109/ASIANHOST53231.2021.9699481

2021-01-01

Abstract:Profiled attacks play a fundamental role in evaluating the security of cryptographic algorithm implementations in the worst case. In recent years, deep learning has been introduced as a new powerful alternative to achieve these attacks. Many works have demonstrated that deep learning could solve the desynchronization issue and break the masking countermeasures. From the early years when researchers explore the machine learning methods, there is a road map that the profiled attacks could be converted to non-profiled ones by on-the-fly strategy. In TCHES 2019, the Differential Deep Learning Analysis (DDLA) combining the deep learning and non-profiled attacks by on-the-fly strategy was proposed. The DDLA mainly uses the sensitivity analysis as the attack metric. In this paper, we propose a new metric, attention mechanism, to conduct deep learning-based non-profiled attacks. As a part of the feed-forward structure, when attention is used as the metric, it does not need additional gradient computations like the DDLA. Meanwhile, the attention probabilities also indicate where the intermediate leaks, not on the input traces but on the abstract feature vectors, which gives the attacker more insights into how the network makes the decision. Finally, we test our attention-based non-profiled attack on practical traces. The results show that it works well on desynchronized traces and masked implementations.

Yajing Chang,Yingjian Yan,Chunsheng Zhu,Yanjiang Liu

DOI: https://doi.org/10.1145/3611670

IF: 1.447

2023-08-03

ACM Transactions on Design Automation of Electronic Systems

Abstract:Post-quantum cryptography (PQC) has become the most promising cryptographic scheme against the threat of quantum computing to conventional public-key cryptographic schemes. Saber, as the finalist in the third round of the PQC standardization procedure, presents an appealing option for embedded systems due to its high encryption efficiency and accessibility. However, side-channel attack (SCA) can easily reveal confidential information by analyzing the physical manifestations, and several works demonstrate that Saber is vulnerable to SCAs. In this work, a ciphertext comparison method for masking design based on bitslicing technique and zerotest is proposed, which balances the trade-off between the performance and security of comparing two arrays. The mathematical description of the proposed ciphertext comparison method is provided, and its correctness and security metrics are analyzed under the concept of PINI. Moreover, a high-order masking approach based on the state-of-the-art, including the hash functions, centered binomial sampling, masking conversions, and proposed ciphertext comparison is presented, using the bitslicing technique to improve throughput. As a proof of concept, the proposed implementation of Saber is on the ARM Cortex-M4. The performance results show that the run-time overhead factor of 1 st -, 2 nd -, and 3 rd -order masking is 3.01x, 5.58x, and 8.68x, and the dynamic memory used for 1 st -, 2 nd -, and 3 rd -order masking is 17.4kB, 24.0kB, and 30.2kB, respectively. The SCA-resilience evaluation results illustrate that the first-order Test Vectors Leakage Assessment (TVLA) result fails to reveal the secret key with 100,000 traces.

computer science, software engineering, hardware & architecture

Chenguang Wang,Ming Yan,Yici Cai,Qiang Zhou,Jianlei Yang

DOI: https://doi.org/10.1109/iccd.2017.54

2017-01-01

Abstract:Power attack is an important side-channel attack (SCA) method based on the correlation between measured power profile and internal switching activities. Various techniques have been proposed to prevent power attack. It has been noted that the on-chip power grid (PG) has a vital effect on the effectiveness of power attack by inducing a noise in the power profile. However, there is a lack of study on this intrinsic effect of PG. In this paper, we explore the methods of exploiting the PG-induced noise to counter with power attack. We note that the PG-induced noise strongly depends on the PG impedance and it can be regulated by adjusting the PG capacitor to control the power profile to fixed values, which contributes to reducing the power leakage. Further, we propose a novel adjustment technique for PG capacitor, i.e. power profile equalizer (PPE), as a lightweight (low-overhead) countermeasure against power attack. PPE exploits the regulated noise to equalize the power profile without violating the layout and supply noise constraints. To reduce the overheads, random walk is adopted to utilize the utmost on-chip resources. Moreover, PPE is implemented by optimizing PG which is an essential IC component rather than producing new circuits. As a result, PPE incurs low overheads. Experimental results show that PPE is able to improve the measurements to disclose (MTD) by 1800x while the area and power increase respectively by 0.12% and 0.91%.

Rui Li,Xiaoxin Cui,Wei Wei,Di Wu,Kai Liao,Nan Liao,KaiSheng Ma,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/EDSSC.2013.6628153

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two effective countermeasures against DPA attack. This paper propose a novel countermeasure which associating masking with RDI, further, Multi-Masking instead of Transformed Masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented on Data Encryption Standard (DES). The results show that combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA.

Pei Cao,Chi Zhang,Xiangjun Lu,Dawu Gu,Sen Xu

DOI: https://doi.org/10.1109/tifs.2022.3216959

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In recent years, deep learning techniques have received significant attention in the side-channel community due to their state-of-the-art performance in profiled attacks against embedded devices. Compared with template attacks, deep learning-based attacks can deal with the high dimensionality of trace and misalignment without pre-processing. However, the performance of attacks is very sensitive to the network architecture, especially when considering masking countermeasures. Although previous works have shown the potential of neural networks to break the first-order masking, the inner-working of how the network combines the leakage of mask and masked value is still unclear and could be suboptimal. To reduce this gap, we propose to embed product combination, which has been proved to be the best combination function in noisy situations, into the design of neural networks. To this end, we introduce a bilinear convolutional neural network (in short, B-CNN) for efficient profiled attacks against the widely used masking countermeasure. In order to interpret the inner-working and decision-making of B-CNN, we propose a new visualization tool called layer-wise correlation that can reveal the points of interest and help to understand the combination of leakages. We evaluate our networks on several public datasets, e.g., ASCAD and CHES CTF 2018. The results indicate that B-CNN converges significantly faster than classic CNN models, even using a very limited number of profiling traces (e.g., 8000 profiling traces for the ASCAD dataset). Moreover, our networks perform even systematically better (w.r.t. the number of attack traces) than the current state-of-the-art results on all the investigated datasets.

Yanbin Li,Zhe Liu,Sylvain Guilley,Ming Tang

DOI: https://doi.org/10.1109/tifs.2021.3096130

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Low Entropy Masking Schemes (LEMS) had been proposed to mitigate the high-performance overhead results from the Full Entropy Masking Schemes (FEMS) while offering good protection against side-channel attacks. The masking schemes usually rely on Boolean masking, however, splitting sensitive variables in a multiplicative way is more amenable to non-linear functions and it had been applied to both software and hardware with a competitive alternative to state-of-the-art masked design. Compared to the comprehensive analysis done for Boolean LEMS, the specific leakage characteristics of Multiplicative LEMS have not yet been analyzed. In this paper, we introduce security models for LEMS to characterize the balance of the mask set. Based on the security model, we present an inherent weakness of Multiplicative LEMS. We prove that this defect of Multiplicative LEMS cannot be compensated by choosing a proper mask set, and the security of FEMS is guaranteed thanks to the Dirac function which is used to resist zero-value attack. Then, we exhibit the leakages in the implementation of Multiplicative LEMS. In particular, we propose a new attack against Multiplicative LEMS more efficient by utilizing the distribution of masked intermediate values. The feasibility of the attack is verified by both simulation and practical experiments.

computer science, theory & methods,engineering, electrical & electronic

Xiaoxin Cui,Rui Li,Wei Wei,Juan Gu,Xiaole Cui

DOI: https://doi.org/10.1109/ASICON.2013.6812024

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two countermeasures against DPA attack. But masking or RDI alone does not prevent DPA attack, they only enhance the difficulty of the attack. This paper proposes a novel countermeasure which associating masking with RDI. Furthermore, multi-masking instead of transformed masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented and verified on Data Encryption Standard (DES) algorithm. The results show that the combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA with only 28% performance penalty.

Weijia Wang,Yu Yu,François-Xavier Standaert,Junrong Liu,Zheng Guo,Dawu Gu,Francois-Xavier Standaert

DOI: https://doi.org/10.1109/tifs.2017.2787985

IF: 7.231

2018-05-01

IEEE Transactions on Information Forensics and Security

Abstract:Differential power analysis (DPA), as a very practical type of side-channel attacks, has been widely studied and used for the security analysis of cryptographic implementations. However, as the development of the chip industry leads to smaller technologies, the leakage of cryptographic implementations in nanoscale devices tends to be nonlinear (i.e., leakages of intermediate bits are no longer independent) and unpredictable. These phenomena make some existing side-channel attacks not perfectly suitable, i.e., decreasing their performance and making some common used prior power models (e.g., Hamming weight) to be much less respected in practice. To solve the above issues, we introduce the regularization process from statistical learning to the area of side-channel attack and propose the ridge-based DPA. We also apply the cross-validation technique to search for the most suitable value of the parameter for our new attack methods. In addition, we present theoretical analyses to deeply investigate the properties of ridge-based DPA for nonlinear leakages. We evaluate the performance of ridge-based DPA in both simulation-based and practical experiments, comparing to the state-to-the-art DPAs. The results confirm the theoretical analysis. Further, our experiments show the robustness of ridge-based DPA to cope with the difference between the leakages of profiling and exploitation power traces. Therefore, by showing a good adaptability to the leakage of the nanoscale chips, the ridge-based DPA is a good alternative to the state-to-the-art ones.

computer science, theory & methods,engineering, electrical & electronic

Yuanzhen Wang,Hongxin Zhang,Xing Fang,Xiaotong Cui,Wenxu Ning,Danzhi Wang,Fan Fan,Lei Shu

DOI: https://doi.org/10.3390/e25081133

2023-07-28

Abstract:The traces used in side-channel analysis are essential to breaking the key of encryption and the signal quality greatly affects the correct rate of key guessing. Therefore, the preprocessing of side-channel traces plays an important role in side-channel analysis. The process of side-channel leakage signal acquisition is usually affected by internal circuit noise, external environmental noise, and other factors, so the collected signal is often mixed with strong noise. In order to extract the feature information of side-channel signals from very low signal-to-noise ratio traces, a hybrid threshold denoising framework using singular value decomposition is proposed for side-channel analysis preprocessing. This framework is based on singular value decomposition and introduces low-rank matrix approximation theory to improve the rank selection methods of singular value decomposition. This paper combines the hard threshold method of truncated singular value decomposition with the soft threshold method of singular value shrinkage damping and proposes a hybrid threshold denoising framework using singular value decomposition for the data preprocessing step of side-channel analysis as a general preprocessing method for non-profiled side-channel analysis. The data used in the experimental evaluation are from the raw traces of the public database of DPA contest V2 and AES_HD. The success rate curve of non-profiled side-channel analysis further confirms the effectiveness of the proposed framework. Moreover, the signal-to-noise ratio of traces is significantly improved after preprocessing, and the correlation with the correct key is also significantly enhanced. Experimental results on DPA v2 and AES_HD show that the proposed noise reduction framework can be effectively applied to the side-channel analysis preprocessing step, and can successfully improve the signal-to-noise ratio of the traces and the attack efficiency.

Pengfei Gao,Hongyi Xie,Jun Zhang,Fu Song,Taolue Chen

DOI: https://doi.org/10.48550/arXiv.1901.09706

2019-01-28

Abstract:Power side-channel attacks, which can deduce secret data via statistical analysis, have become a serious threat. Masking is an effective countermeasure for reducing the statistical dependence between secret data and side-channel information. However, designing masking algorithms is an error-prone process. In this paper, we propose a hybrid approach combing type inference and model-counting to verify masked arithmetic programs against side-channel attacks. The type inference allows an efficient, lightweight procedure to determine most observable variables whereas model-counting accounts for completeness. In case that the program is not perfectly masked, we also provide a method to quantify the security level of the program. We implement our methods in a tool QMVerif and evaluate it on cryptographic benchmarks. The experimental results show the effectiveness and efficiency of our approach.

Cryptography and Security

Huanyu Wang

DOI: https://doi.org/10.1007/s13389-024-00347-3

2024-03-15

Journal of Cryptographic Engineering

Abstract:Recently a new type of side channels was discovered, called amplitude-modulated electromagnetic (EM) emanations from mixed-signal circuits. Unlike power analysis or near field EM analysis, attacks based on amplitude-modulated EM emanations do not require the close physical access to the victim device, which makes the attack particularly threatening. However, all existing amplitude-modulated EM attacks on AES focus on implementations of unprotected TinyAES, which is less likely to be used when the implementation is not overly resource constrained. This paper presents the first deep learning based side-channel attack on AES-128 with a Rivain–Prouff masking scheme by using amplitude-modulated EM emanations as the side channel. Rivian–Prouff masking scheme is a provably secure higher-order masking scheme for AES. To bypass the theoretical strength of the addition-chain based Boolean masked SBox , we train neural networks on trace segments corresponding to the MixColumns operation in which the data loading instructions for SBox output leak information. By comparing two different training strategies, we show that it is feasible to recover the key from an ARM Cortex-M4 CPU implementation of AES-128 with a Rivain–Prouff masking scheme by using the amplitude-modulated EM emanations leaked from the victim device, which has a Bluetooth module embedded on the board.

computer science, theory & methods