ChipWhisperer Lite

Open source tool for research on hardware attacks

• Side Channel Power Analysis

• Glitching Attacks

Essentially an oscilloscope attached to a target chip

Modeling Power Consumption

Every device requires power to run (static power)

Data moving through the device changes power consumption (dynamic power)

Dynamic Power – Current required to charge or discharge data lines

00110000 transitioning to 00100011

• 3 bits changed

Correlation Power Analysis

Force target device to encrypt many different things

Log traces of these different encryptions

Analyze these different traces and determine subkeys

BREAK ENCRYPTION!

Setting up target device

• Connect to Chipwhisper and set up target board

• Connect_cwlite _simpleserial

Setting up oscilloscope

• Connect to Chipwhisper and set up scope to capture traces

• Setup_cwlite_xmega_aes

CAPTURE TRACES!

• Settings on left

• Captured traces displayed on the right

Analyze Traces• attack_cpa

Attacking AES Encryption

Results table: first row (in white) is the “result key” from analysis.

Note this is the same key as used to generate the traces!

How’d it do that?

How AES works:• AES algorithm XORs the key and data

• Uses s-box defined lookup table to replace data

• S-box is public

and known

Breaking AES

Above equation is the relationship between a hypothetical guess for each XOR equation (both key and data to encrypt)

compared to the actual change in the trace

Apply hypothetical guesses

• Apply hypothetical guesses to each trace and see what matches

• Keep track of which hypothetical has best guess

• Percentage confidence is the [0,1] number below the results

Results Table (again)