colin o flynn my funding provided by special thanks
play

Colin OFlynn My Funding Provided By: Special Thanks: Cryptography - PowerPoint PPT Presentation

Jun 27, 2023 •115 likes •1.06k views

Colin OFlynn My Funding Provided By: Special Thanks: Cryptography Research Inc Blackhat Organizers & Sponsors The Way Forward What is Side Channel Analysis (SCA) 15 mins Your First Attack! 10 mins ChipWhisperer

  1. Colin O’Flynn

  2. My Funding Provided By: Special Thanks: Cryptography Research Inc Blackhat Organizers & Sponsors

  3. The Way Forward • What is Side Channel Analysis (SCA) – 15 mins • Your First Attack! – 10 mins • ChipWhisperer Software – 10 mins • Waveform Acquisition – 5 mins • Amplifiers/Front-End Stuff – 5 mins • Measuring Current in Real Devices? – 5 mins • Where to go from Here? – 5 mins

  4. The Side Channel

  5. Side Channel? Secret Main Channel

  6. Side Channel? Power Secret Main Channel

  7. Power Channel.

  8. Power Channel.

  9. Power Channel.

  10. Side Channel.

  11. Simple 4-Bit Example

  12. Simple 4-Bit Example + Plain Text Unavailable Output Secret Number

  13. Simple 4-Bit Example Input Plaintext Hyp. Secret Number Hyp. Bit 0 Value 4 2 0 7 2 1 2 2 0 1 2 1 0 2 0 6 2 0 5 2 1

  14. Differential Power Analysis

  15. Differential Power Analysis 1. Input many plaintexts & measure power 2. Target a single bit in each byte. 3. Make a guess of what key byte is. For each power trace, is this bit now a 1 or 0? 4. Split traces into two groups based on that bit 5. Find mean of each group, subtract 6. If guess is correct, we should see a big peak 7. Repeat 3-6 for all 256 possible bytes

  16. #For all 16 bytes of key for bnum in range ( 0 , 16 ): diffs = [ 0 ]* 256 #For each 0..0xFF possible value of the key byte for key in range ( 0 , 256 ): #Initialize arrays & variables to zero mean1 = numpy . zeros ( len ( traces [ 0 , pointstart : pointend ])) mean0 = numpy . zeros ( len ( traces [ 0 , pointstart : pointend ])) num1 = 0 num0 = 0 #For each trace, do the following for tnum in range ( len ( traces )): #Generate the output of the SBOX Hyp = SBOX [ int ( plaintexts [ tnum , bnum ], 16 ) ^ key ] #Is target bit 1 or target bit 0? if ( Hyp & ( 1 << targetbit )) != 0 : #Bit is 1, so add this trace to the 1 partition mean1 = numpy . add ( mean1 , traces [ tnum , pointstart : pointend ]) num1 = num1 + 1 else : #Bit is 0, so add this trace to the 0 partition mean0 = numpy . add ( mean0 , traces [ tnum , pointstart : pointend ]) num0 = num0 + 1 #Average mean1 = mean1 / num1 mean0 = mean0 / num0 #Find the difference between the two means diff = numpy . subtract ( mean1 , mean0 ) #Find the biggest difference for this specific key & store diffs [ key ] = max ( numpy . fabs ( diff )) #From all the key candidates, select the largest difference as most likely print "%2x " % diffs . index ( max ( diffs )),

  17. Your First Attack

  18. Should I Attack a Smartcard?

  19. Attacks against Smart Card Shunt to Clock, Sync, etc measure current

  22. SmartCard Capture Note we use a resistive divider to scale the 5V signals to 3V – the 5V signal would immediately destroy the FPGA board!

  23. SmartCard Capture - Cheap

  24. SmartCard Capture - Cheap

  25. SmartCard Capture - Cheap

  26. So What do you Do? =

  27. What does this Look Like?

  28. What does this Look Like?

  29. A PCB Version

  30. Let’s Do This: Shopping List • AtMega8-16PU • Cables/Connectors • 7.37 MHz Crystal • Breadboard • 22pF Capacitors • Capture HW • 100 ohm resistors • Serial-USB Adapter • 680uF (or bigger) capacitor • Power? • 1uF Ceramic Capacitor • AVR Programmer • 0.1uF Ceramic Capacitor

  31. Notes on Step 1 • Ideally Get ATMega8-16PU • Crystal not 100% needed but makes life easier • Example here uses Colorado Micro Devices USB2UART, many other manufactures of USB/Serial Cables • Need Capture HW too – OpenADC used here, can use general purpose scope (Tiepie suggested as Differential versions, Picoscope popular too)

  32. Step 2: Build your Target HW • See schematic in ref material • Insert resistor in power line • Need AVR programmer. Can use: – AVR-ISP MK-II – Arduino setup as programmer – Lots of other cheap AVR programmers (see EBay)

  33. Step 2: Continued (Testing) Use serial port to confirm working

  34. Step 3: Characterize • Probe connected to VCC rail, not across shunt

  35. Step 3: Characterize

  36. Step 3: Characterize 2.2uF Ceramic Capacitor +680uF Electrolyctic +100 ohm series resistor

  37. Step 3: Characterize

  38. Step 3: Shunt

  39. Step 3: Characterization Cont’d Persistence Mode in Scope Adjust gain, trigger, etc to get reliable signal Fixed Plaintext

  40. Step 4: Acquire Use AESExplorer ‘Capture’ application, • written in Python with PySide Included on Blackhat CD • Capture ~2500 traces, 6000 • samples/capture

  41. Step 4: Acquire text_in.txt & wave.txt are the needed files

  42. Step 5: Break It Copy wave.txt & text_in.txt to same directory as dpa_attack.py, run:

  43. Step 6: Better Analysis Tools

  44. ChipWhisperer

  45. www.ChipWhisperer.com • GIT Repository for tools demoed here • GIT Repository for hardware designs • Mailing List for discussion • Wiki for Documentation

  46. Current Software Tools ChipWhisperer-Capture • Capture tools, interfaces to OpenADC + target boards • Records traces ChipWhisperer-Analyzer • Applies attacks to power traces

  47. About the Tools • All tools Open Source (LGPL License) • Written in Python using PySide for GUI • Uses trace file format from DPA Contest V3, which publishes some example captures

  48. Runs on Windows/Linux/Mac • Supports multiple different targets • Dockable preview window (to right) shows power as measurements occuring •

  50. Waveform Acquisition & Low- Cost Alternatives

  51. What’s a ‘Normal’ Setup look like? Power Trace Trigger

  52. Is this Really Typical? Author Work Year Scope Cost Dario Carluccio Electromagnetic Side Channel 2005 Infiniium $8000 Analysis Embedded Crypto 5432D MSO Devices Youssef Souissi et Embedded systems security: 2011 Infiniium $20 000 al. An evaluation methodology 54855 against Side Channel Attacks Dakshi Agrawal et The EM Side–Channel(s) 2003 100 MHz, 12 $1000 al. bit F.X. Standaert et Using subspace-based 2008 1 GHz $7500 al. template attacks to compare bandwidth and combine power and electromagnetic information leakages

  53. Can We Do Better? Power Clock

  54. Using 4x Source Clock Power Clock

  55. What about Phase Shift?

  56. 4x Sample Clock with Different Phases

  57. Desired Capture HW See “ A Case Study of Side-Channel Analysis using Decoupling Capacitor Power Measurement with the OpenADC ” by Colin O’Flynn & Zhizhang Chen

  58. OpenADC

  59. OpenADC • Can use up to 105 MSPS in oscilloscope-like mode • Supports synchronizing to sample clock of device, so can attack high-speed targets • Built-in amplifier • Open Source design!

  60. Synchronous Sampling Scope e.g.: CleverScope with CS810 Option • PicoScope PS6000 •

  61. Magnetic Field Probes

  62. Rohde & Schwarz

  63. ETS-Lindgren

  64. Bruce Carsten Associates, Inc.

  65. Instek

  66. DIY: Example Length of Semi-Rigid cable with SMA Connectors ($3 surplus) can be turned into a simple magnetic loop:

  67. DIY: Example Wrap entire thing in non-conductive tape (here I used self-fusing + polyimide) to avoid shorting out anything:

  68. DIY: Some Useful References http://www.compliance-club.com/archive/old_archive/030718.htm

  69. DIY: Some Useful References Elke De Mulder : Electromagnetic Techniques and Probes for Side-Channel Analysis on Cryptographic Devices http://www.cosic.esat.kuleuven.be/publications/thesis-182.pdf

  70. Pre-Amplifier (Probe or Other)

  71. Pre-amplifier Signal is too weak to be picked up, requires pre-amplifier in addition to probe.

  72. Pre-amplifier: Buying One Assuming we are making a probe, there is no need to purchase the expensive pre- amplifier offered by that manufacture. Here is a 20 dB amplifier for $90, it was shown being used in another photo.

  73. Pre-amplifier: Buying One

  74. Pre-Amplifier: Making One But we can get cheaper. We can make a pre-amplifier with similar characteristics for even less! Amplifier chip costs $2! Just needs a little support circuitry.

  75. Pre-amplifier: Making One MiniCircuits lists full details of the required additional components http://www.minicircuits.com/pcb/WTB-411-8+_P02.pdf

  76. Building One: Even Cheaper Here is an even cheaper version! Built on a piece of PCB, and has two channels to amplify different probes. This version has a voltage regulator on the bottom & protection diodes too, making it more robust than the basic schematic given.

  77. Building One: Even Cheaper A PCB piece on top, some copper tape, and a final covering of non-conductive polyimide tape complete the amplifier. As a quick comparison to commercial ones let’s look at performance:

  78. Building One: Results Here is the S21 measurement, showing amplifier gain. Gain varies from about 20- 32 dB depending on frequency. The Noise Figure is below 3dB for this entire range.

  79. Differential Probe

  80. Differential Probe From “ Side Channel Analysis of AVR XMEGA Crypto Engine” by Ilya Kizhvatov

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Prevention Planning in Maryland Colin Flynn, Chief Center for HIV Surveillance &amp; Epidemiology

Prevention Planning in Maryland Colin Flynn, Chief Center for HIV Surveillance &amp; Epidemiology

HIV Epidemiological Data for Prevention Planning in Maryland Colin Flynn, Chief Center for HIV Surveillance &amp; Epidemiology Infectious Disease &amp; Environmental Health Admin. Maryland Department of Health &amp; Mental Hygiene March 1,

717 views • 61 slides
METROPOLITAN AREA GREATER BALTIMORE HIV PLANNING COUNCIL JUNE 16, 2015 Colin Flynn, Chief HIV

METROPOLITAN AREA GREATER BALTIMORE HIV PLANNING COUNCIL JUNE 16, 2015 Colin Flynn, Chief HIV

HIV IN THE BALTIMORE-TOWSON METROPOLITAN AREA GREATER BALTIMORE HIV PLANNING COUNCIL JUNE 16, 2015 Colin Flynn, Chief HIV Surveillance, Epidemiology and Evaluation Maryland Department of Health and Mental Hygiene Prevention and Health

758 views • 57 slides
HIV Epidemiology Update: Maryland Colin Flynn Prevention and Health Promotion Administration

HIV Epidemiology Update: Maryland Colin Flynn Prevention and Health Promotion Administration

HIV Epidemiology Update: Maryland Colin Flynn Prevention and Health Promotion Administration Center for HIV Surveillance, Epidemiology and Evaluation September 14, 2017 MISSION AND VISION MISSION The mission of the Prevention and Health

504 views • 15 slides
SPECIAL EDUCATION FUNDING UPDATE Senate Committee on E-12 Policy Tom Melcher - School Finance

SPECIAL EDUCATION FUNDING UPDATE Senate Committee on E-12 Policy Tom Melcher - School Finance

SPECIAL EDUCATION FUNDING UPDATE Senate Committee on E-12 Policy Tom Melcher - School Finance Director August 21, 2018 8/20/2018 1 SPECIAL EDUCATION FUNDING UPDATE Topics for Discussion Special Education Funding Trends, FY 2003 FY

555 views • 38 slides
P E C P A I N C Funding for this program has been provided by the New Jersey Department of

P E C P A I N C Funding for this program has been provided by the New Jersey Department of

P E C P A I N C Funding for this program has been provided by the New Jersey Department of Children and Families (DCF) Prevention of Child Abuse and Neglect Webinar Notice of Disclosure: May 2017 CME Accreditation Statement: This

1.26k views • 77 slides
Funding Provided by USEPA via the Great Lakes Restoration Initiative Overview $600,000 grant

Funding Provided by USEPA via the Great Lakes Restoration Initiative Overview $600,000 grant

Funding Provided by USEPA via the Great Lakes Restoration Initiative Overview $600,000 grant through GLRI funding to restore 800 LF of Willow Creek and riparian areas within Eaton Twp. Community Park Also funded native wetland &amp;

716 views • 23 slides
Introduction to IDEA Funding Ind iv id ua ls w ith Disa bilities Ed uca tion Act Federal Funding

Introduction to IDEA Funding Ind iv id ua ls w ith Disa bilities Ed uca tion Act Federal Funding

Introduction to IDEA Funding Ind iv id ua ls w ith Disa bilities Ed uca tion Act Federal Funding Conference February 20 19 Excess Cost of Special Education Direct costs that are incurred when providing special education instruction and

1.04k views • 50 slides
Automating MongoDB Clusters Jonathan Rudenberg @&quot;tanous Flynn is an easy PaaS Flynn git

Automating MongoDB Clusters Jonathan Rudenberg @&quot;tanous Flynn is an easy PaaS Flynn git

Automating MongoDB Clusters Jonathan Rudenberg @&quot;tanous Flynn is an easy PaaS Flynn git push and Docker deploys HTTPS load balancing Log aggrega&lt;on Everything is highly available Flynn TCP load balancing Service discovery with DNS

359 views • 34 slides
Special Education Reconciliation Beth Tomlinson| Special Education Funding and Data Team May,

Special Education Reconciliation Beth Tomlinson| Special Education Funding and Data Team May,

Special Education Reconciliation Beth Tomlinson| Special Education Funding and Data Team May, 2020 1 Acronyms ACTE-SPED Access to Career Technical FAPE Free Appropriate Public Education MDE Minnesota Department of

315 views • 15 slides
EPJ A special talk Colin Wilkin, University College London Physics &amp; Astronomy The legacy of

EPJ A special talk Colin Wilkin, University College London Physics &amp; Astronomy The legacy of

EPJ A special talk Colin Wilkin, University College London Physics &amp; Astronomy The legacy of the experimental hadron physics programme at COSY Colin Wilkin (c.wilkin@ucl.ac.uk) University College London Sponsored by the European Physical

613 views • 39 slides
Michael Lubliner, Senior Building Science Specialist WSU Energy Program Funding provided by the

Michael Lubliner, Senior Building Science Specialist WSU Energy Program Funding provided by the

Michael Lubliner, Senior Building Science Specialist WSU Energy Program Funding provided by the Northwest Energy Efficiency Alliance Technical support provided in Washington: Training (in-person, webinars, video) Phone and email inquiry

1.5k views • 134 slides
Special Education Funding Model: Developing a Needs-Based Option Presentation for the COO Special

Special Education Funding Model: Developing a Needs-Based Option Presentation for the COO Special

Special Education Funding Model: Developing a Needs-Based Option Presentation for the COO Special Education Information Sharing Forum January 29-30, 2019 Background: MNCFN v. Canada MNCFN v. Canada cont. Budget 2016, current status, next

524 views • 21 slides
Sharing Surveillance Data across Jurisdictions: The DC/MD/VA Model Anne Rhodes, Virginia Colin

Sharing Surveillance Data across Jurisdictions: The DC/MD/VA Model Anne Rhodes, Virginia Colin

Sharing Surveillance Data across Jurisdictions: The DC/MD/VA Model Anne Rhodes, Virginia Colin Flynn, Maryland Rupali Doshi, District of Columbia Marcia Pearl, Maryland 1 Outline Background Black Box technology Black Box

262 views • 24 slides
M-20-21, Implementation Guidance for Supplemental Funding Provided in Response to the Coronavirus

M-20-21, Implementation Guidance for Supplemental Funding Provided in Response to the Coronavirus

April 16, 2020 - Grants Innovation Exchange Session M-20-21, Implementation Guidance for Supplemental Funding Provided in Response to the Coronavirus Disease (COVID-19) Natalie Rico Senior Policy Analyst, Office of Federal Financial Management

628 views • 19 slides
Immuno-Oncology for the Oncology Nurse *Funding for development of this activity was provided by

Immuno-Oncology for the Oncology Nurse *Funding for development of this activity was provided by

Immuno-Oncology for the Oncology Nurse *Funding for development of this activity was provided by an independent educational grant from Bristol-Myers Squibb. Introduction to Immunotherapy The Immune Response: Terminology Immunity: The

921 views • 51 slides
Lawrence Flynn, CEO February 2019 TODAYS PRESENTERS Lawrence Flynn Chris Bushnell Andreas

Lawrence Flynn, CEO February 2019 TODAYS PRESENTERS Lawrence Flynn Chris Bushnell Andreas

Lawrence Flynn, CEO February 2019 TODAYS PRESENTERS Lawrence Flynn Chris Bushnell Andreas Wieweg CEO CFO CTO AGENDA 1. Introduction to Conversational AI 2. About Artificial Solutions 3. Conversational AI Market Opportunity 4.

549 views • 54 slides
Shunting Trains with Deep Reinforcement Learning Wan-Jui Lee R&amp;D Hub Logistics, Dutch

Shunting Trains with Deep Reinforcement Learning Wan-Jui Lee R&amp;D Hub Logistics, Dutch

Shunting Trains with Deep Reinforcement Learning Wan-Jui Lee R&amp;D Hub Logistics, Dutch Railways Meet the fleet of NS Train Unit Shunting Problem Service Location with carousel layout (Den Haag Kleine Binckhorst) Shunt Plan Simulator

369 views • 25 slides
1 Objective to Understand Effects of field conditions on measurements Importance of

1 Objective to Understand Effects of field conditions on measurements Importance of

Steel Underground Storage Tank Cathodic Protection Testing Seminar Presented by STEEL TANK INSTITUTE Repeatability Methods that help increase repeatability of results Test in same locations from year to year Always add water to

815 views • 53 slides
Quad module development for pixel layer upgrades Katie Dunne Student Instrumentation Meeting -

Quad module development for pixel layer upgrades Katie Dunne Student Instrumentation Meeting -

Quad module development for pixel layer upgrades Katie Dunne Student Instrumentation Meeting - July 21 2017 FE-I4B Quad Module RD53A arrives September this year Preparation for arrival of RD53A has been building test quad modules using

277 views • 14 slides
Bipolar Operation of CEBAF Magnets Considerations and Implications Michael Tiefenback Jlab CASA

Bipolar Operation of CEBAF Magnets Considerations and Implications Michael Tiefenback Jlab CASA

Bipolar Operation of CEBAF Magnets Considerations and Implications Michael Tiefenback Jlab CASA Abstract Operation of CEBAF with positrons using the standard electron beam direction (clockwise as viewed from above) requires inverting the

242 views • 11 slides
Development of a Concurrent Dual-Band Switch-Mode Power Amplifier Based on Current- Switching

Development of a Concurrent Dual-Band Switch-Mode Power Amplifier Based on Current- Switching

Development of a Concurrent Dual-Band Switch-Mode Power Amplifier Based on Current- Switching Class-D Configuration Yifei Li, Byron J. Montgomery and Nathan M. Neihart Iowa State University WAMICON 2016 Clearwater Beach, FL Contents

584 views • 21 slides
XFEL High Power RF System Recent Developments p Stefan Choroba, DESY for the XFEL RF Group

XFEL High Power RF System Recent Developments p Stefan Choroba, DESY for the XFEL RF Group

The European XFEL X-Ray Laser Project X-Ray Free-Electron Laser XFEL High Power RF System Recent Developments p Stefan Choroba, DESY for the XFEL RF Group Stefan Choroba, DESY ILC 2007, May 31, 2007 The European XFEL X-Ray Laser Project

524 views • 34 slides
Class E broadband amplifier w ith C-LC shunt netw ork Basic theory, simulation and prototype A.

Class E broadband amplifier w ith C-LC shunt netw ork Basic theory, simulation and prototype A.

San Diego, CA Jan 09 CLASS E RF/MICROWAVE POWER AMPLIFIERS Class E broadband amplifier w ith C-LC shunt netw ork Basic theory, simulation and prototype A. Mediano 1 , K. Narendra 2 , C. Prakash 2 , 1 I3A, University of Zaragoza, Zaragoza, Spain

198 views • 9 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (4/17/07) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (4/17/07) I E S R C E O V U

Digital Systems Terminations I CMPE 650 Terminations From our previous analysis, a cable needs to be terminated when Its long (its length exceeds 1/6 the electrical length of the rising edge) and reflections occur Its short (its

1.15k views • 18 slides

More recommend