glitching and side channel
play

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE - PowerPoint PPT Presentation

Mar 30, 2023 •155 likes •633 views

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015 Montreal, QC. Overview W.t.f is side-channel power analysis (again) Example: IEEE 802.15.4 Node Example: AES-256 Bootloader W.t.f.

  1. Glitching and Side-Channel Analysis for All Colin O’Flynn – NewAE Technology Inc. RECON 2015 – Montreal, QC.

  2. Overview • W.t.f is side-channel power analysis (again) • Example: IEEE 802.15.4 Node • Example: AES-256 Bootloader • W.t.f. is Glitching • Simple power glitching

  3. About Me • PhD at Dalhousie University in Halifax, Canada (Ongoing) • Designed open-source hardware security project (ChipWhisperer) • Commercialization through NewAE Technology Inc. • Previously talked at Blackhat US/EU/AD, RECON, ESC

  4. Side Channel Power Analysis

  5. Side Channel Analysis Plaintext Crypto Device Ciphertext Secret Key

  6. Super-Fast Side Channel

  7. Real-Life

  8. Breaking Apart

  9. Hardware Example

  10. Hackaday Prize 2014

  11. Cheap Hardware… First Ver

  12. ChipWhisperer-Lite Kickstarter

  13. Cheaper Hardware

  14. Open-Source Software

  15. Example of Power Analysis <demo here>

  16. IEEE 802.15.4 Nodes

  17. IEEE 802.15.4

  18. Example #1: 802.15.4 ZigBee (ZigBee IP, ZigBee Pro, RF4CE, etc.) WirelessHART MiWi ISA100.11a 6LoWPAN Nest Weave 802.15.4 Node JenNet Thread Atmel Lightweight Mesh IEEE 802.15.5 DigiMesh http://eprint.iacr.org/2015/529

  19. Hardware Setup

  20. 802.15.4 Frame Format Seq. Number Sec. Level. Dest Address (ff = Broadcast) Frame Header FrameCounter Source Addressing Key ID CRC-16 Goes Here Encrypted Payload + MAC (MIC in 802.15.4 parlance)

  21. 802.15.4 Decoding IEEE 802.15.4 Wireless Stack: Frame Decryption Procedure: 1. Validate headers and security options. 2. Check that the received frame counter is numerically greater than the last stored frame count. 3. Look up the secret key based on message address and/or key index. 4. Decrypt the payload (and MAC if present). 5. Validate the MAC (if present). 6. Store the frame counter.

  22. Example #1: 802.15.4 Input to AES Block

  23. Many fixed bytes…

  24. CPA Attack Result

  25. ATMega128RFA1

  26. ATMegaRF AES Peripheral

  27. Example #2: AES-256 Bootloader Tutorial: http://newae.com/sidechannel/cwdocs/tutorialaes256boot.html Paper (CCECE 2015): https://eprint.iacr.org/2014/899.pdf

  28. Bootloader Protocol

  29. AES-256 in CBC Mode

  30. Round 14

  31. Round 13

  32. Trace View

  33. Success Rate

  34. Getting Started in Side Channel Power • Build/buy a simple target device: • AVR dev-board • Arduino Uno • PIC • Get a scope with USB API • Picoscope • Most bench scopes • Be wary of cheap off-brand scopes, sometimes USB interface is poor • Experiment!

  35. Glitching

  36. Glitching Target int i , j , count ; while ( 1 ){ count = 0 ; for ( j = 0 ; j < 5000 ; j ++){ for ( i = 0 ; i < 5000 ; i ++){ count ++; } } printf ( "%d %d %d\n" , count , i , j ); }

  37. Easy Glitching

  38. High-Precision Glitches

  39. Easy Glitching

  40. Raspberry Pi Example

  41. Raspberry Pi Example

  42. Raspberry Pi Example

  43. Glitch Tool

  44. Glitch Waveform (Raspberry Pi)

  45. Getting Started in Glitching • Load simple code onto target • Determine/guess sensitive power rail • Test glitch parameters  ideally with profiling code

  46. Glitching in CW-Lite

  47. It’s fun! Try Power Analysis and Glitching today! ChipWhisperer Project : www.chipwhisperer.com NewAE Technology Inc.: www.newae.com Personal: @colinoflynn coflynn@newae.com http://www.oflynn.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

Open source tool for research on hardware attacks Side Channel Power Analysis Glitching Attacks Essentially an oscilloscope attached to a target chip ChipWhisperer Lite Modeling Power Consumption Every device requires power to run

175 views • 14 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel Research Dr. M. Elisabeth Oswald Reader, EPSRC Leadership Fellow University of Bristol Roadmap

280 views • 25 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

620 views • 21 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Yield Curve Predictability, Regimes, and Macroeconomic Information: A Data-Driven Approach

Yield Curve Predictability, Regimes, and Macroeconomic Information: A Data-Driven Approach

COMPSTAT 2010, Paris Yield Curve Predictability, Regimes, and Macroeconomic Information: A Data-Driven Approach Francesco Audrino and Kameliya Filipova University of St. Gallen August 26, 2010 F. Audrino and K. Filipova COMPSTAT 2010 1 /

347 views • 32 slides
Motivation for Multithreaded Architectures Processors not executing code at their hardware

Motivation for Multithreaded Architectures Processors not executing code at their hardware

Motivation for Multithreaded Architectures Processors not executing code at their hardware potential late 70s: performance lost to memory latency 90s: performance not in line with the increasingly complex parallel hardware as

591 views • 32 slides
Twitter - @JuliaCSocial @KYGives #KYGives20 Twitter - @JuliaCSocial @KYGives #KYGives20

Twitter - @JuliaCSocial @KYGives #KYGives20 Twitter - @JuliaCSocial @KYGives #KYGives20

Twitter - @JuliaCSocial @KYGives #KYGives20 Twitter - @JuliaCSocial @KYGives #KYGives20 WWW.KYNONPROFITS.ORG REGISTER NOW: WWW.KYGIVES.ORG DEADLINE APRIL 20 UPDATED GETTING READY WEBINAR TOMORROW, 2PM EST Twitter - @JuliaCSocial @KYGives

618 views • 57 slides
Tutorial 3 Tutorial 3 Sherbrooke Lundi 12 Mai 2003 Tutorial 3 An Evaluation of Globus

Tutorial 3 Tutorial 3 Sherbrooke Lundi 12 Mai 2003 Tutorial 3 An Evaluation of Globus

The 17th Annual International Symposium on The 17th Annual International Symposium on High Performance Computing Systems and High Performance Computing Systems and Applications Applications The First Annual The First Annual OSCAR OSCAR

2.11k views • 171 slides
THE LAST DAYS APOSTASY OF THE CHURCH Andy Woods Andy Woods Definition of Apostasy apos = away

THE LAST DAYS APOSTASY OF THE CHURCH Andy Woods Andy Woods Definition of Apostasy apos = away

THE LAST DAYS APOSTASY OF THE CHURCH Andy Woods Andy Woods Definition of Apostasy apos = away from = away from apos hist mi mi = to stand = to stand hist Apostasy Apostasy = to stand away = to stand away from from

374 views • 34 slides
DEEP CHURCH Week 2 The Genuine Article Session 1 How do we tell T ruth from Error?

DEEP CHURCH Week 2 The Genuine Article Session 1 How do we tell T ruth from Error?

DEEP CHURCH Week 2 The Genuine Article Session 1 How do we tell T ruth from Error? If it sounds too good to be true, then it probably is Real or fake? Before and after Before and after What is truth? John 18:33-38 Greek:

941 views • 64 slides
UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 6:03 pm) I E S

UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 6:03 pm) I E S

Principles of VLSI Design Representations CMSC 491B/711 Circuit and System Representations IC design is hard because designers must juggle several different problems: Multiple levels of abstraction: IC designs requires refining an idea

231 views • 11 slides
Christs Prophesies of the Part 3 Facilitators : Ed Foley, Leigh Kelleher Readers: Carole Hoy,

Christs Prophesies of the Part 3 Facilitators : Ed Foley, Leigh Kelleher Readers: Carole Hoy,

Christs Prophesies of the Part 3 Facilitators : Ed Foley, Leigh Kelleher Readers: Carole Hoy, Kevin Kelleher Created &amp; Sponsored By The Willowdale Small Group Leadership Team 1 Review: Several Groupings of Events in 7 Year Period 7

606 views • 32 slides

More recommend