glitching and side channel
play

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE - PowerPoint PPT Presentation

Mar 30, 2023 •155 likes •633 views

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015 Montreal, QC. Overview W.t.f is side-channel power analysis (again) Example: IEEE 802.15.4 Node Example: AES-256 Bootloader W.t.f.

  1. Glitching and Side-Channel Analysis for All Colin O’Flynn – NewAE Technology Inc. RECON 2015 – Montreal, QC.

  2. Overview • W.t.f is side-channel power analysis (again) • Example: IEEE 802.15.4 Node • Example: AES-256 Bootloader • W.t.f. is Glitching • Simple power glitching

  3. About Me • PhD at Dalhousie University in Halifax, Canada (Ongoing) • Designed open-source hardware security project (ChipWhisperer) • Commercialization through NewAE Technology Inc. • Previously talked at Blackhat US/EU/AD, RECON, ESC

  4. Side Channel Power Analysis

  5. Side Channel Analysis Plaintext Crypto Device Ciphertext Secret Key

  6. Super-Fast Side Channel

  7. Real-Life

  8. Breaking Apart

  9. Hardware Example

  10. Hackaday Prize 2014

  11. Cheap Hardware… First Ver

  12. ChipWhisperer-Lite Kickstarter

  13. Cheaper Hardware

  14. Open-Source Software

  15. Example of Power Analysis <demo here>

  16. IEEE 802.15.4 Nodes

  17. IEEE 802.15.4

  18. Example #1: 802.15.4 ZigBee (ZigBee IP, ZigBee Pro, RF4CE, etc.) WirelessHART MiWi ISA100.11a 6LoWPAN Nest Weave 802.15.4 Node JenNet Thread Atmel Lightweight Mesh IEEE 802.15.5 DigiMesh http://eprint.iacr.org/2015/529

  19. Hardware Setup

  20. 802.15.4 Frame Format Seq. Number Sec. Level. Dest Address (ff = Broadcast) Frame Header FrameCounter Source Addressing Key ID CRC-16 Goes Here Encrypted Payload + MAC (MIC in 802.15.4 parlance)

  21. 802.15.4 Decoding IEEE 802.15.4 Wireless Stack: Frame Decryption Procedure: 1. Validate headers and security options. 2. Check that the received frame counter is numerically greater than the last stored frame count. 3. Look up the secret key based on message address and/or key index. 4. Decrypt the payload (and MAC if present). 5. Validate the MAC (if present). 6. Store the frame counter.

  22. Example #1: 802.15.4 Input to AES Block

  23. Many fixed bytes…

  24. CPA Attack Result

  25. ATMega128RFA1

  26. ATMegaRF AES Peripheral

  27. Example #2: AES-256 Bootloader Tutorial: http://newae.com/sidechannel/cwdocs/tutorialaes256boot.html Paper (CCECE 2015): https://eprint.iacr.org/2014/899.pdf

  28. Bootloader Protocol

  29. AES-256 in CBC Mode

  30. Round 14

  31. Round 13

  32. Trace View

  33. Success Rate

  34. Getting Started in Side Channel Power • Build/buy a simple target device: • AVR dev-board • Arduino Uno • PIC • Get a scope with USB API • Picoscope • Most bench scopes • Be wary of cheap off-brand scopes, sometimes USB interface is poor • Experiment!

  35. Glitching

  36. Glitching Target int i , j , count ; while ( 1 ){ count = 0 ; for ( j = 0 ; j < 5000 ; j ++){ for ( i = 0 ; i < 5000 ; i ++){ count ++; } } printf ( "%d %d %d\n" , count , i , j ); }

  37. Easy Glitching

  38. High-Precision Glitches

  39. Easy Glitching

  40. Raspberry Pi Example

  41. Raspberry Pi Example

  42. Raspberry Pi Example

  43. Glitch Tool

  44. Glitch Waveform (Raspberry Pi)

  45. Getting Started in Glitching • Load simple code onto target • Determine/guess sensitive power rail • Test glitch parameters  ideally with profiling code

  46. Glitching in CW-Lite

  47. It’s fun! Try Power Analysis and Glitching today! ChipWhisperer Project : www.chipwhisperer.com NewAE Technology Inc.: www.newae.com Personal: @colinoflynn coflynn@newae.com http://www.oflynn.com

Recommend

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

Open source tool for research on hardware attacks Side Channel Power Analysis Glitching Attacks Essentially an oscilloscope attached to a target chip ChipWhisperer Lite Modeling Power Consumption Every device requires power to run

175 views • 14 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel Research Dr. M. Elisabeth Oswald Reader, EPSRC Leadership Fellow University of Bristol Roadmap

280 views • 25 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

622 views • 21 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut Kandemir Pennsylvania State University Cache Side Channels Process Data CPU Cache Program Side

390 views • 20 slides
Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel Snooping Scenario: Ann the Attacker works in a building across the street from Victor the Victim. Late one night Ann can see Victor hard at work in

727 views • 44 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides
Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T.

Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T.

Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T. Roche thomas.roche@ssi.gouv.fr FSE 2013 March 2013 T. Roche, ANSSI Higher-Order Side Channel Security and Mask Refreshing Side Channel Analysis

1.14k views • 75 slides
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz MIT CSAIL Microsoft Research Security is a big concern in cloud adoption Why are cache-based side channel

588 views • 38 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1

A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1

A Comprehensive Study of Deep Learning for Side-Channel Analysis A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1 Emmanuel Prouff 2, 3 Lo C 1 Univ. Grenoble Alpes, CEA, LETI, DSYS, CESTI, F-38000

1.39k views • 86 slides

More recommend