PB173 Domain specific
development: side-channel
analysis
Seminar 8: Finalizing on First Steps
Łukasz Chmielewski
chmiel@fi.muni.cz, Consultation: A406 Friday 9:00-11:00
USEFUL PLOTS: KEY RANK EVOLUTION
Example
2
Semi-invasive attacks
• Use cpa_aes_evol.py (from seminar 7) on
• Xoodyak_FVR3000_20240214_124156.npz
• What do you think about the result?
| PV204 Side Channel 03/04/2023
3
FAULT INJECTION ATTACKS
Active Side-Channel
4
Passive vs Active Side Channels
Passive: analyze device behavior Active: change device behavior
5
https://escooptics.com/blogs/news/world-space-week-02-lasers
Semi-invasive attacks
• “Physical” manipulation (but card still working)
• Micro probes placed on the bus
– After removing epoxy layer
• Fault induction
– liquid nitrogen, power glitches, light flashes…
– modify memory (RAM, EEPROM), e.g., PIN counter
– modify instruction, e.g., conditional jump
| PV204 Side Channel 03/04/2023
6
PIN verification procedure
7 | PV204 Side Channel 03/04/2023
• [Decrease counter, verify, increase]
= correct
• [Verify, decrease/increase]
Fault induction
• Attacker can induce bit faults in memory locations
– power glitch, flash light, radiation...
– harder to induce targeted then random fault
• Protection with shadow variable
– every variable has shadow counterpart
– shadow variable contains inverse value
– consistency is checked every read/write to memory
• Robust protection, but cumbersome for developer
| PV204 Side Channel 03/04/2023
01011010
10100101
01011010
10100101
if (a != ~a_inv) Exception();
a = 0x55;
a_inv = ~0x55;
01010101
10101010
01010000 if (a != ~a_inv) Exception();
a = 0x13;
a
a_inv
8
More in PV286/PA193 or
https://riscureprodstorage.blob.core.windows.net/production
/2017/08/Riscure_Whitepaper_Side_Channel_Patterns.pdf
“Commercial” Example: the “unlooper” device
9
Differential Fault Analysis
• Would you like me to present that?
• Or do you prefer to see a real setup? Hard to fit both together.
| PV204 Side Channel 03/04/2023
10
ORGANIZATIONAL
11
Organization
• Group 1: Alignment
– https://github.com/2lol555/pb173-side-channel/tree/main
– Progress: ?
• Group 2: Parallel computations with acquisition
– https://github.com/makuga01/pb173-sidechannels
– Progress: ?
12
Group 1: Alignment
• Goals:
– Peak-Based Alignment
– Correlation-based Alignment
– Optional: elastic versions
• Look at:
– AES_fixed_rand_input_CAFEBABEDEADBEEF0001020304050607+SAVEEVEN(0,1000).trs
– AES_fixed_rand_input_CAFEBABEDEADBEEF0001020304050607+SAVEEVEN(0,1000)+MIS(100).trs
• First tasks:
– Try to align the traces mentioned above using peak-based
alignment. Note that it might not work for …MIS… traces.
– See all the uploaded scripts till now
• Later task - Correlation-based Alignment
• How is it going?
13
Group 2: Parallel computations with
acquisition
• Implement multithreaded Acquisition + Processing
• Measure Efficiency
• First Task: measure the efficiency of the
acquisition (done?) Do you have some graphs?
• Later tasks: observe the impact of processing and
try to add frequency processing in parallel to the
acquisition
• How is it going? Have you used?
– https://github.com/ikizhvatov/efficient-columnwise-correlation and
– cpa_aes_evol.py (the corr. traces are also uploaded for Seminar08)
14
Remaining Seminars Plan
• 7: evaluation of progress on first steps: 1 point per person
per work done till today also based on the commits in GIT
• 8: evaluation of finished first steps : 3 points per group
(personalized per person based on the Github) + giving the
next tasks
9: work in progress (I will join online for some time)
• 10: 4 points per group (personalized per person based on
the GitHub) + what would say about showing a more official
progress presentations? Decide today.
This seminar: real SCA setup
• 11/12: national holiday / online consultation
• 13: final 2 points for work + 2 points for presentations + 2
points for activity, grading.
15
WHAT WAS DONE + GIVING NEW TASKS
16
Group 1: Alignment
• How reproducible are the installation information?
17
Group 1: Alignment
18
Explain who works on branches and 4
contributors ☺
Group 1 New Tasks:
1. Try to misaligned_1000 traces
2. Try alignment on lower peaks (local maximum peaks)
3. Try the Absolute Window Resample + Alignment
approach
4. Try pattern matching as explained during the seminar
5. Longer term: Correlation Alignment
• From my side, computing correlation between the traces:
from scipy.stats import pearsonr
19
Group 2: Parallel computations with
acquisition
20

Group 2: Parallel computations with
acquisition
21
No input last week from one participant?
Group 2 New Tasks:
22
1. Perform analysis with jitter enabled.
2. Try Spectrogram + CPA together
3. Perform evaluation when turning on and off various
parallelizations
4. Generate graphs for comparison
• From my side, I will add more ideas for extension for the
next seminar. I am considering asking to add an
alignment code from Group 1.
WALK-AROUND + WORKING IN GROUPS
23
Reading
• For interested people
• Side-Channel Analysis – blue book:
– http://dpabook.iaik.tugraz.at/
– The books is available at the uni.
– Look online
• The Hardware Hacking Handbook:
– https://nostarch.com/hardwarehacking
– I have an epub version.
24
25
| PA193 - Programming in the presence of side-channels /
faults
Questions