In 2015 I crowdfunded the Chipwhisperer-lite platform on Kickstarter which aims at providing a more or less generic but affordable glitching and side-channel attack platform. Since the campaign, the project has evolved and nowadays Chipwhisperer already has support for many platforms such as AVR, STMicro STM32 ARM processors, 8051, and even a small Intel x86 microcontroller. Adding support for a new processor will be part of an upcoming serie of articles on my blog, stay tuned! Although I owned that platform, I never got the chance to really play with it besides taking some of the straightforward tutorials and seeing that they work perfectly out-of-the-box.

I recently discovered a challenge that the company Riscure publishes every year called Riscure HackMe and more precisely its 2nd edition, RHME2016, including 3 challenges about side channel attacks where you had to recover an AES128 key in increasingly protected protected implementations. All the compiled firmware for those challenges are meant to run on an Arduino Nano board which uses the same microcontroller as the NOTDUINO kit that was included with my Kickstarter Chipwhisperer-lite.

Correlation power analysis

I’m not going to describe extensively what side channel attacks are as it would take too long. There’s a lot of literature on the topic if you’re interested to learn more. But to keep it simple, the idea behind a correlation power analysis, or CPA, is that there is a relationship between the current drawn by a microcontroller at each clock tick and the number of bits being set to 1 on its I/Os and/or registers, called Hamming weight. In order to attack an encryption algorithm and recover its key you need to find a point in time where a usable Hamming weight is leaked. Choosing this point should only depend on the encryption key bytes and on things that you know (constants, plaintext, etc.). Once you’ve found a fitting attack point, diversifying randomly the plaintext and capturing the matching consumption traces will enable you to perform a statistical attack on each individual byte of the key. This means that instead of attacking 2^128 possibilities through a traditional bruteforce attack, you can attack 16 times 8 bits in parallel! And even if you only partially recover the key, you may still crack the missing bytes by brute-forcing them.

I invite you to read more on attacking AES with CPA on the wiki of Chipwhisperer. The article about attacking TEA encryption algorithm is particularly good to understand how hard it could be to find the points of leakage for a given algorithm.

From Arduino Nano to NOTDUINO