This project was inspired by our participation in a embedded CTF competition. This is a two-part semester long competition. During the first part, we are required to design a mp3 player with secure digital rights management. After we hand-off our design to the coordinators, we then enter the second phase. During the second phase, we are given other teams designs and must try to break their security. One method that we were interested in trying was a differential power analysis side channel attack on an AES implementation. As our focus has been on completing our own design, we have not worked on attack strategies beyond brainstorming. So, we decided to make DPA SCA our RevUC project.

What it does

DPA is a type of SCA that analyzes power consumption to determine a secret key. This works because more power is used when transitioning from 0->1 than maintaining 1, transitioning from 1->0, or maintaining 0.

How we built it

First, we installed the softwares necessary to use a ChipWhisperer we recently obtained from UC. The ChipWhisperer is a device that was specifically designed to support DPA SCAs. Once the enviornment was set up, we lifted a power pin from the Nano and soldered a shunt resistor to it so we can measure the Nano's power consumption. Then we implemented tinyAES on the Nano. Then we connected a MEASURE pin to the power tap, and read data. Finally, we adjusted aspects of the ChipWhisperer code analyze the power trace more accurately.

Challenges we ran into

Installing the appropriate softwares onto some computers.
Have never done a DPA. Have never used the ChipWhisperer. Issues writing to serial console. Issues with Nano AES accepting 16-bit keys, but ChipWhisperer sending 32-bit keys. Determining which of the three MEASURE ports was the correct pin to connect the power trace to.

Accomplishments that we're proud of

Lifting a pin from the ATmega chip, and soldering it to the shut resistor without breaking the pin or soldering to multiple pins. Determining the appropriate MEASURE pin to connect the power trace to correctly with no helpful documentation.

What we learned

We learned the basics of how to use the ChipWhisperer and are beginning to understand how to debug it.

What's next for DPA SCA on AES on Arduino Nano

Using it in our competition to retrieve secret keys from competitor's designs.

Built With

Share this project: