glitching and side-channel analysis for all · glitching and side-channel analysis for all colin...
TRANSCRIPT
![Page 1: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/1.jpg)
Glitching and Side-Channel Analysis for AllColin O’Flynn – NewAE Technology Inc.
RECON 2015 – Montreal, QC.
![Page 2: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/2.jpg)
Overview
• W.t.f is side-channel power analysis (again)
• Example: IEEE 802.15.4 Node
• Example: AES-256 Bootloader
• W.t.f. is Glitching
• Simple power glitching
![Page 3: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/3.jpg)
About Me
• PhD at Dalhousie University in Halifax, Canada (Ongoing)
• Designed open-source hardware security project (ChipWhisperer)
• Commercialization through NewAE Technology Inc.
• Previously talked at Blackhat US/EU/AD, RECON, ESC
![Page 4: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/4.jpg)
Side Channel Power Analysis
![Page 5: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/5.jpg)
Side Channel Analysis
Crypto Device
Secret Key
CiphertextPlaintext
![Page 6: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/6.jpg)
Super-Fast Side Channel
![Page 7: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/7.jpg)
Real-Life
![Page 8: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/8.jpg)
Breaking Apart
![Page 9: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/9.jpg)
Hardware Example
![Page 10: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/10.jpg)
Hackaday Prize 2014
![Page 11: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/11.jpg)
Cheap Hardware… First Ver
![Page 12: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/12.jpg)
ChipWhisperer-Lite Kickstarter
![Page 13: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/13.jpg)
Cheaper Hardware
![Page 14: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/14.jpg)
Open-Source Software
![Page 15: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/15.jpg)
Example of Power Analysis
<demo here>
![Page 16: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/16.jpg)
IEEE 802.15.4 Nodes
![Page 17: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/17.jpg)
IEEE 802.15.4
![Page 18: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/18.jpg)
Example #1: 802.15.4
http://eprint.iacr.org/2015/529
802.15.4 Node
ZigBee (ZigBee IP, ZigBee Pro, RF4CE, etc.)WirelessHARTMiWiISA100.11a6LoWPANNest WeaveJenNetThreadAtmel Lightweight MeshIEEE 802.15.5DigiMesh
![Page 19: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/19.jpg)
Hardware Setup
![Page 20: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/20.jpg)
802.15.4 Frame Format
Frame Header
Seq. Number
Dest Address (ff = Broadcast)
Source Addressing
Sec. Level.
FrameCounter Key ID
Encrypted Payload + MAC (MIC in 802.15.4 parlance) CRC-16 Goes Here
![Page 21: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/21.jpg)
802.15.4 Decoding
1. Validate headers and security options.2. Check that the received frame counter is numerically
greater than the last stored frame count.3. Look up the secret key based on message address
and/or key index.4. Decrypt the payload (and MAC if present).5. Validate the MAC (if present).6. Store the frame counter.
IEEE 802.15.4 Wireless Stack: Frame Decryption Procedure:
![Page 22: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/22.jpg)
Example #1: 802.15.4
Input to AES Block
![Page 23: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/23.jpg)
Many fixed bytes…
![Page 24: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/24.jpg)
CPA Attack Result
![Page 25: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/25.jpg)
ATMega128RFA1
![Page 26: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/26.jpg)
ATMegaRF AES Peripheral
![Page 27: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/27.jpg)
Example #2: AES-256 Bootloader
Tutorial:
http://newae.com/sidechannel/cwdocs/tutorialaes256boot.html
Paper (CCECE 2015):
https://eprint.iacr.org/2014/899.pdf
![Page 28: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/28.jpg)
Bootloader Protocol
![Page 29: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/29.jpg)
AES-256 in CBC Mode
![Page 30: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/30.jpg)
Round 14
![Page 31: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/31.jpg)
Round 13
![Page 32: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/32.jpg)
Trace View
![Page 33: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/33.jpg)
Success Rate
![Page 34: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/34.jpg)
Getting Started in Side Channel Power
• Build/buy a simple target device:
• AVR dev-board
• Arduino Uno
• PIC
• Get a scope with USB API
• Picoscope
• Most bench scopes
• Be wary of cheap off-brand scopes, sometimes USB interface is poor
• Experiment!
![Page 35: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/35.jpg)
Glitching
![Page 36: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/36.jpg)
Glitching Target
int i,j,count;
while(1){count = 0;
for (j = 0; j < 5000; j++){for (i = 0; i < 5000; i++){
count++;}
}
printf("%d %d %d\n", count, i, j);}
![Page 37: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/37.jpg)
Easy Glitching
![Page 38: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/38.jpg)
High-Precision Glitches
![Page 39: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/39.jpg)
Easy Glitching
![Page 40: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/40.jpg)
Raspberry Pi Example
![Page 41: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/41.jpg)
Raspberry Pi Example
![Page 42: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/42.jpg)
Raspberry Pi Example
![Page 43: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/43.jpg)
Glitch Tool
![Page 44: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/44.jpg)
Glitch Waveform (Raspberry Pi)
![Page 45: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/45.jpg)
Getting Started in Glitching
• Load simple code onto target
• Determine/guess sensitive power rail
• Test glitch parameters ideally with profiling code
![Page 46: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/46.jpg)
Glitching in CW-Lite
![Page 47: Glitching and Side-Channel Analysis for All · Glitching and Side-Channel Analysis for All Colin O’Flynn –NewAE Technology Inc. RECON 2015 –Montreal, QC](https://reader030.vdocuments.us/reader030/viewer/2022040917/5e91ac18bb428c6c6a0587f9/html5/thumbnails/47.jpg)
It’s fun!
Try Power Analysis and Glitching today!
ChipWhisperer Project: www.chipwhisperer.com
NewAE Technology Inc.: www.newae.com
Personal:
@colinoflynn
http://www.oflynn.com