This work involves hands-on experimentation by making use of Correlation Power Analysis (CPA) techniques on an Advanced Encryption Standard (AES) implementation coded in C, running on a STM32 ARM-based microcontroller. The main goal will be to study the AES algorithm and the STM32 – Nucleo Printed Circuit Board (PCB) and propose a measurement method. Then power traces will be captured with the use of an Oscilloscope. The attack will be completed by performing CPA on the captured traces.
- Task 1: Preparing the NUCLEO board for a CPA attack
- Task 2: Focusing the attack based on the maximum leakage
- Task 3: Explaination of the interface of the AES with the computer
- Task 4: Performing attack through Matlab script
- A shunt resistor to capture the power consumption. Replaced A 1-12 Ω shunt instead of C25
- Cutting all VSS paths to the ground
- Capacitors are like filters (remove them)
To trigger the oscilloscope we have used these 2 HAL library commands and we placed them in a for loop for the round choose this because here we will record the power consumption of the first round of the aes encryption thus we also get the power consumption for each round during add round key.
This function is a blocking function which blocks the cpu from the main routine until a certain amount of uart data bytes are received where here it receives 16 bytes to keyin where the cpu will be kept blocked from main until it finishes.
This function is a blocking function which blocks the cpu from the main routine until a certain amount of uart data bytes are received where here it receives 16 bytes to datain where the cpu will be kept blocked from main until it finishes.
This function is an AES encryption mode where the encryption operates on the datain as input and keyin as key and store the result as a 16 byte cipher text output in buffer.
This function is a blocking function for sending data that prevents cpu from returning to main context until timeout. Where here we are sending the cipher text stored in buffer.
In CPA attack of any cryptographic device the array of D means different data blocks, K denotes the total number of possible choices for hypothetical intermediate values, V is a matrix of size DxK which contains the intermediate results. The array H denotes the hypothetical power consumption values that we have mapped from intermediate results. This is also known as Hamming distance. R is the result of comparison between hypothetical power consumption values of each keys with recorded traces.
The number of symbols on a string that are different from the alphabet's zero-symbol is known as the hamming weight. It is comparable to the Hamming distance from the string made entirely of zeros.The quality of the hypothetical model that is utilised to predict the outcomes of the actual device is a key factor in differential power-analysis attacks.A hacker with competence in the design of cryptographic hardware, for instance, who lacks insider information, can glean plausible details about the implementation. Understanding the statistical characteristics of the algorithm being attacked can also help to develop the fictitious model. This hamming weight is one of the major characteristics of the algorithm, and that's why we think Hamming weight can be used as a hypothetical power model.
After completing the code and doing successful runs we get the key values:
Finally after all the runs we get the full Key