Learn, hack!

URL

http://events.ccc.de/congress/2009/Fahrplan/attachments/1502_dpa_slides_26c3.pdf

File name

1502_dpa_slides_26c3.pdf

File size

1.3 MB

MD5

6c2ea9fcfb23b9f41039cdfeea4e2a97

SHA1

74a609c527bd39de1d67426d8c82710e452b466b

The power consumtion of a microcontroller depends on the actual data being processed. This renders current-based side channel attacks possible: By recording and analyzing the current consumption of a microcontroller, one can recover secret keys. This can be done using Differential Power Analysis (DPA). While smartcards and other tamper resistant devices usually implement countermeasures to complicate this kind of attack, most consumer hardware isn't DPA-safe. DPA will be explained by example in this talk: A non-hardened, but conventional AES implementation running on a popular AVR microcontroller will be attacked. Real-world power data will be used for analysis. After explaining the basic idea and the way DPA works, the workflow will be described in detail along with hardware/software requirements and the measurement setup. The measurement process will be explained as well. Prior to analyzing the recorded data, necessary theoretical foundations will be shown without going too much into mathematical details. Common challenges one might encounter while mounting a DPA-attack will be presented as well as suitable approaches to cope with them. It's the intention of this talk to show that all one needs to conduct a DPA is a half-decent digital storage oscilloscope (DSO) and a bit of electronics & software knowledge.