Power Analysis Based Side Channel Attack

Side channel attacks break the secret key of a cryptosystem using channels such as sound, heat, time and power consumption which are originally not intended to leak such information. Power analysis is a branch of side channel attacks where power consumption data is used as the side channel to attack the system. First using a device like an oscilloscope power traces are collected when the cryptographic device is doing the cryptographic operation. Then those traces are statistically analysesd using methods such as Correlation Power Analysis (CPA) to derive the secret key of the system. Being possible to break Advanced Encryption Standard (AES) in few minutes, power analysis attacks have become a serious security issue for cryptographic devices such as smart card. As the first phase of our project, we build a testbed for doing research on power analysis attacks. Since power analysis is a practical type of attack in order to do any research, a testbed is the first requirement. Our testbed includes a PIC microcontroller based cryptographic device, power measuring circuits and a digital oscilloscope in the hardware side. In software side it includes algorithms running on the microcontroller, oscilloscope automation scripts and analysis programs. We verify the functionality of the testbed by attacking AES in time less than 10 minutes. Since building a test bed is a complicated process, having a pre-built testbed would save the time of future researchers. The second phase of our project is to attack the latest cryptographic algorithm called Speck which has been released by National Security Agency (NSA) for use in embedded systems. So far, Speck has not been attacked using power analysis. In spite it has lot of differences to AES making impossible to directly use the power analysis approach used for AES, we introduce novel approaches to break Speck in less than an hour. Therefore, We practically show that even though the algorithm is very new still it is vulnerable to power analysis. The third phase of the project is to work on countermeasures. After getting familiar with the current state of art, we select few already introduced countermeasures and practically attack them on our testbed to do a comparative analysis. Meanwhile, we try to form our own countermeasures and to improve existing countermeasures. Under circuit based countermeasures, the existing idea of implementing power line filters is practically implemented and tested. We show that it is not safe enough. We try few of our own circuit based ideas as well, to evaluate how good they are as countermeasures. But unfortunately none of them are good enough. Under software based countermeasures existing methods called random instruction injection and randomly shuffling Sboxes are implemented and tested. We show that those countermeasures are good enough for their simplicity and cost. But we identify the possible threat due to the problem of generating a good seed for the pseudo random algorithm running on the microcontroller. We address this issue by using a hardware based true random generator that amplifies a random electrical signal and samples to generate a proper seed.