Hi,
I’m new to side-channel attacks and I’m trying to develop a countermeasure based on integrated voltage regulators as shown in the following image.
My expected test setup consists of a hardware-based AES engine powered by an integrated voltage regulator (either switching buck converter or linear regulator), and the power trace of the voltage regulator is to be used for correlational power analysis.
My main challenge right now is to come up with the measurement setup (as the integrated voltage regulator has been fabricated on a separate PCB).
My question is, would it possible to use chipwhisperer resources to perform power analysis on an AES engine running on one of the boards from NewAE powered by an external power source (voltage regulator)?
In addition, I’d need to perform post-signal processing such as bandpass filtering and time alignment for the measured power traces. Does ChipWhisperer offer these kind of post-signal processing functions?
There are probably several ways to do that. The CW-lite powers its target with 3.3V on the 20-pin connector; you could feed your power source to the target on this line. The CW308 UFO optionally accepts an external 5V source, but it’s conditioned before reaching the target. You can look over all the schematics on github to see what works best for your case.
ChipWhisperer has some post-processing support, see here for trace alignment. The open Python environment makes it pretty easy for you to add your own processing to the traces.
Finally if you haven’t already, have a look at these notes on overcoming internal voltage regulators in side-channel attacks.
Hi,
I think I am doing the similar test on my AES Hardware, but using CW308 + CW-Lite which may be easier than the previous question.
I would like to ask that if I have two power domain, 3.3V and 0.9V, which are one for IO power and one for core power.
The source of 3.3V will chose CW which passes through 3.3V LDO and the source of 0.9V from external power supply.
The “core” voltage supply for the device should first be fed through the on-board filter. This is accomplished by feeding the desired voltage (for example a 1.8V supply) into the “FILT” pin (pin C8).
What is C8 here? Is the pin on J13-FILT? Does it mean I need connect the 0.9V power source to J13-FILT?
The output of the filter will be present on the FILT_LP and FILT_HP pins. You can then feed this through your shunt resistor, and finally to the core voltage of the device being measured.
Does it mean I just need to connect J11/13-FILT_LP or J11/13-FILT_HP to my CHIP pin and about J14, filter input set by FILT Pin from Victim Board?
If I want to perform the CPA on 0.9V power domain, I need to also connect to VREF and jumper J4.
