I am collecting power traces using the ChipWhisperer Lite and the capture software GUI. What exactly am I looking at? Is it showing me the current measurement or the power (I*V) measurement?
The second thing I am confused about, is how does the software know how to give me the current measurement or power measurement when all I give it is the voltage measurement through the “Measure” SMA connector? If I am doing this on a external target and I put a shunt resistor on the external target, does the ChipWhisperer software need to know the resistor value and the supply voltage of the target device?
Clarification on these questions would be greatly appreciated. I looked over the documentation on the Wiki, but I was not able to find the answers to my questions.
CW measures a voltage; depending on the target and where the measurement is taken, it may be the voltage drop across a shunt resistor, or between either side of the shunt resistor and ground (for example the CW305 wiki explains the options for that target).
The key point is that side-channel attacks don’t care about absolute power measurements; relative power differences is all that matters. This is why the value of the shunt resistor doesn’t matter to the Capture software. Correlations and statistics are the magic that makes the attacks work.
Thanks for the response Jean-Pierre. That is helpful to know.
Could you (or anyone) explain the benefits of measuring power at different locations? For example in the options below, what are the pros and cons for each measurement location and why might I choose one over the other?
Hi everyone! I’m really sorry for resurrecting this topic but I have the exact same question as @jcox, which sadly has not been replied to.
I read bunch of other similar threads (such as Understanding Power Trace). I was also looking at the schematic of the CW-Lite w/ XMEGA target (R66 is the shunt in this case, of 49.9 Ohms) and I deduced the config used should be the #2 jcox written in the above reply.
I get that one measuring terminal is placed between the shunt and the microP, but I’m not getting where’s the other one: is it placed on the other terminal of the shunt, near Vdd, (making a high-side current sensing circuit) or is it placed on GND, de facto measuring the voltage drop across the load?
Finally, since the probe is AC coupled, is there actually any difference if we measured the voltage drop across the high-side shunt or, viceversa, across the load? Do we measure on the load just to reduce the DC component as much as possible (since Vload = Vdd - VShunt), even if it is rejected by the AC coupled probe? What is the reason? Isn’t the variable Req of the load a problem for the preamp and ADC circuit?
I’m assuming a circuit like the one in this image I’m using for my thesis:
Option 2 from jcox’s post is generally preferred, though option 3 can also be used. This is because different Vcc pins on more complicated targets generally go to different parts of the chip, allowing you to avoid noisy parts of the chip that you don’t care about (VCCIO, for example). You can’t do that nearly as well with a ground shunt.
GND and the high side of the shunt resistor have almost no AC component, meaning measuring on the low side of the shunt resistor gives you the AC portion of the current consumption, which is what we care about for power analysis. If you try to measure from the high side of the shunt resistor, you’ll get almost nothing.
Hi Jean,
Could I ask some questions that may seem to be weird? You just said that the real shunt resistor voltage values doesn’t really matter.
Now suppose we capture traces using a sampling rate that is lower than the Nyquist frequency, than we expect the traces are distorted. Then, we use another sampling rate that meets the Sampling Theorem requirements; that is, maybe, we say the sampling rate is about 3 times of the Nyquist frequency. Theoretically, we could have traces that fits the real ones.
However, if we saw these two kinds of traces behave similar dynamics, for example, their spikes occur in similar timings, or they have similar jitters behavior, could we attack using the traces captured in the lower rate? Since the lower rate traces behave similar dynamics to their high rate counterparts.
Well, isn’t this what ChipWhisperer proves? ChipWhisperer samples waaaaay below the signals’ Nyquist frequency, yet side-channel attacks work. They may require more traces than a perfectly captured signal, but that is the trade-off between a CW-lite and an oscilloscope which costs many, many more times.
Hey Jean,
But what if the target operates the cryptographic primitives using its own clock? Then we could not synchronize the CW and the target with the same clock. Would the attack still succeed under this situation? Would the captured traces are still worth analyzing?
Alan.
ChipWhisperer is meant for synchronous sampling. If you have access to the target’s clock, then you can feed it to ChipWhisperer and you’re good to go.
Otherwise for the asynchronous case I’m unaware of successful attacks using a ChipWhisperer. You could try cranking up the sampling rate to the max (105 MS/s for the CW-lite and CW-pro). Or use a much more expensive scope! And as per the results of the paper in my previous post, expect to require more samples (compared to low-speed synchronous sampling).
