Power trace collection from Xmega 308t board

Embedded Security Side Channel Power Analysis
1

Hello,
I am working on tutorial B5 breaking the AES straightforward. I have the following queries and would be very grateful if anybody can help me clarify those:

  1. How do I know the actual encryption key of the target board ( xmega 308t with the 308 ufo board in my case)? According to wiki the board doesn’t have the encryption key in the hardware. So, how we are proceeding in our tutorial.

  2. Can you please explain how we are collecting the power trace in terms of hardware? I want to know from which resistor we taking the measurement?

  3. What is the value of the R7 resistor in the target board? I am not getting it seeing the BOM.

FYI, my capture board is Chipwhisperer lite.

Thanks a lot for your time!

2
  1. The key is provided each time you run caputre_traces, eg:

from tqdm import tnrange
ktp = cw.ktp.Basic()

for i in tnrange(num_traces, desc='Capturing traces'):
    key, text = ktp.next()  # manual creation of a key, text pair can be substituted here
    trace = cw.capture_trace(scope, target, text, key)
    if trace is None:
        continue
    project.traces.append(trace)

key, text = ktp.next()

it gererate key and plaintext, next

trace = cw.capture_trace(scope, target, text, key)

To capture_trace you pass current key and plaintext to the target via SimpleSerial traget and measures with scope.

It means that your target CPU does not contain hardware acceleration for AES. There is no key embeded, it’s only acceleration (it makes AES faster).

  1. Open info site on wiki:
    https://wiki.newae.com/CW308T-XMEGA
    Then in schematics find B4:
    https://wiki.newae.com/images/c/c1/CW308T_XMEGA_Schematic_Page_2.png
    It’s R7!

  2. From above schematics: 51R.

1 Like
3

Thanks a lot for the quick response. This really helps a lot.