Side-channel attack of multiplier


#1

Hi, I want to perform a side channel (DPA, CPA or template, not sure which is best!) of the multiply operation of the STM32F4 target, using the CW-LITE board. I am just a bit confused on how to get started. I’ve done the tutorials, but they seem very hard coded for the AES target. I want to do the same thing for the multiplication operation and figure out the operands from several traces.

So if i modify one of the ‘simple-serial’ files, I can substitute my own operation (i.e., multiply) there but then how do I ‘trigger’ it from python. I’ve been using the jupyter notebook so far and that uses specific functions such as ktp.next() to create another key,value pair. How can I do the same for the multiply operation? Hopefully someone better versed in CW will be able to give me some pointers! many thanks!


#2

Hi Karthik,

Triggering isn’t done from Python, at least not directly. In the framework that our tutorials use, Python sends the plaintext to the target. When the target receives this plaintext, the target calls the trigger_high() / trigger_low() functions, which pulses the IO4 output trigger pin that CW uses (by default) to begin the trace capture. Note that it’s crucial that the target be the one issuing the trigger: this allows tight control of the capture timing so that all traces line up perfectly; this makes attacks much easier.

Have you looked at this tutorial: PA_Intro_2-Instruction_Differences.ipynb?
It provides a very good starting point for what you’re trying to do. You don’t have to follow our framework but I think it will suit you well. Just substitute {key, plaintext} for {multiplier operand 1, multiplier operand 2}.

Have fun and good luck!

Jean-Pierre


#3

Hi Jean-Pierre,

Thank you for your quick reply! I really appreciate it!

Yes, I did try that tutorial first. So i just replaced the instructions (* and /) in that tutorial with the multiply operations I am interested in and (atleast visually) the resulting traces were quite different.

I am trying to find a way to automate this process. That’s when i noticed the subsequent tutorials allow for collecting lots of traces and performing the analysis with them as well. Thats why i was trying to modify those for my needs.

What do you suggest would be the best way for me to collect thousands of such traces for a large range of possible multiplier input values?

Thank you,
Karthik


#4

Hi Karthik,
Collecting lots of traces automatically is the easiest part of what you’re trying to do. This is the core ChipWhisperer functionality and it doesn’t really depend on the attack.
Here is an example that collects num_traces traces:

for i in tnrange(num_traces, desc='Capturing traces'):
    key, text = ktp.next()  # manual creation of a key, text pair can be substituted here
    trace = cw.capture_trace(scope, target, text, key)
    if trace is None:
        continue
    traces.append(trace)

In that example, key and text pairs are obtained by calling ktp.next() but you can generate them any way you want. The “key” and “text” labels are specific to encryption, but they can be applied to all attacks: in general, “text” is what is known to the attacker, “key” is the secret you want to retrieve with a side-channel attacks. Maybe in your application, one of the multiplier operands is the text and the other is the key? It’s up to you to define.

At a high level, your next steps are to implement the equivalent of what our tutorials do to attack AES.
You’ll want to feed a number of random inputs to your target, collect a power trace for each set of operands, define a leakage model for your attack, and use this model to conduct the attack using your collected traces.

The PA_CPA_2-Manual_CPA_Attack.ipynb tutorial breaks down the attack details for AES; use it as a guide for building the attack for your target. Make sure you completely understand this tutorial before trying to create your own multiplier attack.

Jean-Pierre


#5

Hi, thank you! That’s very close to what I’m trying right now, after your first reply. I am modifying that code to trigger the multiply operation and get traces that way. I’m just trying to figure out how to work with the simpleserial interface to do that right now.

I also did try the PA_CPA_2-Manual_CPA_Attack.ipynb tutorial so once I have the traces I’ll follow that procedure. Unfortunately, I am very new to security so I am having to learn these as I go along.

One thing that is slowing me down is having to edit code via virtualbox. is there anyway to maybe SSH into the VM? Sorry if this is a side-question. I can post it as another question if that preferable. But being able to edit/view multiple files in the VM would be great. Right now i’m stuck to a tiny 640x480 window so coding in that is quite tricky!

Thank you!


#6

There is no reason to be limited to a tiny window… If you’re using Virtualbox, then if my memory is correct, I think the guest additions are what you need to get arbitrary screen sizes.
Alternatively, install the non-VM variant of ChipWhisperer and run it natively on Windows, Linux or MacOS.

Jean-Pierre


#7

Yes, I did initially try to do the windows install. But there were some scary messages about modifying DLL files that put me off! This is my main machine and I really cant afford to lose it.

I do have a dedicated linux machine I could use instead, which is running ubuntu. If i were to do the native install there, would I still be able to use the Jupyter notebooks? The jupyter notebook does make it really easy to modify code and program it to the CW board. If I used a native linux install, would I have to switch to using my own python scripts to program things?


#8

Yes, whether VM or native, it’s still Jupyter.


#9

Got it! thank you for all your help! I’ll give the native linux install a try!