Side Channel Attack (SCA) on AES — Part 1
Hello !!! after a long time postpone from Medium, I want to continue my post about SCA (it’s been delayed for 2 years 😄). In previous post, I talked about the SCA, what is SCA and the example of SCA by using Chipwhisperer Nano. And very very long time ago I also talked about AES, what is AES, how the AES algo works and how popular the algo is. And now I want to tell you how to break the AES through the Side Channel Attack on Embedded System. In this post, I also will tell you how to use Hardware Simulator that can generate power traces, so you don’t need to care about having a Hardware or an Oscilloscope setup to collect the traces !!! It’s interesting right 😃 Sooo, let’s get started…..
Requirements
1. Create Python Environment
First of all, what you need is Python. I assume you are already familiar with Python environment. It’s better to create new environment, you can use native python and create virtual env, or you can use Ananconda/Miniconda. You also can follow my environment by cloning my repository in: https://github.com/kresdev/kresca and follow this step:
- Install Python (3.12 is recommended)
- Create virtual environment: python -m venv scaenv
- Activate virtual environment(Windows): scaenv\Scripts\activate
- Install all requirements package: pip install -r requirements.txt
2. Install Rainbow Simulator
Rainbow is one of the hardware simulator based on Unicorn Engine (QEMU) developed by Ledger Donjon. Based on the GitHub page Rainbow aims to provide an easy scripting interface to loosely emulate embedded binaries, trace them to perform side-channels, and simulate fault injections. You can follow this link and install in under your python environment
3. KRESCA Module and Example 😄
To make it easy for all of you I create a Python module (mostly based on eshard-scared) and examples for SCA from collecting traces with simulator, visualize the traces, synchronization, reverse/leakage assesment, attack, an so oooon…. You can find this module and example in my github
It’s not finished yet, so this is not installable. There are some dependencies you need: matplotlib, numpy, pandas, estraces, scared, and vispy (all included in requirements.txt). You can run this module by pointing your directory to this module path. Or if you can run the module through the example folder
Generate Traces with Simulator
After finish setup the environment, the next step is generate traces with Rainbow Simulator. The AES.elf provided is based on open source Tiny AES, you can take a look to the source code and learn how it works. Ok next, to start run simulator you can go to the
kresca → Example → Simulator → AES → GenerateAES.ipynb
This is how it looks like
1. First, you must import some important library.
2. Create a rainbow simulator object. Because I compiled the AES library with Cortex M0 chip I use rainbow_cortexm as an object. Optionally, you can create your elf/hex file with different chip and use different microcontroller.
3. Create function to run AES. To run AES in TinyAES you need to run two function. First, you need to run key schedule function (parameter key). Second, you need to run ECB_indp_crypto to do encryption (parameter 1 buffer input, parameter 2 buffer output). Rainbow will generate the Hamming Weight Power Model based on register. I add some noise to make it more real 😜.
4. You can use fix key and plaintext first for testing purpose.
5. Or you can start to collect traces by making randomize plaintext. The power traces will be saved in traces list.
6. Then plot the traces with kresca visualization (Thankyou Vispy!!!). You can shift, zoom-in/out, drag the traces, hide the traces, etc. with kresca.plot (there are some secret shortcut to shift traces position and hide the traces 😝)
7. After see the traces you can collect more traces and make the complete traces file (traces point and metadata plaintext, key, ciphertext) with estraces. Optionally, you also can cut the traces sample points based on your need.
Hualaa it’s done you can continue to the next step 😍
Simple Power Analysis (SPA) on AES
After making a completed traces in ets file. The next step is to analyze it more detail. This technique name is Simple Power Analysis (SPA). With this you can find in what area your target is. First you can open the example in:
kresca → Example → AES → AES Simple Power Analysis (SPA).ipynb
1. First, same as before. You need to import some important libraries.
2. You can import the traces file from previous step by using estraces library (you also can read from different type of traces file like .trs or bin file)
3. You see open the traces with kresca.plot first or you can see the traces with matplotlib. As seen from picture above, you can find your AES contains two function first is Key Schedule and second is the main AES process.
4. If you zoom-in to the first round of AES, you will see this pattern. From the traces, you can find the repeated pattern and found the specific process like Add Round Key, Sub Bytes, Shift Rows, and Mix Column. This is what we want !!! our target will be in AES round 1 Sub Bytes !!!
Huala it’s done you already identified the target area. So now you can focus on this area only, or….. you still interested to find another area in last round? it’s up to you 😃
— So let’s go to the next part of SCA on AES, Stay Tuned and Thank You !!! —
