Anda di halaman 1dari 56

Colin OFlynn RECON 2014 Montreal, Canada

2
3
http://newae.com/sidechannel/cwdocs/
4
5
6
7
9
10
11
12
14
15
16
Assume user is encrypting a 1-byte piece of data
by XORing with a 1-byte secret key (EF), and we
cannot observe output of XOR. This becomes:

88 EF = 67

observations
5
56 EF = B9 5
32 EF = DD HW 6
6 EF = 49 3
35 EF = DA 5
17
Marking the unknowns with KK or ?:

88 KK = ?

observations
5
56 KK = ? 5
32 KK = ? HW 6
6 KK = ? 3
35 KK = ? 5
18
19
Guess KK = 0x00
88 00 = 88 2

Hypothesis
56 00 = 56 4
32 00 = 32 HW 3
6 00 = A6 4
35 00 = 35 4

20
Guess KK = 0x01
88 01 = 89 3

Hypothesis
56 01 = 57 5
32 01 = 33 HW 4
6 01 = A7 5
35 01 = 34 3

21
Guess KK = 0xEF
88 EF = 67 5

Hypothesis
56 EF = B9 5
32 EF = DD HW 6
6 EF = 49 3
35 EF = DA 5

22
23
1-Byte of Key (Subkey)

1-Byte of Input (Plaintext)

Bitwise XOR

Substitution-Box (Lookup Table)

24
26
27
28
29
30
31
32
33
35
36
38
39
40
Generate bitstreams for fixed
phase shift
256 options for each DCM
to cover -50% to +50%
2 DCMs

Generate Difference Files for


internal Partial Reconfiguration
module

http://programmablelogicinpractice.com/?p=143
41
void glitch3()
{
char inp[16];
char c;
int cnt = 0;
output_ch_0('C');

c = 'A';
while((c != '\n') & (cnt < 16)){
c = input_ch_0();
inp[cnt] = c;
cnt++;
}

char passwd[] = "touch";


char passok = 1;

trigger_high();
trigger_low();

//Simple test - doesn't check for too-long password!


for(cnt = 0; cnt < 5; cnt++){
if (inp[cnt] != passwd[cnt]){
passok = 0;
}
}

if (!passok){
output_ch_0('B');
output_ch_0('a');
output_ch_0('d');
output_ch_0('\n');
} else {
output_ch_0('W');
output_ch_0('e');
output_ch_0('l');
output_ch_0('c');
output_ch_0('o');
output_ch_0('m');
output_ch_0('e');
output_ch_0('\n');
}
}
42
43
44
45
46
48 48
49 49
50
51
ChipWhisperer.com

53
54
55
ChipWhisperer is a Trademark of NewAE Technology Inc. 56