26C3 - 26C3 1.15

26th Chaos Communication Congress
Here be dragons

Day Day 4 - 2009-12-30
Room Saal2
Start time 12:45
Duration 01:00
ID 3631
Event type Lecture
Track Hacking
Language used for presentation English

Finding the key in the haystack

A practical guide to Differential Power Analysis

The power consumtion of a microcontroller depends on the actual data being processed. This renders current-based side channel attacks possible: By recording and analyzing the current consumption of a microcontroller, one can recover secret keys. This can be done using Differential Power Analysis (DPA).

While smartcards and other tamper resistant devices usually implement countermeasures to complicate this kind of attack, most consumer hardware isn't DPA-safe. DPA will be explained by example in this talk: A non-hardened, but conventional AES implementation running on a popular AVR microcontroller will be attacked. Real-world power data will be used for analysis.

After explaining the basic idea and the way DPA works, the workflow will be described in detail along with hardware/software requirements and the measurement setup. The measurement process will be explained as well. Prior to analyzing the recorded data, necessary theoretical foundations will be shown without going too much into mathematical details.

Common challenges one might encounter while mounting a DPA-attack will be presented as well as suitable approaches to cope with them. It's the intention of this talk to show that all one needs to conduct a DPA is a half-decent digital storage oscilloscope (DSO) and a bit of electronics & software knowledge.