Magnetic Correlation Analysis of AES

Over the past week, I have attempted to replicate my power analysis work on AES using a magnetic field / H-Field probe. Unfortunately, there is little literature on the specifics of how to do this, but I was able to do this on the ATmega target used for the original correlation analysis to achieve an extremely strong result, using only a few captures (1000):

The key to this was to maximize the signal to noise ratio of the incoming capture via probe positioning. To do this, I manually sampled the magnetic field emission while the device was on and off (not doing anything active – just powered on). Here is a sample of the magnetic field measured through an H-field probe, while the device is powered off (the time scale is ms I think, but it doesn’t matter, we only look at the average):

Contrast this to a sample of the magnetic field, while the device is on and awaiting input:

In practical terms, this was possible with the H-field probe’s “tip” approximately 25% from the top of the ATmega328p target, as follows:

I also massively oversampled, based on commentary from the NewAE forum. In this thread, there is mention of needing to phase shift the ADC of the ChipWhisperer when doing this attack. Given that I wasn’t providing the clock signal directly, I concluded that phase shifting was not applicable, and therefore, I set the sample rate to 128MS for a 16Mhz target, hoping to get enough samples it didn’t matter.

Using this setup, I was able to clearly capture the rounds of AES such that they were visually distinguishable:

(This was a pleasant surprise, given the comment around the waveform being less nice than a shunt resistor here, I was emotionally prepared to go the distance with maths alone).

Correlating these by the hamming weight of the first round post-sbox value, I was able to recover some bytes of the key, corresponding to the peaks demonstrated above. The entire key is not recovered but the success is clear: the rest is just better selection of the first round of AES… and maybe a nicer plotting tool to do this.

Perhaps the greatest success is that no new code needed to be written for this attack – everything is still at github/CreateRemoteThread/fuckshitfuck. Hooray!

May your weekend be ruthlessly productive.

About Norman

Sometimes, I write code. Occasionally, it even works.
This entry was posted in Bards, Computers, Jesting. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.