Researchers Showcase Advanced Side Channel Power Analysis Attack on Embedded Systems


News image

The Cyber Academy research team, in collaboration with Keysight, aim to showcase power analysis methods in cracking encryption keys. It will be presented live at the Cryptography conference on 21 Sept, and has a related research paper:

The work was partially funded by Data Lab Scotland, and abstract for the paper is:

This article demonstrates two fundamental techniques of power analysis, differential power analysis (DPA) and correlation power analysis (CPA), against a modern piece of hardware which is widely available to the public: the Arduino Uno microcontroller. The DPA attack we implement is referred to as the Difference of Means attack while the CPA attack is implemented by building a power model of the device using the Hamming Weight Power Model method. The cryptographic algorithm we have chosen to attack is AES-128. In particular, the AddRoundKey and SubBytes functions of this algorithm are implemented on an Arduino Uno and we demonstrate how the full 16-byte cipher key can be deduced using the two techniques by monitoring the power consumption of the device during cryptographic operations.

The results of experimentation find that both forms of attack, DPA and CPA, are viable against the Arduino Uno. However, it was found that CPA produces results which are easier to interpret from an analytical perspective. Thus, our contributions in this article is providing a side-by-side comparison on how applicable these two power analysis attack techniques are along with providing a methodol- ogy to enable readers to replicate and learn how one may perform such attacks on their own hardware.
[Read More]

Associated people

William Buchanan
Director of CDCS
+44 131 455 2759
Owen Lo
Research Fellow
+44 131 455
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.