The document discusses simple and low-cost hardware for performing side channel attacks. It proposes building a basic circuit using inexpensive off-the-shelf components for under $20 to perform timing analysis attacks. The document then explores more advanced hardware-based side channel techniques like power analysis, voltage glitching, and frequency glitching and discusses how these techniques have been used in real-world attacks.

1. Simple Hardware
Sidechannel Attacks
for 10GBP or Less
44CON 2014
Joe FitzPatrick

2. What are Side Channel Attacks?
f(x)=y

3. What are Side Channel Attacks?
f(x)=y
input

4. What are Side Channel Attacks?
f(x)=y
output

5. What are Side Channel Attacks?
f(x)=y
HOW?

6. What are Side Channel Attacks?
f(x)=y
How long does it take?
How much power does it consume?
How does it react to temperature?
How much EMI does it give off?
How does it affect g(), h(), and i()?
How is it affected by x&y?

7. What does HARDWARE buy us?
Does network latency hide sidechannels?

8. What does HARDWARE buy us?
Does network latency hide sidechannels?
If not, does it obscure them?

9. What does HARDWARE buy us?
Does network latency hide sidechannels?
If not, does it obscure them?
How about software latency?

10. What does HARDWARE buy us?
Does network latency hide sidechannels?
If not, does it obscure them?
How about software latency?
Often, hardware permits observation with fixed,
deterministic latencies

11. State of the Art Approach
Expensive Scopes ($10k+)
Expensive Probes ($2k+)
Expensive software ($2k+)
Smart People ($?)
Custom software to glue it all together

12. So what’s wrong with that?
Encryption is complicated

13. So what’s wrong with that?
Encryption is complicated
Math is hard

14. So what’s wrong with that?
Encryption is complicated
Math is hard
Money is expensive

15. So what’s wrong with that?
Encryption is complicated
Math is hard
Money is expensive
Hardware SCAs seem too difficult to most people

16. My Objective?
Side Channel Attacks
for every
Man, Woman, and Child

17. My Objective?
Side Channel Attacks
that anyone can understand
and reproduce at home

18. My Objective?
Side Channel Attacks
as part of
Common Core State Standards?

19. My Target

20. My Budget

21. Simplifying Timing Attacks

22. teh codez

23. teh codez

24. Finally,
Some Hardware

25. Preparing for observation

26. Time is on your side...
what matches
test to test
time time increment, us
null 19.13
0 char 31.56 12.43
1 char 32.88 1.32
2 char 34.18 1.3
3 char 35.51 1.33
4 char 36.63 1.12

27. But what about the real world?

28. But what about the real world?

29. The 00’s called, they want their DIPs back

30. The 00’s called, they want their DIPs back

31. The LED Reach-Around Attack

32. Or just trigger the solenoid...

33. Easy Fix!

34. Or is it?

35. SIMPLE power analysis

36. State of the Art Approach
Expensive Scopes ($10k+)
Expensive Probes ($2k+)
Expensive software ($2k+)
Smart People ($?)
Custom software to glue it all together

37. “Cheapskate” approach
Colin O’Flynn - http://www.newae.com/

38. My Approach

40. Building a Board
U1 AD9200ARZ 20msps 10-bit A/D converter
U2 AD8130ARMZ differential amplifier
U3 VAT1-S5-D12-SMT 5v to +-12v converter
C1-C8 0603 SMT Capacitor .1uF
C11-16 0805 SMT Capacitor 10uF
R3 0603 SMT resistor 150 ohm
R4 0603 SMT resistor 10 ohm
Rv 0603 SMT resistor 1 ohm
Rg 0603 SMT resistor 100 ohm
Rf1 0603 SMT resistor 1k ohm
$18.50 + shipping!

41. Alternate Build Options
Differential Amplifier: AD8129 vs. AD8130
Gain setting circuit: Rf=1k Ohm resistor or Rf1=10k Ohm Potentiometer
Voltage Regulator Load: R1=R2= 2.4k Ohm resistors for a dummy load

42. Alternate Build 2
⅞” Split Key Ring
Key (load tested to 3 keys)

43. Alternate Build 3*
Fiberglass dust from filing boards
Rolled up sticker from swag bag
* not tested or recommended

44. Shunting High and Shunting Low

45. Shunting High and Shunting Low

46. Target modification
Bypass VRM & Enable clock out via fuse

48. Characterizing Instructions

49. Characterizing Instructions

50. Sources of ‘Noise’

51. Pretty Software Frontend
This slide intentionally left blank

52. Back to Lockpicking….

53. Back to Lockpicking….
Keypad
Entry Idle begins idle ends diff
1-2-3-4 2021972.5 2039705.5 17733
1-2-3-3 4574962.5 4592694.5 17732
1-2-2-2 5565872.5 5583603.5 17731
1-1-1-1 3234456 3252186 17730
5-5-5-5 7314302 7332031 17729

54. Rev 1.1

55. Rev 1.1

56. I’ll show you my O(scope)-Face

57. Future Improvements
Pretty Software
Tunable clock offset
Tuneable amplifier offset for higher gains
fix AD8129
Integrate EZ-USBFX2 and synch clock

58. But Wait!

59. There’s More!

60. Sidechannel Attacks
© 2014 Hardware Security Resources, LLC.
Non-Invasive = no hardware modification Invasive = hardware modificaiton
Passive =
observation only Simple timing analysis with an o-scope/LA
Power analysis - may require
removing decoupling capacitors
Decapping and imaging the die
Active =
simulating input
Clock shrinking/skewing
Reset pulses
Synthetic power droop
Modifying power/clock circuits
Decapping and stimulating/altering
logic and power circuits

61. For another 10GBP, can
we do some glitching?

62. Normal Operation

63. The Real Boundary...

64. Failing region

65. Optimal Condition

66. Voltage Glitching

67. Frequency Glitching

68. But when?
But how?

69. Die Datenkrake?

70. Die Datenkrake?
Zu Teuer!

71. EZ-USB FX2?

72. EZ-USB FX2?
Too Slow!

73. ● Glitching device outputs a clock
● Tie an interrupt pin to a trigger on the target
● Program a configurable software delay
● Toggle a pin tied to a pulse generator
● AND the pulse generator with your clock

74. Sidechannel Attacks in the Wild
© 2014 Hardware Security Resources, LLC.

75. Sidechannel Attacks in the Wild
Details for the fat hack
========================
On fats, the bootloader we glitch is CB, so we can run the CD we want.
cjak found that by asserting the CPU_PLL_BYPASS signal, the CPU clock is
slowed down a lot, there's a test point on the motherboard that's a
fraction of CPU speed, it's 200Mhz when the dash runs, 66.6Mhz when the
console boots, and 520Khz when that signal is asserted.
© 2014 Hardware Security Resources, LLC.
https://github.com/gligli/tools/blob/master/reset_glitch_hack/reset_glitch_hack.txt

76. Sidechannel Attacks in the Wild
- We assert CPU_PLL_BYPASS around POST code 36 (hex).
- We wait for POST 39 start (POST 39 is the memcmp between stored hash and
image hash), and start a counter.
- When that counter has reached a precise value (it's often around 62% of
entire POST 39 length), we send a 100ns pulse on CPU_RESET.
- We wait some time and then we deassert CPU_PLL_BYPASS.
- The cpu speed goes back to normal, and with a bit of luck, instead of
getting POST error AD, the boot process continues and CB runs our custom
CD.
© 2014 Hardware Security Resources, LLC.
https://github.com/gligli/tools/blob/master/reset_glitch_hack/reset_glitch_hack.txt

77. Matrix Glitcher code...

78. Back to our
test system…

80. Further implementation is still WIP
- ATMEGA328p needs to be
undervolted to work
- Needs to provide the trigger itself for
now

81. Joe FitzPatrick
@securelyfitz
Questions?
http://www.securinghardware.com