Tutorials

This page covers all the tutorials currently available in the latest version of ChipWhisperer. These tutorials are all in the form of Jupyter notebooks with the output generated to follow along.

Note

If you are not yet sure how to start a Jupyter Notebook server, and want to follow along with the tutorials in your own notebook read the Starting page (it contains recommend reading). If you just want to check out the tutorials continue on.

You may notice that the page style does not look like your jupyter notebook. This is to keep the page style consistent on this website. The structure is equivalent. You can identify the jupyter notebooks inputs and outputs by the same In []: and Out []: as in the jupyter notebook.

_images/comparison.png

The plots in the tutorials keep their interactivity. This allows you to zoom in and explore the traces we collected and compare with yours to help you complete the tutorials.

The tutorials have been grouped into a few different sections each providing examples of different types of side channel analysis on a target or device under test. The sidebar is convenient for quickly navigating to the tutorial of interest and it also shows the grouping of the tutorials a bit better with indents.

There are two main groups:

Power Analysis

This group contains all the tutorials related to power analysis. Recorded power consumption of a target can be used to determine information leaked by the device. This leaked information can often be used to recover the encryption key during encryption or other sensitive information during used during the targets operation. This group also contains tutorials serving as material used to supplement your understanding of power analysis.

Fault

This group contains all the tutorials related to glitching the target. Using voltage, and clock glitching to cause the target to perform unintended operations or skip operations, potentially exposing the secret, bypassing authentication or bypassing the ends of buffers to dump SRAM.

Each tutorial section on this page has links for the jupyter notebook tutorial with the output for your target. Your hardware will not have exactly the same output when you follow through with the target, however, it will be close.

See also

Actually physically connecting wires and setting up the hardware is explained on the wiki. This site only contains how to use the jupyter notebooks once all the hardware is correctly connected to the computer and extra hardware setup steps have been completed.

Power Analysis

Use the power of power measurements. Measuring the power consumption of the target during sensitive operations can allow you to determine if the target is leaking information about its sensitive operation (such as encryption). Analysis of the power consumption may allow you to recover the secret that should have been inaccessible inside the target (such as the encyption key).

This groups of tutorials also contains an introduction to the basics of using the ChipWhisperer hardware for power analysis:

Next, we have some simple power analysis containing one timing attack:

Then we move on to differential power analysis. Begin to learn how use statistics on a collection of power traces to gain insights into the targets internal operations and use this to determine the secret.

Next up, Correlation Power Analysis (CPA). A more in depth explanation of CPA can be found on the NewAE Wiki page for CPA.

Once you are a bit more comfortable with side-channel-analysis, there is a tutorial that uses CPA, DPA and SPA.

Profiling attacks use many traces of a target to build a profile and use it to break another similar target with only a few traces. You can find a more in depth explanation of template attacks at the NewAE Wiki page for Template Attacks.

Test Vector Leakage Assessment (TVLA) can be used to identify parts of the power trace that are leaking internal device information.

Introduction

Firmware Build Setup

Become familiar with the basics of the ChipWhisperer Python API and using Jupyter.

Supported Targets:

Instruction Differences

See how power traces change based on what a target is executing.

Supported Targets:

Measuring Signal To Noise Ratio of Target

See how the signal to noise ratio of power traces vary during AES.

Supported Targets:

Simple Power Analysis

Timing Analysis with Power for Password Bypass

Use simple power analysis to reveal a target’s password, byte by byte.

Supported Targets:

Differential Power Analysis

Hamming Weight Measurement

Determine the relationship between the hamming weight of an AES output value and power traces.

Supported Targets:

Large Hamming Weight Swings

See how large changes in hamming weight affect power traces.

Supported Targets:

Advanced Encryption Standard Differential Power Analysis Attack

Use a Differential Power Analysis (DPA) attack to break AES.

Supported Targets:

Correlation Power Analysis

Next up, Correlation Power Analysis (CPA). A more in depth explanation of CPA can be found on the NewAE Wiki page for CPA.

Using ChipWhisperer Analyzer for Correlation Power Analysis Attack

Use Correlation Power Analysis (CPA) and ChipWhisperer Analyzer to discover the secret key of a device running AES.

Supported Targets:

Manual Correlation Power Analysis Attack

Repeat the attack of PA_CPA_1 without using ChipWhisperer Analyzer, learning in detail about how CPA attacks work.

Supported Targets:

Resynchronizing Data Traces

Use ChipWhisperer Analyzer to break a device trying to use variable delays to disrupt a side channel attack.

Supported Targets:

Attacking 32-bit Advanced Encryption Standard

Break an AES implementation that uses 32 bit operations instead of 8 bit operations (as in the previous PA_CPA attacks). Goes into additional theory about how 32 bit AES differs from 8 bit AES.

Supported Targets:

Multiple Analysis

Breaking AES-256 Bootloader

Use CPA, DPA, and SPA attacks to reveal the secrets of a target’s AES256-CBC bootloader.

Supported Targets:

Profiling Attacks

Template Attacks with Hardware Assumption

Build up information about a target to break a similar one in only a few traces.

Supported Targets:

Test Vector Leakage Assessment

Performing TVLA Testing for Crypto Validation

Use a TVLA test to identify spots in power traces where information is being leaked.

Supported Targets:

Fault

There are multiple ways to cause a device under test or target to perform unintended operations, or skip operations. These unintended side effects (faults) can be used to skip operations, corrupt the target, perform unintended operations, etc.. The ChipWhisperer platform supports generating faults using the target’s clock, and supplied voltage; referred to as clock glitching, and voltage glitching, respectively.

The tutorials in this section explore using these features of the ChipWhisperer hardware to learn about the effect of these types of faults on target devices.

Introduction to Clock Glitch Attacks

Introduce faults in a target’s clock to skip instructions and wreak havoc.

Supported Targets:

Introduction to Vcc Glitching Attacks

Disrupt a target’s power to corrupt its calculations.

Supported Targets:

Glitch Buffer Attacks

Use clock glitching to skip past the end of a buffer and dump parts of SRAM.

Supported Targets:

AES Differential Fault Analysis Attack

Use clock glitching to introduce faults in AES calculations to recover an AES key.

Supported Targets:

RSA Fault Attack

Use clock glitching to fault RSA calculations and recover a device’s RSA key.

Supported Targets: