As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.

Tutorial B8 Profiling Attacks (Manual Template Attack)

From ChipWhisperer Wiki

Revision as of 11:07, 25 May 2016 by Gdeon (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

This tutorial is a more hands-on version of the previous tutorial. Rather than getting the ChipWhisperer Analyzer software to generate the points of interest and the template distributions, this tutorial will work directly with the recorded trace data in Python.

It is highly recommended that you read the theory page on Template Attacks before attempting this tutorial. There is some relatively complex processing involved, and it may be helpful to get a mathematical view on the steps before attempting to program them.

Additionally, this tutorial uses some terminology from previous tutorials, such as Hamming weight and substitution box. If you don't know what these are, Tutorial B6 Breaking AES (Manual CPA Attack) might be an easier starting point.

Contents

1 Capturing the Traces
2 Creating the Template
3 Performing the Attack
- 3.1 Loading the Traces
- 3.2 Using the Template
4 Gotchas

Capturing the Traces

Use data from previous tutorial (fixed/random key)

Creating the Template

Steps to make the template

Mention Hamming weight assumption

Loading the Traces

Sorting the Traces

Points of Interest

Covariance Matrices

Performing the Attack

Steps to crack the code (tm)

Loading the Traces

Using the Template

Gotchas

Too little data (0 or 1 trace)
Flukes + statistics

Tutorials

See Tutorial Map for important information & suggested order of completion.

Theory

Correlation Power Analysis

Template Attacks

Extending AES-128 Attacks to AES-256

Basic Tutorials

Tutorial B1 Building a SimpleSerial Project

Tutorial B2 Viewing Instruction Power Differences

Tutorial B3-1 Timing Analysis with Power for Password Bypass

Tutorial B5 Breaking AES (Straightforward)

Tutorial B6 Breaking AES (Manual CPA Attack)

Tutorial B7 Profiling Attacks (with HW Assumption)

Tutorial B11 Breaking RSA

Advanced Tutorials

Tutorial A2 Introduction to Glitch Attacks (including Glitch Explorer)

Tutorial A3 VCC Glitch Attacks

Tutorial A5 Breaking AES-256 Bootloader

Tutorial A5-Bonus Breaking AES-256 Bootloader

Tutorial A7 Glitch Buffer Attacks

Tutorial A8 32bit AES

Hardware-Specific Tutorials

Tutorial P1 Stream Mode and Advanced Triggering (CW Pro)

Tutorial CW305-1 Building a Project

Tutorial CW305-2 Breaking AES on FPGA

Tutorial CW305-3 Clock Glitching

Tutorial CW305-4 Voltage Glitching with Crowbars

Archived Tutorials (v4/v3 only)

Tutorial B3-2 Timing Analysis with Power for Attacking TSB

Tutorial B4 Testing Two Partitions of Traces

Tutorial B5-2 Breaking DES (Straightforward)

Tutorial B8 Profiling Attacks (Manual Template Attack)

Tutorial B9 The Preprocessing Modules

Tutorial B10 Using with SASEBO-W CardOS or DPA Contest v4.2

Tutorial A1 Synchronization to Communication Lines

Tutorial A4 SAD Trigger for SCA and Glitch

Tutorial A6 Replication of Ilya Kizhvatov's XMEGA® Attack

Tutorial A9 Bypassing LPC1114 Read Protect

Retrieved from "http://wiki.newae.com/index.php?title=Tutorial_B8_Profiling_Attacks_(Manual_Template_Attack)&oldid=599"