458
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
no edit summary
Note that unlike the previous attack, we will require ''two'' acquisition campaigns. We must first create a template, which means we'll need a system which we control (or at least know the key for). In real life this would typically mean using another copy of the protected device; e.g. you have a protected device, but you buy another copy which you control. We use the copy we control to characterize the leakage, before applying what we have learned onto the real device with an unknown key.
== Setting up the Hardware and Software ==
== Capturing the Traces ==
<li>Change the number of traces to be ''1000'': more traces are needed to form the profile. In this case 1000 is a very small capture, however for this unprotected implementation will be sufficient. An interesting experiment is to see how using more or less traces impacts your templates!</li>
<li>Hit the ''Capture Many'' button (M in a green triangle) to start the capture process. You will see each new trace plotted in the waveform display. Once the capture is complete, save the project file again.</li>
=== Capturing the Attack Traces ===
# Follow steps 1Make a new project (File-3 of the previous section>New). Leave the ''Key/Text Pattern'' as default, where # Change the encryption key is to fixed and the plaintext is random.
# Save the project now in the same directory as the <code>.cwp</code> file from the previous section, giving it a name indicating the key is '''fixed''' and text is '''random'''. For example you could call it <code>tut_fixedkey_randplain.cwp</code>, again saving it in the same directory as the previous file.
# Change the number of traces to be ''20'': by comparison the profiling attack will require less attack traces compared to the CPA attack.
# Hit the ''Capture Many'' button (M in a green triangle) to start the capture process. You will see each new trace plotted in the waveform display. Once the capture is complete, save the project file again.
# Exit the capture application, again being sure to first save the project.
== Generating the Template ==
<li>Open the Analyzer software</li>
<li>From the ''File --> Open Project'' option, navigate to the <code>tut_randkey_randplain.cwp</code> file you save previously. Open this file, ensure it is the file corresponding with the '''randomly changing encryption key'''!</li>
<li>Open the ''Trace Explorer'' by selecting tab and Enable it from the ''Tools'' menu.</li><li><p>Change the "Comparison Mode" to "Sum of Absolute Difference", the ''Partition Mode'' to ''HW AES Intermediate'', and select the ''Auto-Save Data to Project'' option:</p>
<p>[[File:traceexplorer1.png|image]]</p></li>
<li><p>Hit the ''Display'' button, and then select ''All On''. This displays the differences between the various groups of Hamming Weight (HW) values:</p>
</blockquote>
<ol start="7" style="list-style-type: decimal;">
<li>Close Disable the Trace Explorer window.</li>
<li><p>Change the attack module to ''Profiling'':</p>
<p>[[File:selectprofiling.png|image]]</p></li>
<li><p>Go to the ''Template Generation'' sectionin the Attack tab, and ensure you select the appropriate trace range (0-999 in this example). Select the ''TraceExplorer Table'' as the POI source, since we had just populated this with a valid POI data. Notice that if you view the analysis script it will list the poi you selected, if not hit the ''Read POI'' button:</p>
<p>[[File:templategeneration.png|image]]</p></li>
<li>Click the ''Generate Templates'' button. This will dynamically load and run the <code>def generateTemplates(self):</code> function in the scripting window.</li>
partitiontype = PartitionHWIntermediate
filename = avr_keyrand_plainrand_1000traces_data\analysis\templates-PartitionHWIntermediate-0-999.npz</pre></li>
== Applying the Template ==
<ol style="list-style-type: decimal;">
<li>From the ''File --> Open Project'' option, navigate to the <code>tut_fixedkey_randplain.cwp</code> file you save previously. Open this file, ensure it is the file corresponding with the '''fixed encryption key'''!</li>
<li>Open the project text editor if not already open.</li>
<li><p>Append the ''Template Data'' section you copied from the previous project to your project file:</p>
<p>[[File:projecteditor_addtemplate.png|image]]</p></li>
<li>Use the ''Save Editor to Disk'' button to write these changes(and '''not the Save Project option'''). Note this assumes that both the <code>tut_fixedkey_randplain.cwp</code> and <code>tut_randkey_randplain.cwp</code> were saved in the same directory, as otherwise the reference to the template file will break!</li><li>Close the Analyzer software. Re-open the software and reload the same project file (e.g. <code>tut_fixedkey_randplain.cwp</code>), this step is needed to ensure the changes you added in are loaded into memory.</li>
<li><p>Change the attack module to ''Profiling'':</p>
<p>[[File:selectprofiling.png|image]]</p></li>
<li><p>Press the ''Attack'' button. Observe that with only a few traces you are able to determine the encryption key:</p>
<p>[[File:attack_working.png|image]]</p></li></ol>
== Links ==
{{Template:Tutorials}}
[[Category:Tutorials]]
