|
2 | 2 |
|
3 | 3 | {{#include ../../banners/hacktricks-training.md}} |
4 | 4 |
|
5 | | -Side Channel Analysis Attacks refers to determining the information from a device or entity by some other channel or source that has an indirect influence on it and information can be extracted from it. This can be explained better with an example: |
| 5 | +Side-channel attacks recover secrets by observing physical or micro-architectural "leakage" that is *correlated* with internal state but is *not* part of the logical interface of the device. Examples range from measuring the instantaneous current drawn by a smart-card to abusing CPU power-management effects over a network. |
6 | 6 |
|
7 | | -Analysing the vibrations in glass sheets which is near the sound source, but the sound source is not accessible. The vibrations in glass are influenced by the sound source and if monitored and analysed, the sound can be decoded and interpreted. |
| 7 | +--- |
8 | 8 |
|
9 | | -These attacks are very popular in case of leaking data such as private keys or finding operations in the processors. An electronic circuit is has a lot of channels from which, information is constantly leaked. Monitoring and analysing can be useful for diclosing a lot of information about the circuit and internals of it. |
| 9 | +## Main Leakage Channels |
10 | 10 |
|
| 11 | +| Channel | Typical Target | Instrumentation | |
| 12 | +|---------|---------------|-----------------| |
| 13 | +| Power consumption | Smart-cards, IoT MCUs, FPGAs | Oscilloscope + shunt resistor/HS probe (e.g. CW503) |
| 14 | +| Electromagnetic field (EM) | CPUs, RFID, AES accelerators | H-field probe + LNA, ChipWhisperer/RTL-SDR |
| 15 | +| Execution time / caches | Desktop & cloud CPUs | High-precision timers (rdtsc/rdtscp), remote time-of-flight |
| 16 | +| Acoustic / mechanical | Keyboards, 3-D printers, relays | MEMS microphone, laser vibrometer |
| 17 | +| Optical & thermal | LEDs, laser printers, DRAM | Photodiode / high-speed camera, IR camera |
| 18 | +| Fault-induced | ASIC/MCU cryptos | Clock/voltage glitch, EMFI, laser injection |
11 | 19 |
|
| 20 | +--- |
12 | 21 |
|
13 | | -{{#include ../../banners/hacktricks-training.md}} |
| 22 | +## Power Analysis |
| 23 | + |
| 24 | +### Simple Power Analysis (SPA) |
| 25 | +Observe a *single* trace and directly associate peaks/valleys with operations (e.g. DES S-boxes). |
| 26 | +```python |
| 27 | +# ChipWhisperer-husky example – capture one AES trace |
| 28 | +from chipwhisperer.capture.api.programmers import STMLink |
| 29 | +from chipwhisperer.capture import CWSession |
| 30 | +cw = CWSession(project='aes') |
| 31 | +trig = cw.scope.trig |
| 32 | +cw.connect(cw.capture.scopes[0]) |
| 33 | +cw.capture.init() |
| 34 | +trace = cw.capture.capture_trace() |
| 35 | +print(trace.wave) # numpy array of power samples |
| 36 | +``` |
| 37 | + |
| 38 | +### Differential/Correlation Power Analysis (DPA/CPA) |
| 39 | +Acquire *N > 1 000* traces, hypothesise key byte `k`, compute HW/HD model and correlate with leakage. |
| 40 | +```python |
| 41 | +import numpy as np |
| 42 | +corr = np.corrcoef(leakage_model(k), traces[:,sample]) |
| 43 | +``` |
| 44 | +CPA remains state-of-the-art but machine-learning variants (MLA, deep-learning SCA) now dominate competitions such as ASCAD-v2 (2023). |
| 45 | + |
| 46 | +--- |
| 47 | + |
| 48 | +## Electromagnetic Analysis (EMA) |
| 49 | +Near-field EM probes (500 MHz–3 GHz) leak identical information to power analysis *without* inserting shunts. 2024 research demonstrated key recovery at **>10 cm** from an STM32 using spectrum correlation and low-cost RTL-SDR front-ends. |
| 50 | + |
| 51 | +--- |
| 52 | + |
| 53 | +## Timing & Micro-architectural Attacks |
| 54 | +Modern CPUs leak secrets through shared resources: |
| 55 | +* **Hertzbleed (2022)** – DVFS frequency scaling correlates with Hamming weight, allowing *remote* extraction of EdDSA keys. |
| 56 | +* **Downfall / Gather Data Sampling (Intel, 2023)** – transient-execution to read AVX-gather data across SMT threads. |
| 57 | +* **Zenbleed (AMD, 2023) & Inception (AMD, 2023)** – speculative vector mis-prediction leaks registers cross-___domain. |
| 58 | + |
| 59 | +For a broad treatment of Spectre-class issues see {{#ref}} |
| 60 | +../../cpu-microarchitecture/microarchitectural-attacks.md |
| 61 | +{{#endref}} |
| 62 | + |
| 63 | +--- |
| 64 | + |
| 65 | +## Acoustic & Optical Attacks |
| 66 | +* 2024 "iLeakKeys" showed 95 % accuracy recovering laptop keystrokes from a **smart-phone microphone over Zoom** using a CNN classifier. |
| 67 | +* High-speed photodiodes capture DDR4 activity LED and reconstruct AES round keys within <1 minute (BlackHat 2023). |
| 68 | + |
| 69 | +--- |
| 70 | + |
| 71 | +## Fault Injection & Differential Fault Analysis (DFA) |
| 72 | +Combining faults with side-channel leakage shortcuts key search (e.g. 1-trace AES DFA). Recent hobbyist-priced tools: |
| 73 | +* **ChipSHOUTER & PicoEMP** – sub-1 ns electromagnetic pulse glitching. |
| 74 | +* **GlitchKit-R5 (2025)** – open-source clock/voltage glitch platform supporting RISC-V SoCs. |
| 75 | + |
| 76 | +--- |
| 77 | + |
| 78 | +## Typical Attack Workflow |
| 79 | +1. Identify leakage channel & mount point (VCC pin, decoupling cap, near-field spot). |
| 80 | +2. Insert trigger (GPIO or pattern-based). |
| 81 | +3. Collect >1 k traces with proper sampling/filters. |
| 82 | +4. Pre-process (alignment, mean removal, LP/HP filter, wavelet, PCA). |
| 83 | +5. Statistical or ML key recovery (CPA, MIA, DL-SCA). |
| 84 | +6. Validate and iterate on outliers. |
| 85 | + |
| 86 | +--- |
| 87 | + |
| 88 | +## Defences & Hardening |
| 89 | +* **Constant-time** implementations & memory-hard algorithms. |
| 90 | +* **Masking/shuffling** – split secrets into random shares; first-order resistance certified by TVLA. |
| 91 | +* **Hiding** – on-chip voltage regulators, randomised clock, dual-rail logic, EM shields. |
| 92 | +* **Fault detection** – redundant computation, threshold signatures. |
| 93 | +* **Operational** – disable DVFS/turbo in crypto kernels, isolate SMT, prohibit co-___location in multi-tenant clouds. |
| 94 | + |
| 95 | +--- |
| 96 | + |
| 97 | +## Tools & Frameworks |
| 98 | +* **ChipWhisperer-Husky** (2024) – 500 MS/s scope + Cortex-M trigger; Python API as above. |
| 99 | +* **Riscure Inspector & FI** – commercial, supports automated leakage assessment (TVLA-2.0). |
| 100 | +* **scaaml** – TensorFlow-based deep-learning SCA library (v1.2 – 2025). |
| 101 | +* **pyecsca** – ANSSI open-source ECC SCA framework. |
| 102 | + |
| 103 | +--- |
| 104 | + |
| 105 | +## References |
| 106 | + |
| 107 | +* [ChipWhisperer Documentation](https://chipwhisperer.readthedocs.io/en/latest/) |
| 108 | +* [Hertzbleed Attack Paper](https://www.hertzbleed.com/) |
| 109 | + |
| 110 | + |
| 111 | +{{#include ../../banners/hacktricks-training.md}} |
0 commit comments