RSA Power Analysis Side-Channel Attack - rhme2

When there is a secret key embedded in a chip and the hardware performs cryptographic operations, a lot of information can be leaked. For example, due to variations in energy consumption. In this video I want to explain what

power

analysis

is, as well as show you how I prepared an Arduino nano board to perform this

attack

. I'm sure you've heard of those stories where illegal marijuana farms are being dismantled due to unusual use of electricity. It is not typical for a private house to suddenly consume this incredible amount of electricity that requires an installation with dozens of heating lamps and air conditioning systems.

So authorities are simply abusing a secondary

channel

of

power

analysis

to find potential illegal marijuana farms. And that's basically what it's about. You can imagine that a piece of hardware, or to be more precise a chip, consumes different amounts of power depending on the operations being performed. So let's do an example. I recently made a video introducing RSA, which I recommend you watch if you haven't already. But the important part here is that if you sign a message, you're basically encrypting a message with your private key that someone with your public key can decrypt, thus verifying that it came from you, the owner of the private key.

And encryption works by exponentiation. You carry the message to the power of the private key modules n. And as a developer, you now have to implement this math; Fortunately, you've heard of a simple algorithm to perform this exponentiation. The square and multiplication method. And this is what the pseudocode looks like: The important part here is that you have a loop over each bit of the exponent. And for each bit of the exponent you square the intermediate value. But if the bit is 1 you do an additional multiplication. So if I just give you a list of square and multiplication operations like this here: Square, square, square, multiplication, square, multiplication.

You can recover the bits of the exponent that lead to these operations and therefore the secret key. So 0,0,1,1. Now you can imagine that a multiplication operation will have a different energy consumption than squaring. This is what that trace of power can look like. And you can rediscover the operations and therefore the bits. Square, multiply, square, square, multiply squared 1,0,0,1 Ok, the theory is fine. But how the hell do you actually do this? A processor can run very, very fast, for example the arduino nano runs at 16 MHz. Also, the difference in power consumption should be really small. Then you need something that can measure small variations very, very quickly.

Therefore, a digital oscilloscope seems an obvious choice. My RIGOL can capture data at up to 70Mhz, so that seems sufficient. BUT there's a problem... if you didn't sleep in physics class, you might now realize: “wait! An oscilloscope does not measure voltage and we want to measure current? The energy consumption? That does not work? Good. Ohm's law to the rescue. Ohm's law states that the current flowing through a conductor between two points is directly proportional to the voltage at the two points. I guess it's easier to understand with this formula. Current is equal to voltage divided by resistance.

Let's solve this equation for voltage, because the oscilloscope can only measure voltage. So we get that the voltage is equal to the current resistance multiplied. So when we have a fixed resistor somewhere in our circuit and we measure the voltage across it, we realize that the voltage we measure depends directly on the current. This means that when the current changes, so the device under test consumes more or less power, the voltage will change. Must change. Ohm's law tells us that. Science works...bitches. OK. So using a resistor to measure voltage, and therefore indirectly current, is called shunt resistance.

Ohm's law also tells us that the higher the value of the resistance, the greater the voltage difference we will measure. But we can't just use an arbitrary large resistor, because then the voltage drop across the resistor will be too large and will no longer be enough to power the chip. But 50 ohms or even 100 ohms might still work with the arduino. Now that we know how to measure current, where do we put the resistance? An easy solution would be to cut a USB cable and insert a resistor into the power line, but that won't work. First, we'll measure everything that draws power, including the LEDs and the other USB to Uart chip sitting there.

That's too much noise. We want to be as close to the real chip as possible. We want to insert a resistor directly into the chip's power line. So, we are going to lift the actual pin of the chip so we can insert a resistor between the chip and the PCB. Oh man, I was so nervous. First time doing this and. If I screw up, the competition will be over for me. There is no replacement board. I looked up the datasheet to be 100,000% sure I desoldered the correct pin. I even check with my multimeter to make sure the pins actually match.

And I mark it with a marker. I place it on a breadboard and use double-

side

d tape to stick the board to the workbench, so it doesn't slide. Then I take my soldering iron with a very pointed tip and another metal tool and try to push the pin up with it. Like a lever. The heat should make the solder runny and I can bend it. It actually worked better than I expected. Now that the pin is bent, I want to insert this resistor. This is really difficult to solder, it has a very awkward angle and it's all very small.

But with some flux I successfully soldered it to the pad and pin. Moment of truth. Does the device still work? Plug it in. The green LED is on. AWESOME! Then I realize that directly connecting the measuring equipment might not work as well, because the resistor has very rigid legs and you could easily break the pin or pad if you handle it carelessly. Then I add two flexible cables to each

side

. Perfect. Seems like a good setup. They measure voltage in a relative difference to each other. So for example you can put one end at GND, basically 0V and the other end AFTER the resistor.

Just for reference, I also place a probe BEFORE the resistor. In theory we should see a voltage drop across the resistor depending on the amount of current it draws. So when you overlay the two measurements, you should see a slight difference. So that's my first try. But when I look at the oscilloscope measurement, I only see noise. I would expect a lot more difference. I didn't expect to find the cryptocurrency leak part, but at least some variation in consumption. But it's all just noise and the differences are very small. What is happening? Is my resistance too small?

Let's try a different measurement setup. As I said, you measure the voltage potential between two measurement points. Therefore, no one prevents you from placing the ground part of the probe before the resistor and the probe after. In this way you must measure the voltage difference between these two points. You just have to be very, very, very careful with ground loops. If you plan to connect something that normally belongs to ground to something that is not ground, in this case basically +5V can be really dangerous. If you plan to do this, research "ground loops." Luckily I read about this before so I knew what I had to do.

I had to make sure that the device under test and the measuring device did not share commonalities. If the arduino is connected through the laptop to the same power strip as my oscilloscope, they share the same ground line. And when I then connected the oscilloscope ground to +5V, I basically created a short circuit. +5V flows directly to ground through the power strip. Boom. Something will die. Hopefully, you won't have your expensive equipment. But what you can do is run your laptop on battery power. Now there is no ground connection. So that's what I did. And then I can connect a single probe around the resistor.

I also thought it would be good to do a comparative measurement with the actual 5V, just to see if there is any difference. It could help validate if everything works. So I attach the second probe and. FUUUUUUUCK. What the hell happened? What did I do? Magical smoke escaped from the device. I panicked so much that I accidentally broke the resistor and ripped out the pin and pad. This was probably game over for me. Shit. What went wrong? I was very careful.

I didn't solder the resistor to the power input, I soldered it to a ground pin. So when I connected the other probe to +5V, I created a short between +5V and ground across the probes. FUUUUUCK. That's why I measured so much noise and garbage. There was no real signal there. How stupid am I? Well… After the initial shock and evaluating the situation, I discovered that the chip has another ground pin. So it should be totally fine. I just have to replace the destroyed diode on the other side and then solder a resistor to the correct pin.

Fuck me. But this time I learned from my mistake. Instead I soldered female wire connectors to the pin, this way I can swap around and test different resistances. Also, to make sure I didn't rip out the wires, I put a dab of hot glue on it to hold it in place and take stress off the delicate pins. Unfortunately, I don't have a suitable SMD diode on hand, so I have to solder this frankensteiner to it, but that's fine. Works. Another tip, if possible, remove as many capacitors as you can. Capacitors are like super fast little batteries.

They charge, hold the charge, and release it again if the voltage drops. This is great for smoothing out a noisy power supply, but we actually want to measure these differences. So I disconnect this capacitor destroying it. I also experimented with disconnecting others. It may make the board a little more unstable, but it should improve measurements. It later turned out that it probably wasn't necessary, but at the time I had some issues that I'll explain in the next episode, which I thought I'd fix. But yeah, this setup looks much better now. I can change resistors and now I have the correct pin.

Therefore, you should be ready to easily solve the first power analysis side

channel

challenge for embedded hardware CTF.

Watch Video & Subscribe