»Practical and Affordable Side-Channel Attacks«
2018-10-18, 17:45–18:05, Europe

How to build an affordable side-channel attack setup: exploitation of electro-magnetic radiations emitted by an implementation of an AES-258 on a 8-bit microcontroller.

Since they appeared in the late 90's, side-channel attacks drew a lot of attention from the academic community, but much less from the "operational world". They were often judged as being too theoretical and solely working under unrealistic assumptions. However, almost 20 years of intensive research have passed, and the technology has evolved. What was considered as being a fantasy a few years ago is becoming more and more a practical reality. The recent events exposing the Spectre and Meltdown vulnerabilities has brought them back in the spotlight. Yet, this is only the tip of the iceberg...

In their basic working principles, side-channel attacks take advantage of "unexpected leakages of information". That is, anything that is not standard input and output, and that can reflect what is happening "within" can be considered as a side-channel. The most common examples are the power consumption, electro-magnetic radiations, timing (e.g. Spectre & Meltdown), shades of light, sound, temperature, etc. Everybody has exploited side-channels at least once in their life, probably not even knowing it. If aptly used, they can reveal secrets that hackers would not dare to imagine.

In this work, we show how modern and affordable technologies allow side-channel attacks to be practically achieved by anyone interested in the topic.

The contribution is twofold. First, we show how a complete side-channel test-bench can be built for less than 400€. For this purpose, we take advantage of a classic use-case: an AES-256 implementation running on a 8-bit platform (ATmega328P - Arduino Uno Genuino). The analysed channel is the electro-magnetic radiations emitted by the chip when it runs the algorithm. Measurements are taken with a home-made EM probe coupled with a Red Pitaya platform (for sampling). Second, we show how the 256-bit key can be recovered within seconds, using a couple of heuristics and statistics.

The goal of this work is to show hackers how side-channel can be devastating when forgotten as an attack vector. We also aim at providing them with tools such that they can experiment on their own without requiring expensive lab equipment. Finally, we hope this work will re-conciliate the academic and operational perspectives on side-channel attacks, and open new collaboration opportunities.