## Cracking the Code: the Truth Behind Power-Analysis Attacks

### By Tom Seest

## What Is A Power-Analysis Attack In Cybersecurity?

**At BestCybersecurityNews, we help entrepreneurs, solopreneurs, young learners, and seniors learn more about cybersecurity.**

**Power-analysis attacks are a type of side-channel analysis (SCA) that take advantage of physical characteristics of cryptographic devices, such as power consumption, time to perform an operation and electromagnetic emission. This attack utilizes statistical methods to examine sets of power traces in order to detect data-dependent correlations. It has proven particularly successful on tamper-resistant modules and integrated circuits that utilize cryptographic algorithms.**

## Table Of Contents

## Can Your System Withstand a Simple Power Analysis Attack?

Cybersecurity professionals employ various techniques to collect and extract key materials from devices. One such approach, simple power analysis (SPA), involves monitoring a device’s power consumption during cryptographic operations and deriving key information from those measurements.

SPA differs from other side-channel attacks in that it doesn’t necessitate the use of special tools or equipment. Instead, it relies on the fact that semiconductor devices are subject to basic physics laws; small changes in electric currents produce changes in voltage levels within the device, which can be measured with a standard oscilloscope.

Different operations have different power profiles, so SPA can help identify which function a chip is performing at any given time. For instance, multiplication consumes more power than addition due to the difference in voltage level between 1 and 0, causing more current to be drawn.

The SPA method can also be employed to detect a device’s algorithm. For instance, it could determine whether the device runs the RSA (Rivest-Shamir-Adleman) cryptographic algorithm or not, as well as identify how many rounds are in an AES-128 block cipher.

Figure 2 depicts a power trace taken from an Arduino Uno during one round of AES-128 cryptographic operation. The nadirs represent each round in the algorithm.

Another technique for collecting data and key material is differential power analysis (DPA). DPA is a type of statistical analysis that examines power consumption from cryptographic hardware devices during various cryptographic operations.

This method can be very successful at detecting cryptographic hardware flaws. Unfortunately, it requires a large number of traces to collect, which could prove challenging when multiple operations are being run simultaneously.

Correlation Power Analysis (CPA) is a statistical technique that can detect leakage in cryptographic hardware devices. Similar to direct power analysis (DPA), CPA also requires the collection of power traces from the device during cryptographic operations.

## Can Your Device Be Hacked with DPA? Discover the Power of Differential Power Analysis

Differential power analysis (DPA) is an efficient and cost-effective side-channel attack that takes advantage of variations in electrical power consumption to extract secret keys from cryptographic algorithms running on a targeted device. DPA attacks have become increasingly powerful as attackers attempt to compromise tamper-resistant devices and circumvent security protocols.

A DPA attack consists of two steps: step 1 and step 2. In step 1, we monitor the power traces generated by a cryptographic device during encryption or decryption operations associated with the algorithm. In step 2, we select an intermediate result f(d,k) to reveal part of a secret key through statistical analysis.

To perform the DPA attack, we collect measured power traces during a large sample of cryptographic operations and use a mathematical signal analysis function based on leakage modeling to regenerate the secret key.

We demonstrate that both DPA and CPA techniques are capable of deducing the full 16-byte key of AES-128 by monitoring the power consumption of an Arduino Uno which implements AddRoundKey and SubBytes steps in round 1. Results produced by using Difference of Means technique exhibit more noise than those produced using Hamming Weight Power Model approach, showing how applicable these attacks are to real world hardware.

We show that both DPA and CPA are capable of deducing a 1-byte key from AES-128 by monitoring power consumption of an Arduino Uno which only implements Squaring-only and Multiplication in round 1. Although results from the CPA attack display more noise than those obtained using DPA technique, they produce results which are easier to interpret from an analytics standpoint.

## Can Correlation Power Analysis Expose Vulnerabilities in Cybersecurity?

CPA is a statistical method designed to uncover secret keys of cryptographic algorithms by analyzing vast amounts of power traces generated when decrypting different plaintexts. These traces are then correlated with intermediate values generated by the cryptographic algorithm in order to calculate its secret key. Unfortunately, this approach has been criticized due to its computational demands and potential for large data leakage if not prevented.

One way to counter this attack is by employing masking techniques, which may be difficult on real-world devices. Power line conditioning and filtering can also help eliminate minute correlations that might make results hard to interpret. Unfortunately, these measures may not eliminate all of them completely, leaving a potential vulnerability for malicious actors who seek to compromise the security of an electronic system.

Another type of power attack is differential power analysis (DPA), which has been known to break encryption algorithms previously thought unbreakable, such as AES and DES. DPA’s advantage lies in its capacity for detecting correlations even when there is high noise present in the system – this makes for a more formidable attack than correlation power analysis, which is limited to simpler systems.

The DPA approach is similar to correlation power analysis in that it collects a set of traces and then computes the difference between their averages to determine whether there is a correlation between them. If there is no correlation, then the difference will be zero; otherwise, some non-zero number will appear if one exists. This makes the method highly sensitive when dealing with large sets of data points, enabling it to identify even minute correlations that would otherwise go undetected within larger datasets.

This article presents a new method that can perform CPA computation much faster than the original one and is particularly efficient when there are many traces. Our approach involves gathering measures by plaintext byte value and creating a profile vector indexed by that value, which then correlates with an energy consumption model vector. It allows us to achieve speedups up to x200 over traditional CPA calculations when dealing with large trace numbers.

## Can Electromagnetic Analysis Compromise Your Cybersecurity?

Electromagnetic (EM) analysis is a technique commonly employed in cybersecurity to break encryption algorithms. This technique examines the electromagnetic emissions emitted by a device and attempts to deduce the secret key by observing traces left behind by encryption.

Emissions of microwaves (EMI) are generated by both natural causes like lightning or solar flares and man-made sources like radio and TV broadcasting, radars, and microwaves. When these EMI waves reach electrical and electronic devices they can disrupt their ability to function correctly.

IEMI attacks are of grave concern as they can cause major disruption to systems, such as power transmission equipment, communications networks, or transport infrastructure. Intentional EMI attacks have become increasingly frequent in recent years.

A well-funded attacker could launch IEMI attacks simultaneously on multiple sites, resulting in a variety of negative consequences. Not only would this be disruptive but costly as well, damaging reputation and resulting in fines or compensation claims.

Due to this, many countermeasures have been designed to make electromagnetic attacks harder but not impossible. These range from logical, architectural, and physical (circuit-level) countermeasures.

To combat electromagnetic/power SCA, an inexpensive end-to-end framework is necessary to detect leakage, collect traces, and perform attacks. SCNIFFER provides this integration between scanning, trace collection, intelligent, fast localization, and attack to create a cost-effective EM SCA framework, which can be automated using a low-cost 3D printer, as shown in Figure 9b.

Power SCA attacks require less time and energy than brute force methods, which take a considerable amount of effort to crack crypto algorithms. Furthermore, these attacks are non-invasive and passive in nature – meaning the device under attack cannot be physically damaged by an attacker.

To reduce time spent collecting traces, EM SCA utilizes a bandpass filter and signal processing to isolate specific frequencies from ambient radiation and noise. The isolated signals are then analyzed using an HD/HW model in order to uncover the correct key, which then serves to unlock encrypted data.

Please share this post with your friends, family, or business associates who may encounter cybersecurity attacks.