The document discusses simple and low-cost hardware for performing side channel attacks. It proposes building a basic circuit using inexpensive off-the-shelf components for under $20 to perform timing analysis attacks. The document then explores more advanced hardware-based side channel techniques like power analysis, voltage glitching, and frequency glitching and discusses how these techniques have been used in real-world attacks.
6. What are Side Channel Attacks?
f(x)=y
How long does it take?
How much power does it consume?
How does it react to temperature?
How much EMI does it give off?
How does it affect g(), h(), and i()?
How is it affected by x&y?
8. What does HARDWARE buy us?
Does network latency hide sidechannels?
If not, does it obscure them?
9. What does HARDWARE buy us?
Does network latency hide sidechannels?
If not, does it obscure them?
How about software latency?
10. What does HARDWARE buy us?
Does network latency hide sidechannels?
If not, does it obscure them?
How about software latency?
Often, hardware permits observation with fixed,
deterministic latencies
11. State of the Art Approach
Expensive Scopes ($10k+)
Expensive Probes ($2k+)
Expensive software ($2k+)
Smart People ($?)
Custom software to glue it all together
26. Time is on your side...
what matches
test to test
time time increment, us
null 19.13
0 char 31.56 12.43
1 char 32.88 1.32
2 char 34.18 1.3
3 char 35.51 1.33
4 char 36.63 1.12
36. State of the Art Approach
Expensive Scopes ($10k+)
Expensive Probes ($2k+)
Expensive software ($2k+)
Smart People ($?)
Custom software to glue it all together
41. Alternate Build Options
Differential Amplifier: AD8129 vs. AD8130
Gain setting circuit: Rf=1k Ohm resistor or Rf1=10k Ohm Potentiometer
Voltage Regulator Load: R1=R2= 2.4k Ohm resistors for a dummy load
73. ● Glitching device outputs a clock
● Tie an interrupt pin to a trigger on the target
● Program a configurable software delay
● Toggle a pin tied to a pulse generator
● AND the pulse generator with your clock