I, for One, Welcome Our New Power Analysis Overlords

Conference:  BlackHat USA 2018



The presentation discusses the use of power analysis to detect vulnerabilities in cryptographic devices and the potential for automated testing to detect flaws in hardware and software.
  • Power analysis can be used to detect vulnerabilities in cryptographic devices
  • Automated testing can detect flaws in hardware and software
  • Test vector leakage assessment is used to validate device security
  • The basic method involves trying all combinations of states in the algorithm
  • The presentation includes examples of vulnerable microcontrollers
The presenter discussed using a neural network to drive a device and compared its performance to an if-statement. They also mentioned the availability of large datasets for machine learning in this area.


Despite high-profile failures, there can be no doubt that embedded security is improving. Yet, several dark clouds loom on the horizon – including side channel attacks and fault attacks. For many, they remain vague and undefined, with complicated analysis required to understand if they are even applicable to a target of interest, yet alone how to perform the attack.This talk introduces a new open-source tool, called ChipWhisperer-Lint, that will solve at least one of these problems. It can be used with the open-source ChipWhisperer hardware to completely automate finding power analysis attacks in arbitrary devices. The initial tool supports the AES algorithm, and five microcontrollers with AES hardware acceleration (which have not been previously broken) will be demonstrated to be vulnerable to side-channel power analysis. These attacks mean products relying on their encryption to protect critical secrets could be easily compromised (such as happened with the Philips Hue attack).This tool extends Colin's previous work in making power analysis attacks accessible to every engineer with open-source hardware and software. This latest tool is a leap forward in accessibility and laziness, by removing even needing to truly understand how the attacks works. Now truly there can be no excuse for using insecure devices in your products, as finding specific side-channel power analysis vulnerabilities can be performed in a few minutes across a wide range of embedded devices.