This work measures the performance of a synchronous sampling system attacking a modern microcontroller running a software AES implementation. This attack is characterized under four conditions: with a stable crystal-oscillator based clock, with a clock that is randomly varied between 3.9 MHz - 13 MHz, with an internal oscillator that is randomly varied between 7.2 MHz - 8.1 MHz, and with an internal oscillator that has slight random variation due to natural `drift' in the oscillator.
Traces captured with the synchronous sampling technique can be processed with a standard Differential Power Analysis (DPA) style attack in all four cases, whereas when an oscilloscope is used only the stable oscillator setup is successful. This work also develops the hardware to recover the internal clock of a device which does not have an externally available clock. It is possible to implement this scheme in software only, allowing it to work with existing oscilloscope-based test environments.Category / Keywords: implementation / side-channel analysis, acquisition, synchronization, DPA Date: received 16 May 2013, last revised 25 Feb 2014 Contact author: coflynn at newae com Available format(s): PDF | BibTeX Citation Note: Extensive updates, new capture hardware, and software-based implementation discussed Version: 20140225:184532 (All versions of this report) Short URL: ia.cr/2013/294 Discussion forum: Show discussion | Start new discussion