Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

ChipWhisperer

posted by janrinok on Saturday March 22 2014, @05:52PM   Printer-friendly
from the for-good-or-evil-which-will-we-choose dept.
Software

An anonymous coward writes:

"ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research. (PDF)

Partial quote from 1st page (1/18):

'This paper introduces a complete side channel analysis toolbox inclusive of the analog capture hardware, target device, capture software, and analysis software. The highly modular design allows use of the hardware and software with a variety of existing systems. The hardware uses a synchronous capture method which greatly reduces the required sample rate, while also reducing the data storage requirement and improving synchronization of traces. The synchronous nature of the hardware lends itself to fault injection, and a module to generate glitches of programmable width is also provided. The entire design (hardware and software) is open-source, and maintained in a publicly available repository. Several long example capture traces are provided for researchers looking to evaluate standard cryptographic implementations.'"

[Ed's Note: If you haven't already got a PDF reader built-in to your browser, the submitter suggests the following link: http://view.samurajdata.se/. I do not take any responsibility for this software.]

This discussion has been archived. No new comments can be posted.
ChipWhisperer | Log In/Create an Account | Top | 2 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by Schafer2 on Saturday March 22 2014, @11:59PM

    by Schafer2 (348) on Saturday March 22 2014, @11:59PM (#19842)
    The summary made no sense to me (due to my ignorance). This is about getting extra "side channel" information when performing cryptographic attacks on embedded systems. That "side channel" information is gathered via indirect means such as electromagnetic radiation and power fluctuation analysis, as well as by injecting glitches and monitoring the response. The "encrypted system" can be something as simple as a smart card.

    Proper research benefits greatly from a standard reference target. This has been recognized in the past. [aist.go.jp] The authors have developed an enhanced, open-source system to act as both sides (or just one side) of such attacks, inclusive of monitoring. This should greatly enhance repeatability. They also include a GUI-driven app.

    One might find this teaser [youtube.com] or this 2-hour presentation [youtube.com] by one of the authors more informative.

    • (Score: 1) by Schafer2 on Sunday March 23 2014, @12:05AM

      by Schafer2 (348) on Sunday March 23 2014, @12:05AM (#19843)
      Doh! I neglected to change the title from "Tempest", which I originally thought this was about but is not. TEMPEST [wikipedia.org] was the NSA program to monitor systems via similar indirect means (and to protect systems from such monitoring). However, this was more often about getting a view of the monitor and keystrokes of a system via an antenna situated nearby, and not about gaining side information for cryptographic attacks.