Improving side channel attack resilience for IoT devices

Abstract

Security in Internet of Things (IoT) applications is more important than ever. New devices are pushed to the market every day. The world is, and will be more connected then ever before. This thesis focus side channel resilience against a subset of side channel attacks, namely power analysis attacks. These attacks needs hardware access to the IoT device to be possible. The concept of power analysis attacks is to extract useful information through analysing power consumption. Encryption keys are typical targets.

This thesis focus on testing different hypotheses trough measurement. The ChipWhisperer platform is used for measuring different microcontrollers power consumption while encrypting different messages using the AES encryption algorithm. Different counter measures against power analysis attacks are tested, such as dis-aligning traces, executing encryption code from RAM instead of flash, using different process nodes (40 and 90 nanometer) and measuring on different power supplies or decoupling capacitors. Correlation power analysis (CPA), a type of differential power analysis (DPA), is used when analysing the captured power traces. The results obtained through experimental work shows that when the signal to noise ratio (SNR) is worsened, more power traces need to be captured in order to fully extract the used AES key. Main results are a 700\% improvement in number of traces when using MCUs with very similar architecture, moving from 90 nanometer to 40 nanometer, and how different higher clock frequencies increases the amount of useful power leakage.