Power Analysis Attacks Against IEEE 802.15.4 Nodes

IEEE 802.15.4 is a wireless standard used by a variety of higher-level protocols, including many used in the Internet of Things (IoT). A number of system on a chip (SoC) devices that combine a radio transceiver with a microcontroller are available for use in IEEE 802.15.4 networks. IEEE 802.15.4 supports the use of AES-CCM* for encryption and authentication of messages, and a SoC normally includes an AES accelerator for this purpose. This work measures the leakage characteristics of the AES accelerator on the Atmel ATMega128RFA1, and then demonstrates how this allows recovery of the encryption key from nodes running an IEEE 802.15.4 stack. While this work demonstrates the attack on a specific SoC, the results are also applicable to similar wireless nodes and to protocols built on top of IEEE 802.15.4.

[1]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[2]  Catherine H. Gebotys,et al.  EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA , 2005, CHES.

[3]  Matthieu Rivain,et al.  On the Exact Success Rate of Side Channel Analysis in the Gaussian Model , 2009, Selected Areas in Cryptography.

[4]  Christophe Clavier,et al.  Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest , 2014, Journal of Cryptographic Engineering.

[5]  Christof Paar,et al.  On the Portability of Side-Channel Attacks – An Analysis of the Xilinx Virtex 4 , Virtex 5 , and Spartan 6 Bitstream Encryption Mechanism – , 2011 .

[6]  Alessandro Barenghi,et al.  On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs , 2011, CCS '11.

[7]  Christof Paar,et al.  Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering , 2013, FPGA '13.

[8]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[9]  Ingrid Verbauwhede,et al.  Power Analysis of Atmel CryptoMemory - Recovering Keys from Secure EEPROMs , 2012, CT-RSA.

[10]  Christof Paar,et al.  Side-Channel Attacks on the Yubikey 2 One-Time Password Generator , 2013, RAID.

[11]  Dakshi Agrawal,et al.  Multi-channel Attacks , 2003, CHES.

[12]  François-Xavier Standaert,et al.  Stealthy Compromise of Wireless Sensor Nodes with Power Analysis Attacks , 2010, MOBILIGHT.

[13]  Ilya Kizhvatov,et al.  Side channel analysis of AVR XMEGA crypto engine , 2009, WESS '09.

[14]  David A. Wagner,et al.  Security considerations for IEEE 802.15.4 networks , 2004, WiSe '04.

[15]  Joshua Jaffe,et al.  A First-Order DPA Attack Against AES in Counter Mode with Unknown Initial Counter , 2007, CHES.

[16]  Christof Paar,et al.  Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World , 2011, CHES.

[17]  Peter E. Hart,et al.  Pattern classification and scene analysis , 1974, A Wiley-Interscience publication.

[18]  Christof Paar,et al.  Physical Security Evaluation of the Bitstream Encryption Mechanism of Altera Stratix II and Stratix III FPGAs , 2015, TRETS.

[19]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[20]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[21]  Christof Paar,et al.  When Reverse-Engineering Meets Side-Channel Analysis - Digital Lockpicking in Practice , 2013, Selected Areas in Cryptography.

[22]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[23]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[24]  Zhizhang Chen,et al.  ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research , 2014, COSADE.

[25]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[26]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[27]  Christof Paar,et al.  Black-Box Side-Channel Attacks Highlight the Importance of Countermeasures - An Analysis of the Xilinx Virtex-4 and Virtex-5 Bitstream Encryption Mechanism , 2012, CT-RSA.

[28]  D. O. North,et al.  An Analysis of the factors which determine signal/noise discrimination in pulsed-carrier systems , 1963 .

[29]  J. Massey Guessing and entropy , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[30]  Sergei Skorobogatov,et al.  Breakthrough Silicon Scanning Discovers Backdoor in Military Chip , 2012, CHES.

[31]  Jasper G. J. van Woudenberg,et al.  Improving Differential Power Analysis by Elastic Alignment , 2011, CT-RSA.

[32]  Jasper G. J. van Woudenberg,et al.  Getting More from PCA: First Results of Using Principal Component Analysis for Extensive Power Analysis , 2012, CT-RSA.

[33]  J. P. Lewis,et al.  Fast Template Matching , 2009 .

[34]  Zhizhang Chen,et al.  A Case Study of Side-Channel Analysis Using Decoupling Capacitor Power Measurement with the OpenADC , 2012, FPS.

[35]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[36]  P. Kocher,et al.  Di erential Power Analysis , 1999 .

[37]  J.A. Gutierrez,et al.  IEEE 802.15.4: a developing standard for low-power low-cost wireless personal area networks , 2001, IEEE Network.