Berkner Tech

Berkner Tech Modern Hardware Security

Power Side-Channel Analysis With ChipWhisperer

Power side-channel analysis pipeline with ChipWhisperer, from instrumenting the chip to recovering an AES key

A microcontroller draws slightly different power depending on the data it processes. Capture enough of those tiny variations while it runs AES and you can reconstruct the key without ever touching it on a bus. Power side-channel analysis with a tool like ChipWhisperer turns that leakage into a recovered secret. Here is how it works and how chips defend against it.

Why Power Leaks Secrets

Switching a bit from 0 to 1 costs a measurable amount of power. When a cryptographic operation processes secret data, the power trace carries a faint imprint of that data. Average away the noise over many runs and the imprint becomes a signal you can attack.

Step 1: Capture Traces

With the target wired to a capture board, record a power trace for each encryption while feeding it known plaintexts:

import chipwhisperer as cw
scope = cw.scope(); target = cw.target(scope)
trace = cw.capture_trace(scope, target, plaintext, key)
Example output
Connected to ChipWhisperer-Lite (CW1173)
Captured 5000 traces, 5000 samples each
Trace array shape: (5000, 5000)

Step 2: Recover the Key

A correlation power analysis attack predicts the power for every possible value of each key byte and keeps the guess that best matches the measured traces:

Anatomy of a correlation power analysis attack recovering an AES key byte by byte
attack = cw.analyzer.cpa(project)
results = attack.run()
Example output
Subkey  KGuess  Correlation
  0      0x2B    0.913
  1      0x7E    0.901
...
Best Key Guess: 2B 7E 15 16 28 AE D2 A6 AB F7 15 88 09 CF 4F 3C

That recovered string is the AES key, pulled out of nothing but power measurements. Software crypto with no countermeasures gives it up directly.

Three Things Power Analysis Breaks

Side-channel attacks reach more than just AES:

Three targets for power side-channel analysis: AES keys, PIN comparisons, and RSA private keys

Defending Against Side Channels

Use constant-time implementations so execution does not depend on secret data, add masking so the intermediate values an attacker models are randomized, and choose hardware crypto accelerators designed with side-channel countermeasures. For high-value keys, assume a determined attacker has physical access and a capture rig.

Where This Fits

Side-channel evaluation, confirming whether a product’s crypto leaks under power analysis, is part of a hardware-focused product security assessment. That lab work is the kind of work we do at Berkner Tech.

References and Further Reading