Electromagnetic analysis of AES-256 on Xilinx Artix-7

University essay from Lunds universitet/Institutionen för elektro- och informationsteknik

Abstract: In this project, an electromagnetic side-channel attack has been made by exploiting the information leakage from a field programmable gate array (FPGA) and an implemented advanced encryption standard with a 256-bit key (AES-256). The FPGA-board was a Nexys-4 from Digilent with Artix-7 FPGA. The attack was partially successful. A few subkeys were successfully extracted from AES-256 with only 2000-3000 electromagnetic (EM) traces. The rest of the key guesses were ranked accordingly and presented in a chart. Three different data acquisitions were made on AES-256, and no average values were taken. Most of the previous work used an average value of 10-100 EM traces per plaintext input. In this thesis, only one plaintext per EM trace was used. The purpose of this was to simulate a real-world scenario where an attacker has access to the cryptographic device for approximately one hour. The experiments also included an electromagnetic side-channel attack on an isolated hardware area in the AES algorithm by designing only the initial round and the SubBytes operation using single 8-bit data blocks. The purpose of this attack was to make the analysis less complex and more adapted to the simulation model. Due to the parallelism in the FPGA, there was a low correlation between the key guesses and the correct key. The low correlation was expected but created obstacles when collecting data for key extraction. There was also interference from the power supply. Every time someone plugged in, e.g., a cell phone charger or a laptop charger in the neighboring rooms it made the data acquisition corrupt. The random interference made longer test runs harder to conduct. The experiment needed constant supervision to detect if an interference occurred. For future work, the side-channel attack needs more data points per EM trace, more EM traces, faster oscilloscope (or data acquisition unit), low-pass filter and an amplifier with a wider bandwidth.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)