Skip to main content

ChipWhisperer: Open Source Hardware Security Analysis Platform

Embedded systems have historically had all sorts of interesting security holes discovered in them. You often can’t blame the engineers who designed the systems: it’s extremely difficult to keep up to date with all the latest attacks. Performing 3rd party testing can be horrendously expensive, so many companies simply ignore the more exotic attack vectors.

One such exotic attack vector is side-channel power analysis, along with glitch attacks. In power analysis, you measure the power a device consumes on each instruction, and use this information to break encryption or other security running on the device. As a very brief example see Colin’s 120 Second Demo of breaking the AES-128 system using his project. If you are interested in learning more about why this works, see his 2.5 Hour Tutorial from the CHES academic conference.

The vulnerability of systems to such attacks has been known for almost 15 years. But academics/engineers interested in learning about side-channel power analysis had only a few choices of equipment setup. The first was to use a generic oscilloscope, which would often cost $2k+ due to high speed requirements, and still required them to program the software for capture and analysis. The other was to buy a test lab setup from one of a few companies that sell them – with costs between $20k-$100k. Colin has designed a combination of hardware and software (called ChipWhisperer) that greatly simplifies the security analysis of embedded systems. It’s completely open source, and could be built for as low as $200.

The hardware he has designed is a combination of a FPGA board, high-speed ADC, variable gain amplifier, along with some clock processing and IO level translation. This hardware is used to measure the power consumption of a target device during cryptographic operations, where measurements are controlled by a Python-based GUI on the computer. Once measurements have been taken, the analysis software can be used to determine if a given system is vulnerable to side-channel power analysis. Complete details are posted at ChipWhisperer.com.

In addition, the hardware can be used for generation of clock glitches. This “clock glitching” is another possible attack vector, and the low-cost hardware makes it much easier for design engineers to validate that their systems are secure against glitch attacks. Glitch attacks cause a microcontroller to skip certain instructions, such as authentication code.

This project would be of interest to the Solid community due to the broad cross-section of skills and interests it passes. The idea of breaking cryptographic systems using power measurements often seems like magic, but relies on some basic physics and statistics. The actual measurement hardware involves a high-performance analog front-end, along with a fairly advanced FPGA project that relies on techniques such as partial reconfiguration to fine-tune the FPGA in real-time.

On the computer side, a Python-based (using PySide for a GUI) program orchestrates the hardware, along with performing the analysis algorithms. Colin has tried to also make the project as inclusive as possible: people without a certain skill such as FPGA design can use the system.

For engineers actually working on embedded designs, obviously the technical content is of great value, since they will learn about the practicality of performing side-channel power analysis. But all attendees will enjoy learning about this method of breaking systems, along with live demos of the methods.

This is a fairly complex and large project. It has been possible for Colin to dedicate significant time to this project as it’s part of his PhD studies, which also allows him to release it under an open-source license.

Colin has been interested in embedded systems from a young age – his first Circuit Cellar article was published at 16, and since then has been involved with all sorts of hardware and software design. Recently he returned to pursue a PhD at Dalhousie University in Nova Scotia, Canada, but tries not to let his academic pursuits corrupt his practical side.