Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA)

Abstract

This article demonstrates two fundamental techniques of power analysis, differential power analysis (DPA) and correlation power analysis (CPA), against a modern piece of hardware which is widely available to the public: the Arduino Uno microcontroller. The DPA attack we implement is referred to as the Difference of Means attack while the CPA attack is implemented by building a power model of the device using the Hamming Weight Power Model method. The cryptographic algorithm we have chosen to attack is AES-128. In particular, the AddRoundKey and SubBytes functions of this algorithm are implemented on an Arduino Uno and we demonstrate how the full 16-byte cipher key can be deduced using the two techniques by monitoring the power consumption of the device during cryptographic operations. The results of experimentation find that both forms of attack, DPA and CPA, are viable against the Arduino Uno. However, it was found that CPA produces results which are easier to interpret from an analytical perspective. Thus, our contributions in this article is providing a side-by-side comparison on how applicable these two power analysis attack techniques are along with providing a methodology to enable readers to replicate and learn how one may perform such attacks on their own hardware.