In this paper we detail techniques that can be used to analyze and attack an AES implementation on an FPGA from the primary (i.e., external) side of a switched-mode power supply. Our attack only requires measurements of the duty cycle of the power supply, and then increases the signal-to-noise ratio (SNR) though averaging, deconvolution and wavelet based detrending. The result is an exploitable source of leakage that allows a secret key to be determined from low-frequency power measurements. The techniques and procedures provide a general approach to performing differential power analysis (DPA) from a single point of information for any single hypothesized intermediate value, suggesting their potential for improving other types of side-channel analysis as well.
↧