Whip the Whisperer: Simulating Side Channel Leakage

"Discover the surprising ways AES engines leak side-channel information, and learn how to identify these weaknesses using gate-level modeling, correlation power analysis, and simulators like Skate to design more secure chips."

Key takeaways
  • Whip the Whisperer: Simulating Side Channel Leakage
  • AES engine leaks in unexpected places, not just the CPU
  • Measured leakage in 10 rounds, mostly before AES engine takes over
  • CPA (Correlation Power Analysis) used to analyze side-channel leakage
  • Masks used to mitigate leakage, but not effective enough
  • Gate-level modeling necessary to identify leakage points
  • Found leakage in ALUs and registers in the AES engine
  • 3 types of leakage: power, EM, and timing
  • Masking does not completely eliminate leakage, just shifts it
  • Countermeasures need to be designed in from the start, not as an afterthought
  • Correlation analysis can identify leakage, even with masking
  • Simulators like Skate can help design and test secure chips
  • Real-world chips are often not tested for side-channel leakage
  • AES masking is not enough to protect against side-channel attacks
  • Countermeasures should be designed to be resilient against multiple types of attacks

More talks

Encrypted File System for Rust/Android Applications by Stefan Schindler - Rust Zürisee Feb 2023

Sockets, Sparks, and Magic Smoke - Dylan Beattie - NDC London 2023

Rising to the challenge of systemic injustice

The Future of Energy - Richard Campbell - NDC Oslo 2024

I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers' Tradecraft

SAINTCON 2023 - Ivan Koshkin - The Lifecycle of Detection Engineering

Practical LLM Security: Takeaways From a Year in the Trenches

Build a Culture of Site Reliability | Brian Love and Mike Ryan from Polaris