ESP32-C3 Leakage Assessment
Overview
The method used here aims at assessing the leakage of the ESP32-C3
.
Here, the encryption key is expected to be known. This is not an attack, but an attempt to answer the following questions:
- Does data leak?
- Where are the leakages located?
To do so, the state array of the AES-128 encryption block using the key is computed at various points.
More specifically, this state is computed after each of the following standard operations:
For each of these 16-byte states, the power consumption of the device is modeled with a simple Hamming weight method.
This power consumption model is correlated against the measured power traces at each timestamp using a Pearson correlation coefficient.
Input Data
Power Traces
The captured data can be downloaded from here (8.73 GB).Replication of results
These traces have been captured using tools available in the esp-cpa repository. The following command can be used. poetry run measure config/capture/esp32c3.py \
esp32c3.zarr \
--gui-display # Optional
AES Key
The key flashed in the target’s fuses is available below, and can be downloaded here.
00000000: c636 c050 fc66 fd40 32b0 8c6b 0834 9342 [email protected]
00000010: 0f5a a370 00ec d68e ba01 4b90 e01d 5aa8 .Z.p......K...Z.
Results
Replication of results
The data displayed above can be locally computed using tools available in the esp-cpa repository. The following commands can be used.# Perform assessment
poetry run analyze leakage-assessment esp32c3.zarr \
config/analysis/leakage_assessment.py \
flash_encryption_key.bin leakage_esp32c3.csv
# Plot results
poetry run plot plot-leakages leakage_esp32c3.csv
Note
Because a simple Hamming weight has been chosen to model power consumption, it’s worth noting that correlation values are not altered after an operation.
Observations
Judging from the peaks observed in the correlation values, it appears that most of the internal states do leak.
That being said, the correlations peaks following the operations are arguably not as clear as the ones observed for the other operations.
Additionally, the position of these leakages does make sense, with data corresponding to each round appearing in a chronological order.
These results can be compared to the ESP32-C6
Leakage Assessment.