Jlsca tutorials

Examples on how to use Jlsca, the side channel analysis toolkit written in Julia.

Prerequisites

• Julia (1.0 is tested on most examples), https://julialang.org
• IJulia, https://github.com/JuliaLang/IJulia.jl
• Jlsca package, https://github.com/Riscure/Jlsca
• PyCall and PyPlot packages, install in julia via Pkg.add()

It all works alike on Linux, Mac, and Windows.

Here is a docker image built on top of Orka with all the prerequisites (apart from some example tracesets).

Starting IJulia's Jupyter with threading

Jlsca's incremental correlation benefits from more threads. By default Julia only has 1 thread, but you can configure this by setting environment variable JULIA_NUM_THREADS. Start the notebook like this to give Julia 2 threads:

JULIA_NUM_THREADS=2 julia -e "using IJulia; notebook()"

Trace formats

Working with any tool starts with the data formats. Jlsca natively works with trs format, originally used by Riscure Inspector, and in addition handles other formats.

• Daredevil (split binary) format. Jlsca natively supports it for both reading and writing, and includes a converter to/from trs. Whitebox example notebook below shows how to do conversion.
• ChipWhisperer project format. Examples of how to convert data from CWP to trs are below in RHme2 notebooks. In case you would like to export a trs into CWP, here is the noteboook: trs2cwp.ipynb.

DPA on SW AES implementations

These are simple examples on how to do the SCA challenges of the RHme2 embedded CTF.

• piece of SCAke - correlation power analysis attack on unprotected AES-128
• still not SCAry - linear regression analysis attack on AES-128 with a misalignment countermeasure
• SCAlate - correlation power analysis attack on AES-128 with a misalignment countermeasure

Tarballs with power traces available at https://drive.google.com/drive/folders/0B2slHLSL3nXaTFBWMUxHSkNmSTg, shasums included.

Here are the external writeups showing how to adapt examples above to do RHme3 SCA qualifier challange: [1], [2], [3]. Note that due to recent changes in Jlsca these writeups need minor adjustments to be runnable.

Second-order DPA

• Second-order DPA on the ASCAD traceset. This example almost directly applies to the Rhme-2017 Random Random Everywhere challenge that features a masked AES implementation

DPA on whitebox implementations

• RHme 2017 qualifier whitebox challenge. Traces here in the tarball.

HPC (runnig on a computing cluster)

Jlsca can be run on a cluster of Linux machines.

• HPC example tested on the Radboud University cluster

DPA on HMAC-SHA

• DPA on HMAC-SHA1 running on STM32F417 with hardware SHA accelerator. This is an advanced example. Traceset here.