Physical security analysis of AES implementations on 8-bit MCU and countermeasures

Embedded security is a field studying how the physical implementations of cryptosystems can weaken the integrity of their hidden secrets. Power analysis attacks are one of the most spread side-channel attacks and take advantage of a device’s power consumption to retrieve sensitive information about it. One typical countermeasure to thwart those attacks is masking, which consists in splitting the sensitive data into multiple independent shares. The objective of this master thesis is to propose a physical security analysis of different AES implementations on an 8-bit Atmel micro-controller. This work starts by describing the ChipWhisperer-Lite, the platform that was used to record all the power traces. It continues by studying an unprotected version of the AES, and shows that its execution leaks information that can be easily exploited to recover the key with some basic attacks. It then presents the implementation of several state-of-the-art software masking schemes and compares them in terms of execution time and required randomness. Finally, it analyses their practical security level, based on two different leakage detection tests and univariate attacks.