[Keysight Technology Thanksgiving Month Essay Contest] Breaking the Boundary: Application of Keysight Instruments in Information Security[Copy link]
Breaking Boundaries: Keysight Instruments in Information Security
The quieter you become, the more you can hear.
——from Kali Linux
1. Application in Power Bypass Analysis First, let me briefly introduce the side channel attack. Take AES as an example. AES is the abbreviation of Advanced Encryption Standard. It is a block encryption standard adopted by the US federal government and is also the de facto industrial standard for block ciphers. AES is widely used in various fields. In fact, the current mainstream processors widely include AES hardware accelerators (from CRYP in STM32, which costs a few dollars, to AES-NI in Intel CPU, which costs thousands of dollars). For such a mature cryptographic standard, the cryptographic algorithm itself is very well designed. Traditional differential analysis, linear analysis and other methods basically cannot be completed within a limited complexity. AES is safe in theory. However, even if there is an absolutely safe algorithm, it is impossible to achieve an absolutely safe system. There is a principle of universality and diversity in materialistic dialectics. The modern cryptographic system is theoretically safe in design, but it cannot replace the implementation security of the cryptographic system. Without interfering with the operation of the cryptographic chip, the attacker can observe the time, power consumption, electromagnetic radiation and other side channel leakage, and then combine the implementation of the algorithm to restore the key to achieve the so-called side channel attack. The power consumption and electromagnetic radiation can be measured with Keysight's oscilloscope to complete the side channel attack. Taking AES 256 as an example, the chip work is limited by the bit width and algorithm implementation, and the entire 256-bit key processing will not be completed at once. Just as a meal should be eaten bite by bite, data is also processed byte by byte, which provides us with a basis for byte-by-byte guessing. The side-channel analysis still focuses on the nonlinear link SubBytes as usual. The so-called nonlinear replacement function is a table lookup operation in the implementation. The output of the table lookup operation (S-box output) is the attack point. Of course, the optimization of the algorithm will merge some operations to increase the operation speed, and the attacker can be happy here. The reason is that although the optimization requires a lot of work, in fact, the final result is still a table lookup. There is no substantial difference between looking up a larger table and a smaller table in the side-channel attack. The difference between AES 128 and 256 is also the number of rounds and the key length. The table lookup operation itself has no essential change. The following picture illustrates the principle of the attack.
The figure describes two attacks. The above is a power attack, and the following is an electromagnetic attack. The principles are essentially the same. Power attacks require measuring the change in instantaneous power consumption, while electromagnetic attacks require measuring electromagnetic radiation. Because the operating voltage of the processor is basically stable, power consumption measurement can be simplified to current measurement. For current measurement, you can use Keysight's current probe, or you can use a sampling resistor to convert it into a voltage signal. For signals with one end grounded, you can directly use a passive voltage probe to measure. If it is a floating signal, you can use a differential probe. The measuring instrument requires a high time resolution and a high sampling rate (according to the sampling law, it needs to be several times the operating frequency of the processor). Using an oscilloscope is the most appropriate. The power consumption of processors under modern technology is very small, because the power consumption changes caused by signal flipping are usually very easy to be submerged in the environment and power supply noise. Electromagnetic radiation is even weaker. Although active amplifiers can be used to amplify, this usually amplifies both the signal and the noise, and the amplifier will also introduce additional noise. So, the measurement result is usually like the following figure:
Don't look carefully, it's just a bunch of noise. In someone's words: This is a metaphysics. Switch to the perspective of the engineer: This is challenging the limits of the analog signal chain. After long-term testing, the experience gained is that the selection requirements for oscilloscopes are as follows: 1. Low noise floor is required; 2. High quantization resolution is required; 3. The sampling rate cannot be low; 4. Convenient programming control. In fact, there are almost no instruments that meet the above conditions at the same time. Many research institutions make their own acquisition circuits to meet the needs. However, in fact, Deutsche's high-end oscilloscopes can also meet the requirements.
The picture shows a Keysight (formerly Agilent) S series oscilloscope (MSO-S 804A). The analog bandwidth is 8GHz and the sampling rate is 20Gsa/s. In addition, a 10-bit ADC is used. Here is a concept called the quantization bit width of the ADC. Usually, oscilloscopes are 8-bit. Currently, only big brands like Keysight have high-bit width ADCs in high-end products. On the one hand, it is because high-bandwidth and high-precision ADCs are inherently a very challenging implementation. On the other hand, the analog front end of the oscilloscope must be good enough to give full play to the advantages of 10-bit. Otherwise, the low-bit acquisition is all noise and it is meaningless. With this oscilloscope, even if you use the 8-bit mode for acquisition, the signal obtained is much better than most other 8-bit oscilloscopes. A big reason for this is that the analog front end is good enough and the noise floor is low.
Another advantage of MSO-S 804A: the operating system is a customized version of Windows 7. In addition to the beautiful wallpaper, its advantage is mainly reflected in the convenience of programming. The written program can be executed directly inside the oscilloscope without the need for additional connections. Even if it is connected to a PC, it is a connection between two Windows PCs.It is also very convenient. Finally, here is an extended interview question: "What is the number of quantization bits of the oscilloscopes commonly used in the field of electronic engineering?" 8, 10, and 12 are all qualified answers. 16 is also acceptable (some oscilloscopes have 16-bit quantization). Students who answered 32, should you go to make up for it:-) 2. Application in RF Here is an example of the analysis of the drone remote control. The first step is to determine the frequency of the remote control. The drone remote control is usually frequency hopping communication, and tracking it through software radio requires a lot of prior knowledge. It is better to connect it to the spectrum analyzer and take a look.
Using Keysight (formerly Agilent) E4445A, I estimated that the frequency should be around 2.4GHz, turned on Max Hold, and got the frequency in a short while. Use the marker function to simply make some measurements and marks. This is a remote control that communicates at a frequency of 5.8GHz.
These old instruments are no longer maintained, and even the RTC batteries are dead (as can be seen from the system date in the figure), but they are still very capable for basic measurements. Summary Keysight is truly an industry benchmark. There are countless old instruments that are stable and still working properly. They are simple and reliable. The new instruments introduce the industry's top functions and indicators, which are amazing, powerful and easy to use. PS: The new Keysight member DSOX3034T (4 channels, 350MHz, 5GSa/s) in the laboratory has capacitive touch and uses the Windows Embedded operating system. It has all-in-one instrument functions such as waveform generator, digital multimeter, counter, etc. It is another powerful tool for daily debugging.
This content is created by EEWORLD forum user x1816. If you need to reprint or use it for commercial purposes, you must obtain the author's consent and indicate the sourceIn 2018 Keysight Thanksgiving Month, an oscilloscope will be given away for free! Scan the QR code, register once, and win a prize every day during the entire working day of March! 8GHz frequency communication remote control.
These old instruments are no longer maintained, and even the RTC battery is dead (as can be seen from the system date in the figure), but they are still very capable for basic measurements. Summary Keysight is a real industry benchmark. There are countless old instruments that are stable and still working properly. They are simple and reliable. The new instruments introduce the industry's top functions and indicators, which are amazing, powerful and easy to use. PS: The new Keysight member DSOX3034T (4 channels, 350MHz, 5GSa/s) in the laboratory has capacitive touch and uses the Windows Embedded operating system. It has all-in-one instrument functions such as waveform generator, digital multimeter, counter, etc. It is another powerful tool for daily debugging.
This content is created by EEWORLD forum user x1816. If you need to reprint or use it for commercial purposes, you must obtain the author's consent and indicate the sourceIn 2018 Keysight Thanksgiving Month, an oscilloscope will be given away for free! Scan the QR code, register once, and win a prize every day during the entire working day of March! 8GHz frequency communication remote control.
These old instruments are no longer maintained, and even the RTC battery is dead (as can be seen from the system date in the figure), but they are still very capable for basic measurements. Summary Keysight is a real industry benchmark. There are countless old instruments that are stable and still working properly. They are simple and reliable. The new instruments introduce the industry's top functions and indicators, which are amazing, powerful and easy to use. PS: The new Keysight member DSOX3034T (4 channels, 350MHz, 5GSa/s) in the laboratory has capacitive touch and uses the Windows Embedded operating system. It has all-in-one instrument functions such as waveform generator, digital multimeter, counter, etc. It is another powerful tool for daily debugging.
This content is created by EEWORLD forum user x1816. If you need to reprint or use it for commercial purposes, you must obtain the author's consent and indicate the sourceIn 2018 Keysight Thanksgiving Month, an oscilloscope will be given away for free! Scan the QR code, register once, and win a prize every day during the entire working day of March!
提升卡
变色卡
千斤顶
京公网安备 11010802033920号
