Skip to content

Latest commit

 

History

History
85 lines (64 loc) · 6.7 KB

README.md

File metadata and controls

85 lines (64 loc) · 6.7 KB

SCRUTINY power traces analyzer

The SCRUTINY power traces analyzer was implemented as a part of a diploma thesis Forensic profiles of certified cryptographic smartcards. The tool is integrated with the SCRUTINY project [1]. The data this tool processes are power traces, which were part of the study in the bachelor's thesis [2]. The tool is implemented for anaylizing of power traces of cryptographic operations measured on smart cards and builds on the SCRUTINY power traces analyzer. Three main modules were implemented: Traces comparer, Trace classifier and CO template finder.

  • Traces comparer serves to create reference profiles of smart cards based on the measured power traces and also has functionality to compare the reference profile with newly measured profile. [Learn more]
  • Trace classifier is a module can be used to analyze power traces of unknown devices, which the user wants to classify based on the reference profiles database. [Learn more]
  • CO template finder allows user to search for information based on the repetitive patterns i.e. random number generation of 128 bits can be generated by 8 bits so it has 16 rounds of 8 bit generation. [Learn more]

Quickstart

Requirements

Java 8 (running the tool) and maven (only for building). The SCRUTINY has the requirements stated in the SCRUITNY repository.

Build of the project

The builded JAR files are available in the releases. In case you want to build the project yourself you can see the github wolkflows folder where the action for building the JAR files is defined.

The core building script executed in the base folder of the repository, the final executable JARs will be in the target folders:

mvn org.apache.maven.plugins:maven-install-plugin:2.5.2:install-file -Dfile=ScrutinyTracesComparer/libs/FastDTW-1.0.jar;
mvn -B package --file ScrutinyTracesComparer/pom.xml;
mv ScrutinyTracesComparer/testing-gui/target/testing-gui-jar-with-dependencies.jar ScrutinyTracesComparer/testing-gui/target/testing-gui.jar;
mv ScrutinyTracesComparer/console-app/target/console-app-jar-with-dependencies.jar ScrutinyTracesComparer/console-app/target/scrutiny-ptraces.jar

Test data

The repository contains the test data for each module.

Traces comparer

  1. Extract the TracesComparer_Feitian_JavaCOS_A40.zip
  2. Copy the scrutiny-ptraces.jar to the TestData folder.
  3. Execute this to create reference profile the card Feitian JavaCOS A40. The process can take ~10 minutes.
java -jar scrutiny-ptraces.jar createref -c .\TracesComparer\TracesComparer_Feitian_JavaCOS_A40\Feitian_JavaCOS_A40\config_reference.json -o .\TracesComparer\TracesComparer_Feitian_JavaCOS_A40\ReferenceProfile
  1. After creating the reference profile you can compare the measured traces of the other same or other card. At first we can check the same cards against itself. The process can take ~10 minutes.
java -jar scrutiny-ptraces.jar compare -r .\TracesComparer\TracesComparer_Feitian_JavaCOS_A40\ReferenceProfile\reference.json -n .\TracesComparer\TracesComparer_Feitian_JavaCOS_A40\Feitian_JavaCOS_A40\config_new.json
  1. In the SCRUTINY tool you have to execute verify to create contrast between the reference and new profile and project_html to generate the report. For generation of the report use the folder where the comparison result is to correctly link the images. The execution is done in the folder of the SCRUTINY.
python -u verify.py --profile ..\Scrutiny-traces-comparer\TestData\TracesComparer\TracesComparer_Feitian_JavaCOS_A40\Feitian_JavaCOS_A40\comparison_result.json --reference ..\Scrutiny-traces-comparer\TestData\TracesComparer\TracesComparer_Feitian_JavaCOS_A40\ReferenceProfile\reference.json

python -u report_html.py -v .\contrast.json -o ..\Scrutiny-traces-comparer\TestData\TracesComparer\TracesComparer_Feitian_JavaCOS_A40\Feitian_JavaCOS_A40\report.html

From the point 4 you can repeat the comparison process with Feitian JavaCOS JCAPI 3.0.4.

Trace classifier

  1. The whole process expects the existence of the reference profile. For creation of the reference profile see points 1-3 of the Traces comparer.
  2. Since, we have the reference profile of Feitian JavaCOS A40 we can extract TraceClassifier_Feitian_JavaCOS_A40.zip.
  3. Update the config.json to contain full path to the reference profile of Feitian JavaCOS A40.
  4. If you don't have scrutiny-ptraces.jar in the TestData copy it there.
  5. Run the classification process.
java -jar scrutiny-ptraces.jar classify -t .\TraceClassifier\TraceClassifier_Feitian_JavaCOS_A40\Feitian\feitian_concated_trace.csv -c .\TraceClassifier\TraceClassifier_Feitian_JavaCOS_A40\Feitian\config.json -p 0.95 -j 100
  1. Generate report from the resulting contrast.
 python -u report_html.py -v ..\Scrutiny-traces-comparer\TestData\TraceClassifier\TraceClassifier_Feitian_JavaCOS_A40\Feitian\traceclassifier_contrast.json -o ..\Scrutiny-traces-comparer\TestData\TraceClassifier\TraceClassifier_Feitian_JavaCOS_A40\Feitian\report.html

CO template finder

  1. CO template finder searches operations based on the pattern, the pattern is in the test-config.json.
  2. If you don't have scrutiny-ptraces.jar in the TestData copy it there.
  3. Execute action to finder the template of the operation.
java -jar scrutiny-ptraces.jar cotemp -t .\COTemplateFinder\COTemplateFinder_SmartCafe_6.0\SmartCafe\SmartCafe_B0.csv -c .\COTemplateFinder\COTemplateFinder_SmartCafe_6.0\SmartCafe\test-config.json -j 100
  1. Execute action to find all occurrences operation template.
java -jar scrutiny-ptraces.jar peaks -c .\COTemplateFinder\COTemplateFinder_SmartCafe_6.0\SmartCafe\cotemplatefinder_result.json -n 6 -p 0.99 -j 100

[1] NAGY, Imrich. Building open profiles of certified cryptographic devices [online]. Brno, 2021. Available from: https://is.muni.cz/th/g7q67/. Master's thesis. Masaryk University, Faculty of Informatics. Thesis supervisor Petr ŠVENDA.

[2] PODHORA, Martin. Databáze odběrových křivek kryptografických operací [online]. Brno, 2020. Available from: https://is.muni.cz/th/vbw5h/. Bachelor's thesis. Masaryk University, Faculty of Informatics. Thesis supervisor Petr ŠVENDA.