International Association
for Cryptologic Research

Side Channel Attacks (SCA) using power measurements are a known method of breaking cryptographic algorithms such as AES. Published research into attacks on AES frequently target only AES-128, and often target only the core Electronic Code-Book (ECB) version, without discussing surrounding issues such as triggering, along with breaking the initialization vector.

This paper demonstrates a complete attack on a secure bootloader, where the firmware files have been encrypted with AES-256-CBC. A Correlation Power Analysis (CPA) attack is performed on AES-256 to recover the complete 32-byte key, and a CPA attack is also used to attempt recovery of the initialization vector (IV).

The attack on the IV demonstrates a CPA attack against a single XOR operation, which has relevance to cryptographic functions beyond AES.