Firmware Extraction from Real IoT Devices through Power Analysis of AES

The recent growth of Internet of Things has made embedded systems an interesting target for potential attackers. Extracting the firmware of an embedded device breaks the intellectual property of the manufacturer and makes it possible to produce functionally equivalent devices at a lower price. It is thus of ultimate importance to understand the methodologies and techniques used by attackers in order to extract the firmware, so that manufacturers become aware of the implication of their design choices for what concerns the protection of their products. In this paper, we discuss some advanced techniques and methodologies that attackers use to break the security of embedded devices. We then apply these techniques and methodologies to extract the firmware from a real device. In particular, we implement a cost-effective Correlation Power Analysis (CPA) setup that allows us to discover the confidential AES key used by the microcontroller to encrypt its code and data.