Hardware security company NewAE Technology has designed a new monitoring and trigger tool that looks for side-channel power analysis (SCA) and fault injection (FI) vulnerabilities in USB-connected security devices. The unit monitors the USB bus, looking for specific data patterns, triggers events such as fault injections or recording power traces, and records USB data as well.
“PhyWhisperer-USB can watch the USB bus to monitor errors and other events that won’t make it into a software-only sniffer. It also generates a clock synchronized to the USB bus itself, giving perfect cycle-accurate timing and allowing very repeatable power measurements.”
Under the hood, the PhyWhisperer is outfitted with a Xilinx Spartan 7S15 FPGA, micro USB, micro USB 2.0 HS, selectable power source (USB/PC), and eight digital data pins (one clock pin routed to FPGA). The platform features a clock output of 60MHz (derived from 480MHz USB clock), a trigger pattern of 1 to 64-bytes with mask, a trigger-delay of 0 to 1048576 cycles of 240 MHz internal clock (derived from USB clock), and a USB sniffier FIFO of 8192 bytes (FPGA block RAM, adjustable depending on FPGA utilization).
On the software side, the PhyWhisperer can take advantage of the Python3 library and has Windows, Mac, Linux support, including Windows signed drivers. NewAE Technology is currently crowdfunding the PhyWhisperer-USB on Crowd Supply in kit form with pledges starting at $225, which includes the device with enclosure, MXC to BNC cable, and a pair of micro USB cables. The PhyWhisperer-USB is also open source, and NewAE has uploaded the hardware schematics, firmware, and software repository on the company’s GitHub page.