Side-channel attacks on electronic equipment have been recorded since World War II in military and intelligence milieu. In technical literature, the power analysis side-channel attacks were first described in 1998 by Paul Kocher, an American cryptographer & scientist, in his report, Differential Power Analysis.
The power analysis attack is the easiest to mount and the most difficult to protect against. In an unprotected or insufficiently protected system, there is a variation in the power consumption used by the system performing operations that use secret encryption keys. This variation is dependent on the data being processed.
In a nutshell, during power analysis side-channel attacks, bad actors connect to the target device without breaking into it and simply record power consumption traces of the device using an oscilloscope for a few seconds to a few days during the device’s normal operations. Then, they plug the data file into statistical software, and with a sufficiently high number of collected traces they can extract the crypto key.
As soon as the perpetrators find the secret key, they may be able to take full control of the device or even all similar devices that have been produced using the same key. It is usually cost prohibitive for manufacturers to embed unique private keys into each of their devices. As a rule, there is only one crypto key called the Global Secure Key (GSK) used in all units of the same product, and commonly used in all units of all products made by the same manufacturer. Therefore, a successful side-channel attack can lead to the complete takeover of all the manufacturer’s devices. If the IoT / IIoT devices are linked into a network, the attacker may be able to obtain a complete takeover of the network as well.
Bad actors who take possession of the Global Secret Key, can manage devices at will, and even simple operations such as turning devices on and off can cause significant damage (as in electric grids, nuclear plants, military, critical medical equipment, connected vehicles, etc.). Perpetrators can launch an immediate attack or a delayed attack targeting critical infrastructure for terror purposes, commercial gains, political warfare, or intelligence acquisition, in a specific location or anywhere in the world where these devices are in operation.
This is a guest post by FortifyIQ, read more here: https://www.fortifyiq.com/ and here: https://anysilicon.com/vendors/fortifyiq/