Side-channel Attacks

February 21, 2020, anysilicon

A side-channel attack is any attack based on information gained from any physical electronic device (e.g. timing information, power consumption, electromagnetic leaks, sound, velocity of radio waves in the chip, etc.) rather than from weaknesses of the algorithms implemented in the device.


Sensitive data in hardware devices and smart cards are customarily protected with cryptographic (secret) keys considered to be safe against hackers’ intrusions. Advanced protection algorithms embedded into microchips make it practically infeasible to find the crypto key—even with the aid of today’s most advanced computational resources.


However, few people outside of the hardware security community know that side-channel attacks represent a backdoor entry into an otherwise secure chip or hardware device, bypassing its cryptographic protection. Rather than trying to crack the secret key using brute force, side-channel attacks exploit an electronic item’s intrinsic attributes, such as its reliance on electricity.


Following are the most common types of side-channel attacks:


Power Analysis. The major subset of side channel attacks is power-monitoring or power analysis attacks, namely DPA (differential power analysis), SPA (simple power analysis), and their variations, such as High-Order Differential Power Analysis (HO-DPA). In this type of attack, a bad actor measures a device’s power consumption during normal operations, tracing variations in patterns and extracting the secret keys based on these variations.


Electromagnetic. In electromagnetic attacks such as EMEA (electromagnetic emission attack) the bad actor measures the electromagnetic field in the vicinity of the device in order to extract its secret keys.


Cache. Bad actors access and monitor the cache of a shared system (via the cloud of a shared environment) used by the target victim. Then, when cryptographic keys are used, the attacker measures the timing of the calculations which is affected by cache availability and extracts the secret key by analyzing this timing information.


Timing. Attackers measure the time it takes to perform computations on a target device. Slight variations of timing may reveal the secret keys.


Sensory. Variations of sensory attacks include acoustic (measuring the noise of the target device), thermal imaging (measuring the amount of heat radiated from the target device), vibration (measuring and analyzing the device’s physical vibrations during operations), radio (measuring the velocity of radio waves inside the target device), etc.


Fault Injection. By injecting faults into the calculations using different methods, such as laser radiation, voltage spikes, too high frequency, etc., the attacker receives corrupted results. Analyzing them he can reveal the secret keys.


This is a guest post by FortifyIQ, read more here: https://www.fortifyiq.com/ and here: https://anysilicon.com/vendors/fortifyiq/

Recent Stories