Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Secure encryption systems against side-channel attacks

Posted: 02 Apr 2015 ?? ?Print Version ?Bookmark and Share

Keywords:Cryptography? encryption? decryption? AES-256? Hardware Security Modules?

Examples of this "side-channel" information include the time taken by the cryptographic operation, the power consumption, EM and heat emissions of the cryptographic device while computing the transform, and the like, all of which depend on the physical details of the implementation. Depending on proximity, an attacker could gather some of this side-channel information and use it to recover the secret cryptographic key. While remote attackers may only be able to get low-bandwidth information such as the approximate time taken by the cryptographic calculations, attackers in closer proximity may be able to collect much higher bandwidth channels, such as the power consumption profile or the EM emissions profile of the device.

Once an attacker has collected side-channel data for a cryptographic computation, there are two classes of attacks that can be mounted using the collected data to recover the key. The first class of attacks, known as simple side-channel analysis, recovers the secret key from the side-channel data collected during a single cryptographic transaction. Simple side-channel attacks are more commonly applicable to public-key cryptography-based systems such as RSA.

In this case, the cryptographic calculation consists of a key-dependent sequence of operations. Because each type of operation is likely to have a unique power or EM profile, examining a device's power consumption or EM emission profile while it is performing the RSA operation typically reveals the sequence of operations the device performed. The secret key can then be easily reconstructed from this operation sequence.

Attacks of the second class, known as differential side-channel analysis, are typically applicable to symmetric key based algorithms such as AES as well as in situations where the collected side-channel data is very noisy or of otherwise poor quality. This style of attack uses statistical hypothesis testing on side-channel data across multiple cryptographic transactions to recover the secret key, piece-by-piece.

The basic concept behind differential side-channel analysis is that side-channel leakage from power, EM, or timing correlates to the cryptographic activity occurring within the device. It even correlates to individual subactivities occurring in the device that depend only on small portions of the key and known data such as inputs or outputs. But other subactivities occurring within the device as well as the noise from the measurement process are all uncorrelated to the targeted subactivity.

This correlation means that an attacker can guess the value for a portion of the key and predict the resulting target subactivity for each transaction. The attacker can then use a correlation calculation between predicted subactivity and side-channel data to verify whether the key guess is correct. Incorrect key portion guesses will show no correlation between predicted subactivity and the side-channel traces, whereas the correct key guess will show a statistically significant correlation. These statistical techniques are so powerful that, with sufficient data, subactivity corresponding to a single transistor switching could be utilised for an attack.

Smart-cards and the history of side-channel attacks
Side-channel analysis was discovered in the mid-1990s, starting with timing analysis followed by analysis involving measuring instantaneous power consumption from smart-card based systems. At that time, smart-card based payment, metering, access control, and conditional access systems were the most prominent cryptographic devices operating in hostile environments where they could be readily accessed and subject to attacks by external attackers or even by their own users.

Smart cards being fairly limited devices, the power supply and clock to the smart-card were completely under the control of the attacker. Further, much of the smart-card silicon and software was devoted to cryptographic processing. As a result, even with very crude and low-cost measurement apparatus it was possible to get a clean power consumption signals from smart cards and that information was available at the individual clock cycle level.

With such clean signals, all smart-cards-based systems at that time could be easily attacked. This catastrophic security failure nearly brought down the entire smart-card industry, and in the late 1990s and early 2000s, researchers and smart-card vendors expended substantial R&D effort to implement countermeasures against these attacks. In parallel, the banking and conditional-access industry that relied upon smart-card security instituted standards and product testing regimes to ensure that these countermeasures were effective.

As a result of this tremendous investment, today's smart-cards undergo some of the most stringent testing being performed for resistance against side-channel and other physical attacks. This testing is part of mature standards, such as the Common Criterion Security IC Platform Protection Profile, and most smart-card vendors have experience fielding several generations of secure products.

The intense focus by the security community to mitigate this catastrophic threat to the smart-card industry also meant that little attention or resources were spent to analyse side-channel vulnerabilities in larger devices. At that time, there was ample justification for ignoring larger devices. In most cases, larger devices performing cryptography, such as servers or desktops or other large systems, were typically kept in physically secure locations where attackers could not collect high-bandwidth side-channels such as power consumption without being detected.

?First Page?Previous Page 1???2???3???4?Next Page?Last Page

Article Comments - Secure encryption systems against si...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top