Often located in close proximity to hostile territory, forward operating bases (FOBs) are typically used to support tactical operations. Although FOBs are routinely supported by Main Operating Bases, adverse conditions may act to temporarily delay the resupply of vital equipment.
Similarly, smaller Cooperative Security Locations (CSLs) – aka “lily pads” – face potential logistical difficulties in terms of ensuring the timely deliveries of supplies. In addition, CSL personnel may be instructed to follow strict security protocols that effectively limit both incoming and outgoing communications. It is therefore critical for warfighters to be equipped with secure electronic equipment before they are deployed to FOBs and CSLs.
As is the case with many deployed electronic systems, developers and systems integrators must take care to protect important equipment against unauthorized access in the event of a battlefield loss. Electronic communications equipment is of particular interest to those who may wish to intercept battlefield comms and should be specifically secured against attack.
As such, equipment that uses cryptography to protect the sensitive transmission of data should be capable of resisting various forms of side-channel attacks, including Simple Power Analysis (SPA) and Differential Power Analysis (DPA). These powerful, non-invasive attacks can be exploited by hostile elements to allow the unauthorized extraction of secret cryptographic keys, potentially revealing classified data.
“SPA recovers secret keys through direct observation of a device’s power consumption,” Michael Mehlberg, Senior Director of Business Development for Government Solutions at the Cryptography Research division of Rambus, explained.
“Meanwhile, DPA attacks employ statistical techniques to extract secret key information from multiple power-consumption measurements. In fact, DPA can lift secret keys in a noisy environment – even where the power consumption of the cryptographic computation is a very small fraction of the overall power consumption of a system.”
As Mehlberg emphasizes, warfighters simply cannot afford to have their mission compromised by vulnerable military equipment that quietly leaks sensitive information to enemy forces. Indeed, protecting warfighters on a 21st century battlefield requires a hardware-centric security approach to shield devices from electronic eavesdropping by implementing a variety of SPA and DPA countermeasures including adding amplitude and temporal noise, incorporating randomness and minimizing observable data-dependent variations within the side channel.
“It is most effective to thwart various side-channel attacks by starting with the core itself – ensuring that the processing components powering warfighter equipment are immune to hostile eavesdropping from the moment they roll off the production line,” Mehlberg added.
“In other words, properly securing important battlefield comms from the threats of tampering, reverse engineering and cryptanalysis requires that security be designed into the equipment itself. And while no single countermeasure can effectively secure a system against all threats, a layered approach that includes resistance against SPA and DPA attacks should be integrated into important electronic systems – enabling effective battlefield communications in a secure manner.”
It should be noted that Lt. Gen. Edward Cardon, commanding general of U.S. Army Cyber Command, recently stated that cybersecurity threats are increasing in frequency and sophistication as technological advances make it easier to wage cyber attacks.
Similarly, an article published in NextGov called for the Pentagon to build cybersecurity into its acquisition process.
“Our weapons platforms and systems are subject to potential compromise if we fail to secure them,” the article reads. “And unless and until we embed cybersecurity into system architecture and design, we are handing our adversaries – who are many and varied – an advantage that they have not earned.”