Brian Bailey of Semiconductor Engineering has written an article that highlights the danger side-channel attacks pose to connected devices and systems.
“As the world begins to take security more seriously, it becomes evident that a device is only as secure as its weakest component. No device can be made secure by protecting against a single kind of attack,” Bailey explained. “Encryption and root of trust can add additional layers of protection. But even then, the system may not be secure.”
This is because every electronic device emits information about what it is doing, says Bailey, and that information can be used to pry open its defenses. This technique is generally referred to as a side-channel attack. Essentially, side-channel attacks, which include Simple Power Analysis (SPA) and Differential Power Analysis (DPA), can be exploited to analyze characteristics such as power, radiation and timing to infer what a system or chip is doing.
According to Bailey, a Rambus paper written by Gilbert Goodwill confirms that an unprotected AES128 algorithm running on a generic processor can be cracked with only 4 minutes of sample data collected and 10 minutes of analysis.
“When the same algorithm was implemented in an FPGA board, it increased the collection time to 50 minutes plus 12 minutes for analysis,” he noted. “Using that same board, but with a DPA-protected implementation, they were not able to crack it even after obtaining 3 hours of trace data. The statistics they collected also indicated that obtaining more traces would not enable them to crack the device.”
As Bailey points out, there are still many connected devices that have yet to be hacked.
“Lightbulbs never had to have security built into them, but they do now. Security didn’t matter until they become connected,” he added. “Now they provide a way into your network. One can only hope that more companies take hacking seriously, but early indications are that it is still an afterthought.”
As we’ve previously discussed on Rambus Press, all physical electronic systems routinely leak information about their internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys from IoT endpoints. Regardless of specific instruction set architecture (ISA), most industry security solutions on the market today can be soundly defeated by side-channel attacks. Even a simple radio is capable of gathering side-channel information by eavesdropping on frequencies emitted by electronic devices. In some cases, secret keys can be recovered from a single transaction clandestinely performed by a device several feet away.
Worryingly, millions, if not billions, of connected IoT endpoints are powered by chips that are vulnerable to side-channel attacks. Such unprotected silicon can be found in a wide range of electronic devices including wearables, medical equipment, vehicles, smart appliances and rapidly evolving smart city infrastructure. Fortunately, specific DPA countermeasure strategies can be employed to protect IoT devices and related infrastructure. These include techniques to minimize information leakage, generating noise to drown out leakage signals, the use of randomness to mask computational intermediates, algorithm and implementation obfuscation as well as the use of protocols designed to preserve secrecy even in the presence of (some) leakage.