Side-Channel Attacks - Literature review Example

? Side Channel Attacks Side Channel Attacks Introduction Security in computing and communication system has been a major concern, and a number of researches have been conducted with the aim of finding a way of addressing it. Zhou and Feng (2011) state that cryptographic algorithms, which includes among other things public key ciphers, symmetric ciphers, and hash functions make up primitives that can be employed as building blocks to put up a security mechanism that target specific goals. The cryptographic primitive is viewed in two different perspectives. Firstly, it is viewed as an abstract of black box or mathematical object. Secondly, it can be run to a particular program to present specific features. In this regards, the first point of view is that which pertains to classical cryptanalysis while the second pertains to physical security, according to Zhou and Feng (2011). Zhou and Feng (2011) observed that cryptographic devices’ physical attacks tends to take advantage of implementation-specific features to convalesce the secrete considerations factored in during computation. As a result, they are much less general because they are specific to a particular implementation, but rather more powerful than classical cryptanalysis that is normally perceived to be very serious by cryptographic device manufacturers, according to Zhou and Feng (2011). There are usually numerous such physical attacks, which falls under two broad categories namely invasive vs. non-invasive attacks and active vs. passive attacks. Invasive attacks, according to Zhou and Feng (2011) need de-packaging of the chip in order to have direct access to the components inside it. A classical example of invasive attack can be a wire connection onto a data bus to be able to view the data transfers (Bao et al., 2011). A non-invasive attack, on the other hand, only uses information available externally, such as power consumption and running time, according to Zhou and Feng (2011). Active attacks, according to Zhou and Feng (2011) are those, which normally attempts to interfere with the proper functioning of devices. A typical example is the error induced in the computation by fault-induction attacks as observed by Zhou and Feng (2011). Passive attacks, on the other hand, does not necessarily interfere with the proper functioning of devices, rather only observes the behavior of the device during processing. Therefore, the side-channel attacks that this paper seeks to explore are a form of physical attacks where an adversary attempts to exploit the leakages of physical information such as power consumption, timing information, or electromagnetic radiation. Skorobogatov (2011) defines side-channel attacks as any form of physical attack based on information obtained from the physical implementation of a cryptosystem, but not brute force in the algorithms. Skorobogatov (2011) reveals that side-channel attacks pertain to measuring changeability of hardware and analyzing the behavior of the algorithm that runs the hardware in question. However, since the information leakages resulting from side-channel attacks are passive, non-invasive and can easily be performed using cheap equipment, they pose danger to the security of cryptographic hardware devices, according to Skorobogatov (2011). The cryptographic devices include among other things personal computers, smart cards, and radio frequency identification devices (RFIDs) among others. Their proliferation has made the physical security and side-channel attacks a major concern that need to be examines in details (Bidgoli, 2006). This paper will begin by examining the basics of side-channel attacks. Among the issues discussed in this section, include the genesis of unintended information leakages in latest microelectronic technologies and how the physical features can be recovered using a simple measurement setups. This will be followed by an exploration of some of the typical examples of side-channel attacks such as the differential power analysis (DPA) and simple power analysis (SPA). We also seek to enumerate the different steps of side-channel attacks using classical example to emphasize the main concerns associated with the implementation of side-channel attacks and the possible remedies thereof. Finally, the paper will discuss some of the countermeasures to mitigate the effect of physical information leakage emanating from side-channel attacks. The origin of leakages Agrawa, Archambeault, and Rohatgi (2002) state that side-channel attacks have a close link with the existence of physically observable incidents resulting from the execution of computing tasks in current microelectronic devices. For example, they note that microprocessors normally consume power and time to execute a given task. In addition, microprocessors tend to produce a lot of noise, dissipate heat, as well as radiate many electromagnetic fields, according to Agrawa, Archambeault, and Rohatgi (2002). As a result, Agrawa, Archambeault, and Rohatgi (2002) argue that there usually exist plenty of information sources escaping from actual computers that might be exploited by spiteful adversaries. Power consumption and electromagnetic radiation are normally some of the famous practical examples of side-channel attacks, which pose an enormous threat to cryptographic devices (Domingo-Ferrer, Posegga and Schreckling, 2006). They include power consumption in CMOS devices and EM radiation in CMOS devices discussed hereunder. Power consumption in CMOS device Agrawa, Archambeault, and Rohatgi (2002) reveal that a static CMOS gates have three special sources of dissipation. In this regard, they reveal that the first one is that which results from the leakage of currents in transistors while the second one is that resulting from short-circuit currents. At this point exist a short period for gate switching while the PMOS and NMOS are conducting alternately (Gennaro et al., 2004). Finally, the power consumption’s dynamics is because of the discharge and charge of the capacitance load. Agrawa, Archambeault, and Rohatgi (2002) noted that the importance of these dissipation sources depends hugely on technology scaling. Nevertheless, the dynamic power consumption is only relevant from the side-channel point of view because it determines the relationship between the internal data devices and the externally observable power consumption. This is normally expressed as follows: Pdyn = C LV2 DDPo>1 f. Where Po>1 f is the switching activity, Po>1 is the probability of 0-1 transition, VDD -voltage of power supply and f being the device’s work frequency. CM radiation in CMOS device Micali and Reyzin (2004) state that, as was the case with power consumption of CMOS devices electromagnetic radiation is also data-dependent. Theoretically, the electromagnetic leakages are explained using Biot–Savart law. In this regard, it is noted from Biot–Savart law that the side-channel information leakages in electromagnetic radiation results from the fact that the radiation is data-dependent. As a result, Micali and Reyzin (2004) argue that any physically observable occurrence that can be associated with the internal configuration or cryptographic device activities can be used as a source of information for spiteful adversaries. Leakage models Bleichenbacher (1998) reveals that quite a number of leakage models have so far been derived by side-channel adversaries. The leakage models can be employed to either simulate an attack or improve the efficiency of an attack (Bleichenbacher, 1998). One such leakage model is the Hammering distance model, which postulates that when a value x0 found in CMOS device changes to a value x1, then the side-channel leakage generated have a direct relationship with the Hammering distance of these values, expressed as HD( x0, x1) = Hw( x0 ? x1) (Brier, Handschuh and Tymen, 2001). The second is the Hammering weight model, which is based on an assumption that, when x0 is calculated in a device, then there is a correlation between the actual side-channel leakages and Hammering weight of these values, expressed as Hw(x0) (Gennaro et al., 2004). Bleichenbacher (1998) reveals that good leakage models strongly impacts on the side-channel attacks’ efficiency. Measurement setups The building of an effective measurement setup is of principal importance as far as the practical implementation of a side-channel attack is concerned. This is because their main objective is to convert the physical observable characteristics of a device into digitally exploitable data. The setups are normally built using the following elements: A target cryptographic device such as a smart card External power supply, such as a generator in case the device is not embedded on-chip. A leakage probe-In this regard, power consumption can be monitored through insertion of a small resistor within the device. An acquisition device such as the digital oscilloscope connected to a computer to aid statistical analysis of the traces of side-channel. Vaudenay (2002) noted that, just as leakages, models have a strong influence on the efficiency of side channels, which also applies to measurement setups. It is reported that the quality of the measurement setup is determined by the mount of noise produced by traces of side-channels. In this regard, it becomes apparent that noise is a key concern in side-channel attacks particularly in signal processing application. The noises considered in this case include the physical noise produced by transistors and their environments, model matching noise, measurement noise and algorithmic noise such as those created by parasitic computation. Vaudenay (2002) argues that all these interferences affect side-channel attacks’ efficiency, as well as reducing the amount of information in the leakages. Classical Attacks: SPA and DPA As earlier stated, the physical attacks can also be classified according to the statistical treatment employed in the leakage traces. In this regard, the attacks are classified as simple or differential attacks. This type of attacks was mainly introduced in power analysis context. A simple power analysis (SPA), according to Oswald (2004) endeavors to provide an interpretation of the device’s power consumption and infer information pertaining to its performed operations. The information contained does not amount to an attack. It is also an acknowledged fact that advanced encryption standard (AES) 128 has 10 rounds. However, being aware that a device is executing an AES encryption does not necessarily expose secretes in any manner. However, as Oswald (2004) observed, such a visual examination of the leakage traces may be used as a preliminary step that may culminate into a very powerful attack. Moreover, this operation sequence can give useful information, particularly when the flow of instruction is data-dependent. A modular exponentiation, which is performed with multiplies algorithm and square, is one such typical example. Contrary to SPA, differential power analysis (DPA) aims at taking advantage of data dependencies in the patterns of power consumption. It is reported that the data dependencies subjugated by powerful statistics gives rise to a more general category of differential attacks. An Exemplary Differential Attack against the Data Encryption Standard (DES) Agrawa, Archambeault, and Rohatgi (2002) reveal that a number of active steps are normally involved in side-channel attacks against cryptographic devices. In this regard, the first step usually involves the selection and implementation of the target algorithm. At this stage, the adversary is said to be responsible for determining the algorithm such as the DES, as well as the target platform such as the smart card from which the adversary aims to recover secretes information. This stage is followed by the second step, which involves leakage source selection and measurement of setup. Here, the role of the adversary is to ascertain the kind of leakage that he or she is interested in exploiting. The leakages here may be either electromagnetic radiation or power consumption or both. Agrawa, Archambeault, and Rohatgi (2002) note that this step includes the measurement setup penetration. The third step involves target signal selection. Agrawa, Archambeault, and Rohatgi (2002) reveal that side-channel attack is mainly based divide-and-conquer approach where the recovery of different parts of secrete keys are targeted in the attack is done secretly. After that, the adversary goes ahead and selects the part of the key targeted by his attack. An example here may be six key bits getting into the first DES S-box S0. The fourth step involves device input selection that is intended to be fed to the target device. This can be done randomly without following any procedure. However, if not permitted, then an assumption is made that a side-channel adversary is capable of monitoring the plaintexts. This is normally followed by the fifth step, which involves the deviation of internal values that form part of the algorithm. Agrawa, Archambeault, and Rohatgi (2002) argue that this is the key of divide-and-conquer approach. Here, for a number of input plaintexts, the adversary projects the internal values found in the target device that are intended to be computed in the course of the execution of the algorithm. It is noted that for purposes of computation, only values that depend on a small part of the key is useful. For instance, an individual can easily predict the 4 bits after transformation in the initial DES round for all the 64 possible key values relayed to S0 according to Goubin and Patarin (1999). . The sixth step normally pertains to leakage modeling. At this stage, the adversary normally models a function of the device leakage being targeted. Once this has been done, the adversary proceeds to the seventh step where he measures the leakage. Here, the adversary carefully monitors the leakage of the target device by obtaining the leakage vector (Goubin and Patarin, 1999). This is followed by the eighth step, which involves the selection of desired leakage samples. This is because leakage traces derived from device acquisition may contain numerous samples. Therefore, it becomes necessary for the adversary of a side-channel to limit the data dimensions to lower values. This is normally done using techniques such as the SPA or advanced statistical processing (Messerges, 2000). Finally, the adversary does the statistical comparison whose aim is to predict leakages that exist within the transformed measurements. It is noted at this stage that, it the attack happens to be successful, then, the model value that corresponds to the right key candidate provides the best result of the comparison. Ways of improving side-channel attack Normally the improvement of attack requires adjusting steps enumerated above. This usually takes into account the following ideas: Ensuring that enhancement is made on the measurement setup through limitation of the amount of noise. This can also be done by designing a better side-channel probe. It is noted that this acts as the preliminary step for the advancement of a powerful and effective side-channel attack. Side-channel leakage traces pre-processing, which can be done by filtering. Taking advantage of multivariate statistics using higher-order attacks Using a variety of statistical tests such as correlation analysis, or Bayesian classification Employing a variety of side-channel leakages among other methods Techniques of preventing side-channel attacks The protection of cryptographic devices from side-channel attacks is very important. Therefore, a number of techniques have been developed to ensure that the cryptographic devices are free from side-channel attacks. The general data-independent calculation is one of the surest ways of preventing cryptographic devices from side-channel attacks. Generally all operations are done using module are expected to be data-dependent with regard to their power consumption. As a result, every time different sub-operations are executed according to key bits the sub-operations are expected to take a similar number of clock cycles. In this regard, findings show that making the time required for operation fixed for each piece of data bars all timing attack. This is because attacks are founded on variations in the computation of time in line with the input and key bits (Messerges, 2000). Binding is also another surest method of preventing side-channel attacks. Findings show that binding signature techniques is effective in preventing attackers from knowing the input to the modular exponentiation function. This makes it very effective in preventing any type of a side-channel attack. Research indicated that even after having carried out binding, the distribution would normally show the average time for every operation, which can be used as a reference tool for hammering weight of the exponent. Tehranipoor and Wang (2012) note that in case of a need for anonymity, and then a random multiple can be added to the exponent before any exponentiation of modular. However, care must be taken as this is done to ensure that the additional process does not result to a timing characteristic, which are likely to show random multiple. Tehranipoor and Wang (2012) reveal that this approach is very effective in preventing attacks that normally gain the information leaked in the course of modular exponentiation operation resulting from electromagnetic radiation, power consumption changes, and fluctuations of system performance among others. This is because exponent bits tend to fluctuate with each operation, according to Tehranipoor and Wang (2012). Side-channel attacks can also be prevented by ensuring that conditional branching and secrete intermediates are avoided completely. It is noted that avoiding procedures that employ secrete intermediaries’ helps in masking several SPA features. As a result, implementation of the critical code by software will be free of branching statements. At the same time, it will also be free of conditional execution statements. Therefore, computations should be done using functions that incorporate elementary operations such as XOR, and OR and avoiding the use of conditional and branching execution of code operations (Micali and Reyzin, 2004). Findings show that this feature makes it very hard predicting the key and input values using measurements of power and time consumption. In this regard, it is noted that conditional execution, which highly depends on key and input data, can portray with ease the properties of this data in the event that the adversary measures the power and time taken to execute a certain action. Evidence shows that as long as the code lines are running, the power and time taken to execute these actions becomes independent of data regardless of the input and key bits. This prevents it from revealing any of its features. In this regard, this feature effectively prevents all manner of timing attacks on asymmetric ciphers and attacks on power consumptions (Micali and Reyzin, 2004). Finally, side-channel attacks can be prevented by licensing of modified algorithms. In this regard, it is highly advised that one needs to make an assumption that information will at one time be leaked when designing and implementing cryptosystem. Making such assumptions is important because it makes designers become vigilant for any leakage and put measures that are likely to assist in preventing such leakages. Research indicates that very few corporations put in place approaches that ensure that cryptographic algorithms are secure. It is in this regard that licensing modified algorithms become effective in preventing side-channel attacks (Rabaey, 1996). Despite the fact that the above-discussed countermeasure can be used in the prevention of all type of side-cannel attacks, there are certain techniques that are only effective in preventing particular side-channel attacks such as timing and power. Below are some countermeasures against specific side-channel attacks: Countermeasures to against power analysis attacks Balancing of power consumption The technique of balancing power consumption has proved as one of the most effective method of preventing power analysis attack. Therefore, it is advisable that this technique be employed when necessary. The gates and dummy registered need to be added on which unnecessary operations are made to balance power consumption to a constant figure. In this regard, a complementary operation must be carried out on the dummy elements whenever a given operation is to be executed on the hardware. This s important because it ensures that all the power consumed of the unit is balanced in accordance with a higher value. Research indicates that balancing of power consumption prevents all manner of power consumption attacks such as DPA and SPA (Bhanu, 2012). Addition of noise Noise has also been established to play a big role in countering against power analysis attacks. In this regard, it is reported that the introduction of noise to power consumption measurements is one of the surest ways of preventing DPA. This is based on the findings which has shown that the addition of noise tend to increase the number of samples needed for an attack to occur. Nevertheless, for the additional noise to be effective as a countermeasure, the increase must be a high as possible so as to make the sampling unfeasible. Noise can be increased through the addition of random computations so as to made DPA bias spikes hard to detect (Ishai and Sahai, 2003). Signal reduction Research has also shown that DPA attacks can effectively be prevented by reducing the size of signals, which can be done using constant execution path code, balancing Hammering weights, physical shielding of the device or selecting operations that do not leak a lot of information in their power consumption. Nevertheless, such a reduction of signal size is not capable of reducing the signal size to zero since an attacker with samples of an infinite number will still be able to execute a DPA attack on the signal (Shamir, 2000). Algorithms design modification Finally, the DPA attacks can easily be prevented by developing a cryptosystem based on realistic assumptions underlying hardware. In this regard, research has found out that an update of nonlinear keys is capable of preventing power traces from collating between transactions. This, in turn, prevents attackers from executing DPA attacks (Ambrose, Ignjatovic and Parameswaran, 2010). Countermeasure against timing attacks Research has proved there are two surest approaches of preventing timing attacks. In this regard, addition of delays has been proved to be one of the surest approaches of [preventing timing delays. This is normally done by ensuring that all operations consume the same amount of time. However, it is worth pointing out that this procedure is normally not easy to execute. The second technique of countering against timing attacks is to ensure that there is time equalization of squaring and multiplication. This implies that the time taken by the performance unit of multiplication and that taken for exponentiation performance must be maintained similar. This makes it difficult for an attacker to learn how, if and when several multiplications are made, as well as the number of exponentiations (Gandolfi, Olivier, and Mourte, 2001). Conclusion Side-channel attacks are vital class of cryptanalytic technique. Despite the fact that it is less generic in comparison to classical cryptanalysis, due to their nature of targeting a specific implementation rather than an abstract of algorithm, they have proved to be very powerful. In fact, such attacks are very prevalent in today’s circuit technologies and must be taken as a serious security threat to embedded devices. Therefore, it is very crucial for designers to ensure that proper countermeasures are put in place that can prevent such attacks on devices. Nonetheless, much attention needs to be paid to the fair assessment of the countermeasures to be able to analyze in details the security of all cryptographic devices. In addition, side-channel attacks are part of physical reality and cannot be ignored in totality since ignoring it may introduce other weaknesses with respect to other concerns. However, the advancement of a unified framework for evaluation of physical security issues is a long-term objective in cryptographic research. References Agrawa D., Archambeault, l, B., Rao, J., & Rohatgi, P. (2002). The E M Side-Channel(s), in the Proceedings of CHES 2002, LNCS, Redwood City, CA, USA, Vol. 2523, pp 29–45. Ambrose, J., Ignjatovic, A., & Parameswaran, S. (2010). Power analysis side channel attacks: The processor design-level context. London: VDM Publishing. Bao, F., Yung, M., Lin, D., & Jing, J. (2011). Information security and cryptology: 5th International Conference, Inscrypt 2009, Beijing, China, December 12-15, 2009. Revised Selected Papers. New York, NY: Springer. Bhanu, H. (2012). Timing Side-Channel Attacks on Ssh. Oxford: BiblioBazaar. Bidgoli, H. (2006). Handbook of information security, threats, vulnerabilities, prevention, detection, and management. Hoboken, NJ: John Wiley & Sons. Bleichenbacher. D. (1998). Chosen cipher text attacks against protocols based on the RSA encryption standard PKCS #1. CRYPTO'98, LNCS 1462, pp.1-12. Brier, E., Handschuh, H., & Tymen, C. (2001). Fast primitives for internal data scrambling in tamper resistant hardware , in the proceedings of CHES 2001, LNCS, Vol. 2162, pp 16–27, Paris, France,, Springer-Verlag. Domingo-Ferrer, J., Posegga, J., & Schreckling, D. (2006). Smart Card Research and Advanced Applications: 7th IFIP WG 8.8/11.2 International Conference, CARDIS 2006, Tarragona, Spain, April 19-21, 2006, Proceedings. New York, NY: Springer. Gandolfi, K., Olivier, C., & Mourte, F. (2001). Electromagnetic analysis: concrete results. CHES 200, LNCS 2162, pp.251-261. Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, S., & Rabin, T. (2004). Algorithmic tamper-proof security: Theoretical foundations for security against hardware tampering, in the proceedings of TCC 2004, LNCS, Cambridge, MA, USA. Vol. 2951, pp 258–277. Goubin, L., & Patarin, J. (1999). DES and differential power analysis, in the proceedings of CHES 1999, LNCS, Worcester, MA, USA. Vol. 1717, pp 158–172, Ishai, Y. A., & Sahai, D. (2003). Private circuits: securing hardware against probing attacks. CRYPTO 2003, LNCS 2729, pp.463-481. Messerges, T.S. (2000). Using second-order power analysis to attack DPA resistant software in the proceedings of CHES 2000, LNCS, Worcester, MA, USA. Vol. 2523, pp 238–251, Micali, S., & Reyzin, L. (2004). Physically observable cryptography in the proceedings of TCC 2004, LNCS, Vol. 2951, pp 278–296, Cambridge, MA, USA. Oswald. E. (2004). On side-channel attacks and the application of algorithmic countermeasures, PhD dissertation. Pp. 2-21. Rabaey, J. M. (1996). Digital integrated circuits. Saddle River, NJ: Prentice Hall International, Upper. Shamir, A. (2000). Protecting Smart Cards from Passive Power Analysis with Detached Power Sup-plies, in the Proceedings of CHES 2000, LNCS, Worcester, MA, USA. Vol. 1965, pp 238–251, Skorobogatov, S. (2011). Side-channel attacks: new directions and horizons. University of Cambridge. 29(5) 2-52. Tehranipoor, M. H., & Wang, C. (2012). Introduction to Hardware Security and Trust. New York, NY: Springer. Vaudenay. S. (2002). Security flaws induced by CBC padding – applications to SSL, IPSEC, WTLS.EUROCRYPT. LNCS 2332, pp.534-545. Zhou, Y., & Feng, D. (2010). Side-Channel Attacks: Ten years after its publication and the impacts on cryptographic module security testing. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, 100080, China. 1-34. Read More