Internet of Things
Defending against power analysis attacks
By Marius Munder, senior staff engineer, systems architect, Silicon Labs
vendor’s reputation, and destroy potential buyers’ confidence. One tactic that’s becoming increasingly popular amongst hackers is differential power analysis (DPA). This is one example of a ‘side channel’ attack, which monitors the physical attributes of a device (in this case, its power consumption), as a way to learn about what the device is doing and what data is being processed. Typically, an attacker would implement an inductive loop around part of the device (which means they require hands- on access to it), and observe the current induced in the loop, which indicates how much power the device is consuming. This could, for example, be used to discover a secret encryption key from a smart card, as the operations performed (and hence the amount of power used) depend on both the type of operation as well as the bit being manipulated being a 0 or a 1. DPA attacks require complex equipment and algorithms, with sophisticated statistical analysis, although hardware prices are falling. Attackers monitor power consumption for many operations and then perform mathematical analysis to extract a secret like, for example, a security key. Even so, DPA attacks are now leaving the lab and moving into the real world. In 2015, a project called ChipWhisperer put power analysis into the hands of casual hackers and hobbyists, through the creation and publication of an open-source toolchain. As a DPA attack is passive it can’t normally be detected. This means that devices must be secured so they do not expose any secret information due to variations in their power consumption.
F How can device vendors protect against DPA attacks?
Preventing information leakage Making physical extraction more complicated is the simplest way to counter an attack. By encapsulating the hardware at the board
30 October 2021
or Internet of Things (IoT) vendors, security has never been more important than right now. Any data breach or attack can make headlines, damage a
Rollback protection
level, it’s more difficult and expensive for a hacker – but this may disproportionately increase the cost of the device. When moving from board to chip level, there are several relevant countermeasures: ● State-of-the-art CMOS devices require much less power, which significantly reduces the leakage of information that can be accessed through power analysis.
● When using fast crypto engines with a high level of parallelization, power analysis becomes much more difficult because the parallelization creates a significant amount of background noise. Successful extraction of any keying material requires more traces and/or more advanced attack methods to separate the signal from the noise.
● It’s also possible to randomize the emissions from a chip in a way that makes it impossible with today’s state-of-the-art attack methods to extract any data using power analysis.
Software design to prevent power analysis DPA attacks depend on relating the power being used to the specific data or operation on the device. If this relationship can be broken or obscured, the attack is blocked. To do this, the device’s code should ensure it only uses publicly known data for branch code execution, rather than depending on secret values. If this isn’t possible, all potential execution paths should require the same number of execution cycles.
communication key when it joins a new network. There’s no valid reason to do this repeatedly at a high rate, as would be
Components in Electronics
security features. This means that older hardware may be vulnerable to DPA attacks.
www.cieonline.co.uk These relatively simple and inexpensive
software-based countermeasures can be used to make simple power analysis (SPA) impossible. However, they are ineffective against DPA and more complex methods of power analysis because each operation in a modern processor has a distinct power fingerprint. It’s virtually impossible to make the power profile entirely data- and execution-independent using just software countermeasures.
System design as a security measure For any side-channel attack to succeed, the device under attack must be using the secret an attacker is trying to extract, in a traceable way. So, potentially the most powerful countermeasure is to rate-limit the number of times a usable trace can be recorded. Suppose an IoT device uses elliptic curve cryptography (ECC) to derive a
required for DPA. So, if attempts to join the same network are limited to, say, once per minute, any DPA attack can be blocked.
Putting protection to the test Using the ChipWhisperer open-source toolchain, Silicon Labs set out to show that the hardware-based countermeasures in our new chipsets were preventing the leakage of confidential data. The results of our tests are below – showing how many traces are required by an attacker to achieve a Global Success Rate (GSR) of more than 80%. They involved the extraction of a 128-bit advanced encryption standard (AES) key and the impact of the correct choice of physical extraction method for the traces. The results show that a relatively small number of traces are required on legacy hardware, which may remain in service for years beyond the effectiveness of their
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54
