Writing for Jane’s, Yossi Oren examines the mechanics of side-channel attacks, how they are likely to evolve, and what defence options exist. Side-channel analysis is a powerful cryptanalytic technique that aims to extract secret information from the physical emanations of an otherwise secure device.
This is an extract from an article that appeared in Jane’s Intelligence Review.
- Side-channel analysis, a technique that allows an attacker to extract secret information from an electronic device through examination of its physical emanations, is capable of compromising otherwise secure systems.
- Although systems at risk from side-channel attacks can be protected through hardware and software modifications, this results in a delicate trade-off between security and allowing the device to fulfil its intended function.
- Secret information stored digitally is increasingly vulnerable to emerging low-cost side-channel attacks that are highly scalable, employing malicious peripheral devices or by turning components of a system against itself.
A secret report drafted by the US National Security Agency (NSA) in mid-1972, and approved for public release in September 2007, describes a technical phenomenon related to a piece of military hardware called the 131-B2 encryption device. This device, produced by Bell Telephone Laboratories, was used by the US Army and Navy during the Second World War as part of the US military's secure teletypewriter communications infrastructure. The underlying encryption scheme used by the 131-B2 devices, called the one-time pad, is in theory completely unbreakable. In fact, this encryption scheme is still used to protect highly sensitive data.
During testing on a 131-B2 device at Bell Labs, a researcher noticed that each letter processed by the device caused it to emit a high-powered electromagnetic pulse, probably related to the relays operating the paper-punching mechanism used by the teletypewriter. By using an antenna and amplifier, these pulses could then be picked up and decoded almost 80 feet away.
The method used by the Bell Labs researchers to recover the secrets of the theoretically unbreakable 131-B2 device is called a side-channel attack. Side-channel analysis is a powerful cryptanalytic technique that enables attackers to extract secret information hidden inside many types of devices. Side-channel analysis works by analysing the physical signals, such as power consumption or heat dissipation, that a device emits as it performs a secure computation. First discussed in an academic context by Paul Kocher in 1996, side-channel analysis has been shown to be effective in compromising a plethora of real-world systems, ranging from car immobilisers to video game consoles, and from mass transit cards to high-security cryptographic co-processors.
A successful side-channel attack requires three elements: a source, a modulator, and a receiver. First, a source of secret information, which is typically a sensitive sub-component of the device under test, emits a secret payload during the process of its operation. This secret is then processed by a side-channel modulator, an integral component (such as a system fan) that causes the secret payload to manifest in the physical emanations of the system, such as the system's power consumption or heat dissipation. This function of the modulator is a by-product of its operation, and was not purposely intended by the system's designers. Instead, its existence is an artefact of the physical characteristics of the device under test. Finally, the physical emanation is captured by the attacker using a side-channel receiver. The attacker analyses the received emanations and attempts to recover from them as much information about the secret as possible.
Low-cost side-channel attacks
Side-channel attacks can be deployed through a low-cost malicious aftermarket peripheral. As illustrated in the graphic 'Low-cost side-channel attack based on a malicious peripheral', end users often connect unverified aftermarket accessories (1) such as batteries, earphones, or chargers, to their secure mobile devices. While this accessory is connected, the user interacts with a sensitive app on his device (2) such as a payment application. The malicious accessory carries out a power-based side-channel attack on the victim's phone (3) to recover this secret information. To disclose this information back to the attacker, the malicious device can include an embedded transponder (4) or somehow modulate the compromised information back into the smart device's regular communications (5), potentially by using a co-operating application on the device. This setting enables the attacker to place a very low-cost embedded set-up with limited measurement, storage, and processing capabilities in close proximity to the device.
The content from this blog post is compiled from Jane’s Intelligence Review. For more information or to subscribe visit Jane’s Intelligence Review. Jane’s also runs a series of OSINT courses covering all areas of open-source intelligence including cyber security. For more information on these courses visit Jane’s OSINT training.
Yossi Oren writing for Jane's Editorial Staff
Posted 10 October 2017