What is a Side Channel Attack?

To the eyes of the uninstructed, the term cryptography seems like an entity involving numerical calculations and common algorithms like DES, RSA, and the others. Initially, the cryptographic algorithms appear to be implemented inside a black box, but in reality, the black box plays a very important role. With most algorithms becoming more secure and almost impossible to break, malicious actors find numerous ways to barge in and steal critical information. Since most of the cryptographic algorithms are implemented on hardware, attackers shift their focus to understanding the details of that hardware to gather information. Different physical interactions take place between an algorithm and the device when the former is being implemented. These interactions lead to the formation of “side channels.” Malicious use of the side channels to exploit the vulnerabilities is known as a “side channel attack.” The information leaked is known as “side channel information.”

The Two Sides of a Coin

Whenever a discussion regarding Side Channel Attacks (SCA) is initiated, two models designed by (Zhou & Feng, 2005) are brought up. Below are the diagrammatic representations of both the models. The first model evaluates the foundation of the Cryptographic algorithms based on mathematical functions. In contrast, the second discusses how an attacker can benefit from all the leaked information when an algorithm is implemented on the hardware.

Some Popular Types of Side Channel Attacks

1. Cache Based Attack – Cache, being a tiny portion inside the processing unit, has two important concepts related to it: Cache Hit and Cache Miss.

A Cache Hit occurs when the required data is found; otherwise, a Cache Miss occurs. Upon a Cache Miss, the data block from the main memory is copied to the cache to avoid further cache misses. When the data is being loaded for the first time, a delay will be generated, which acts as an opening for attackers. The attackers measure this delay and, based on the measurements, launch a Cache Based SCA.

2. Timing Based Attack - When a cryptographic algorithm is performed, its implementation time varies due to performance optimizations. These variations can be a haven for attackers as they can easily obtain secret information through them. A Timing Attack is carried out by the measurement of the time taken by a cryptographic algorithm.

3. Fault Based Attack - Since cryptographic modules are assumed to be reliable, their security and dependability are often overlooked. These factors come to light when the operations performed on them give different output than expected. Faults in cryptographic devices generally occur as a result of wear and tear and are unintentional. Such faults can become side channels for attackers who study how often they occur, and those attackers make these faults intentional by inducing them in the hardware.

4. Power Based Attacks – Power consumption during the implementation of an algorithm may provide a lot of information about the algorithm’s operations. A power analysis attack is a strong hardware attack and is quite dangerous against smart cards and embedded systems.

The following figure depicts a power trace during the implementation of RSA. RSA uses the squaring and multiplication method for its calculations. The left peak is a squaring only peak, whereas the right one is a multiplication only peak. The 0s and the 1s can easily be identified.

5. Electromagnetic (EM) Attacks – Cryptographic Devices often leak electromagnetic radiation, which can be observed by attackers, and can be used to initiate SCAs to find the secret data involved in computations. Based on the analysis of electromagnetic radiations, these attacks can be classified into Simple EMSCAs and Differential EMSCAs.

6. Acoustic Attacks – These make use of the relation between A) the sound generated from a device while performing computation and B) the device itself. Most of these attacks focus on sounds produced by keyboards & printers. A 2017 study (Genkin, Shamir, & Tromer, 2017) demonstrated acoustic attacks against computer processors by analyzing noise from capacitors and inductors inside the motherboards.

Other SCAs are less common and still new in terms of research. These SCAs are:

• Data Remanence (e.g., Cold Boot Attacks)
• Software Based Attacks (e.g., Shadow Hammer)
• Error Message Attacks
• Optical Attacks

Recent Side-Channel Attacks

After acquiring sufficient knowledge regarding how SCAs work, it is time to look at some recent Side Channel Attacks and their categories.

Spectre - This is a vulnerability which allows for arbitrary locations in the allocated memory of a program to be read. Spectre affected a certain type of micro processors that implement branch prediction processes. These processors use the concept of “speculative execution” - a technique that pre-performs tasks to save time during execution. During speculative execution, there are two possibilities - 1) Branch Prediction, which means that the output of the execution was successful, or 2) Branch Mis-prediction, which signifies that the tasks identified by the Branch Predictor were not executed. So, during Branch Mis-prediction, there are observable effects on the cache, resulting in data leakage. Spectre combines the cache SCA with a Timing attack, based on when the Branch mis-prediction occurs.

The CVE IDs related to Spectre are CVE-2017-5753 and CVE-2017-5715. Spectre Attack has three main phases -

1. Mis-training Phase
2. Exploit Phase
3. Attacking Phase

Spectre has affected almost every computer that uses Intel, ARM, and IBM based processors.

Cold Boot Attack - This attack is based on the assumption that DRAM’s memory can still be accessed after the computer has been shut down. One interesting fact about DRAM is that it remains unchanged at extreme temperatures, even after shutdown. Using this assumption, an attacker can physically access the computer and perform a memory dump, thereby finding a way in.

The Cold Boot Attack can be implemented in the following manner -

• Prepare a USB drive containing a small footprint of the OS to be accessed.
• Cooldown the DRAM using Freeze Spray.
• Mount the RAM either on the original machine or a different one.
• Turn back the power on.
• The footprint on the USB drive will read and store the DRAM data on itself.
• Perform an analysis of the Drive.

This side-channel attack is easy to perform and can even be used in Digital Forensics.

Meltdown is similar to Spectre. Meltdown has affected Intel x86 processors and IBM POWER processors. In Meltdown, a malicious process can read all the memory from the computer system through privilege escalation. Meltdown’s CVE ID is CVE-2017-5754. It is an example of Cache Based SCA. In Meltdown, the concept of Out-Of-Order Execution is implemented. This technique runs all the instructions in parallel, instead of executing them sequence-wise. In Meltdown, the remnants of the Out-Of-Order Execution lead to the leakage of sensitive data.

Meltdown occurs in three phases: 1) Identifying the secret data when O-O-O Execution occurs, 2) applying a timing attack to reveal secret data, and then 3) repeating the first two phases until all of the data of the entire memory unit is revealed.

Like Spectre, Meltdown has affected millions of computer systems, ranging from Personal Computers to Cloud Infrastructures.

Countermeasures against SCAs

1. General Countermeasures

Basic countermeasures that exist for SCAs tend to either reduce the release of leaked information or cut the relationship between the side channels and secret data. The first category is a set of hardware-based countermeasures. These countermeasures are as follows:

-Shielding reduces the leak of emissions and prevents tampering of data buses.

• Jamming of side channels with noise
• Using software for Security Analysis.

2. Countermeasures for known Side Channel Attacks The table below sums up the most used countermeasures for the popular types of SCAs.

Conclusion

Although FIPS 140 security standards devised for cryptographic modules, attackers continue to find new side channels to intercept data. Most of the time, such attacks are untraceable, proving that algorithms appear bulletproof on paper, but show vulnerabilities when implemented on hardware. Some third-party vendors use backdoors with good intent, but they backfire and offer a way in for attackers to help themselves. On cryptographic modules, quick execution of algorithms is a must. Quick execution doesn’t give the attacker much time to infiltrate. Still, it takes a toll on hardware by maxing out its capabilities and leading to emissions and emanations, and serving as entry points for infiltrators. Keeping these points in mind, designers should be aware of the potential risks and flaws in their modules and always refer to the latest side-channel attacks. Proper testing is a must. It is worth mentioning that many side channel attacks are still being discovered; hence an updated manifest of the same should be maintained, one that can be referred to for making future modules bulletproof.

---

References

1. (FIPS). (1994). FIPS PUB 140-2: Security Requirements for Cryptographic Modules. In (NIST).
2. Genkin, D., Shamir, A., & Tromer, E. (2017). Acoustic Cryptanalysis. Journal of Cryptology. https://doi.org/10.1007/s00145-015-9224-2
3. https://www.techrepublic.com/article/spectre-and-meltdown-explained-a-comprehensive-guide-for-professionals/
4. https://en.wikipedia.org/wiki/Cold_boot_attack
5. www.wikipedia.org/wiki/Power_analysis#/media/File:Power_attack_full.png
6. Zhou, Y., & Feng, D. (2005). Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing. Information Security Seminar WS 0607.