Side channel attacks in embedded systems: A tale of hostilities and deterrence

Security of embedded computing systems is becoming paramount as these devices become more ubiquitous, contain personal information and are increasingly used for financial transactions. Side Channel Attacks, in particular, have been effective in obtaining secret keys which protect information. In this paper we selectively classify the side channel attacks, and selectively demonstrate a few attacks. We further classify the popular countermeasures to Side Channel Attacks. The paper paints an overall picture for a researcher or a practitioner who seeks to understand or begin to work in the area of side channel attacks in embedded systems.

[1]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[2]  Kouichi Itoh,et al.  DPA Countermeasures by Improving the Window Method , 2002, CHES.

[3]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[4]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[5]  Ingrid Verbauwhede,et al.  Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology , 2003, CHES.

[6]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[7]  Nadia Nedjah,et al.  Efficient Hardware for Modular Exponentiation Using the Sliding-Window Method , 2007, ITNG.

[8]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[9]  Jean-Pierre Seifert,et al.  Software mitigations to hedge AES against cache-based software side channel vulnerabilities , 2006, IACR Cryptol. ePrint Arch..

[10]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[11]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[12]  Dengguo Feng,et al.  Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing , 2005, IACR Cryptol. ePrint Arch..

[13]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[14]  R. Tourki,et al.  Implementation of CPA analysis against AES design on FPGA , 2012, 2012 International Conference on Communications and Information Technology (ICCIT).

[15]  Richard J. Lipton,et al.  On the Importance of Eliminating Errors in Cryptographic Computations , 2015, Journal of Cryptology.

[16]  Narayanan Vijaykrishnan,et al.  Masking the Energy Behavior of DES Encryption , 2003, DATE.

[17]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[18]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[19]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[20]  Wayne H. Wolf Multimedia applications of multiprocessor systems-on-chips , 2005, Design, Automation and Test in Europe.

[21]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[22]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[23]  Jean-Pierre Seifert,et al.  Deconstructing new cache designs for thwarting software cache-based side channel attacks , 2008, CSAW '08.

[24]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[25]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[26]  Johann Großschädl,et al.  Instruction Set Extensions for Efficient AES Implementation on 32-bit Processors , 2006, CHES.

[27]  Alexandre Yakovlev,et al.  Design and analysis of dual-rail circuits for security applications , 2005, IEEE Transactions on Computers.

[28]  David A. Wagner,et al.  Fault attacks on dual-rail encoded systems , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[29]  Sri Parameswaran,et al.  A Hardware/Software Countermeasure and a Testing Framework for Cache Based Side Channel Attacks , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[30]  Catherine H. Gebotys,et al.  Methodology for attack on a Java-based PDA , 2006, Proceedings of the 4th International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS '06).

[31]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[32]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[33]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[34]  Michael K. Reiter,et al.  Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud , 2013, CCS.

[35]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[36]  Jean-Jacques Quisquater,et al.  Safe-Error Attack on SPA-FA Resistant Exponentiations Using a HW Modular Multiplier , 2007, ICISC.

[37]  Darshana Jayasinghe,et al.  Constant time encryption as a countermeasure against remote cache timing attacks , 2012, 2012 IEEE 6th International Conference on Information and Automation for Sustainability.

[38]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[39]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[40]  Dan Page,et al.  Defending against cache-based side-channel attacks , 2003, Inf. Secur. Tech. Rep..

[41]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[42]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..

[43]  William D. McInerney,et al.  3 – Attacks and Countermeasures , 1987 .

[44]  Alessandro Trifiletti,et al.  Effectiveness of Leakage Power Analysis Attacks on DPA-Resistant Logic Styles Under Process Variations , 2014, IEEE Transactions on Circuits and Systems I: Regular Papers.

[45]  Dan Page,et al.  Partitioned Cache Architecture as a Side-Channel Defence Mechanism , 2005, IACR Cryptology ePrint Archive.

[46]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[47]  Alessandro Trifiletti,et al.  Leakage Power Analysis attacks: Effectiveness on DPA resistant logic styles under process variations , 2011, 2011 IEEE International Symposium of Circuits and Systems (ISCAS).

[48]  C. D. Walter,et al.  Sliding Windows Succumbs to Big Mac Attack , 2001, CHES.

[49]  Markus G. Kuhn,et al.  Optical time-domain eavesdropping risks of CRT displays , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[50]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004 .

[51]  George S. Taylor,et al.  Improving smart card security using self-timed circuits , 2002, Proceedings Eighth International Symposium on Asynchronous Circuits and Systems.

[52]  Darshana Jayasinghe,et al.  Remote Cache Timing Attack on Advanced Encryption Standard and countermeasures , 2010, 2010 Fifth International Conference on Information and Automation for Sustainability.

[53]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[54]  Stefan Mangard,et al.  A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion , 2002, ICISC.

[55]  Bart Coppens,et al.  Compiler mitigations for time attacks on modern x86 processors , 2012, TACO.

[56]  Sri Parameswaran,et al.  CoRaS: A multiprocessor key corruption and random round swapping for power analysis side channel attacks: A DES case study , 2012, 2012 IEEE International Symposium on Circuits and Systems.

[57]  Sri Parameswaran,et al.  RIJID: Random Code Injection to Mask Power Analysis based Side Channel Attacks , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[58]  Pankaj Rohatgi,et al.  EMpowering Side-Channel Attacks , 2001, IACR Cryptology ePrint Archive.

[59]  Per Larsen,et al.  Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity , 2015, NDSS.

[60]  Sri Parameswaran,et al.  A double-width algorithmic balancing to prevent power analysis Side Channel Attacks in AES , 2013, 2013 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[61]  Tim Collins,et al.  Secure contactless smartcard ASIC with DPA protection , 2001 .

[62]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[63]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[64]  Sri Parameswaran,et al.  Multiprocessor information concealment architecture to prevent power analysis-based side channel attacks , 2011, IET Comput. Digit. Tech..

[65]  Sean Murphy,et al.  Pairs and triplets of DES S-boxes , 2004, Journal of Cryptology.

[66]  Catherine H. Gebotys A table masking countermeasure for low-energy secure embedded systems , 2006, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[67]  Henk L. Muller,et al.  Non-deterministic Processors , 2001, ACISP.

[68]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[69]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[70]  Jalpa Bani,et al.  A New Dynamic Cache Flushing (DCF) algorithm for preventing cache timing attack , 2008, 2008 Wireless Telecommunications Symposium.

[71]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.