Lateral canal attack

A side-channel attack ( English side-channel attack , meaningfully translated, but unusual: co-channel attack ), also side-channel attack , called a cryptanalysis method for the physical implementation of a cryptosystem in a device (eg a. Smart card , a security token or a hardware security module) or in software. It is not the cryptographic process itself that is attacked, but only a specific implementation, i.e. H. other implementations may be unaffected by the attack.

The principle is based on observing a cryptographic device during the execution of the cryptological algorithms and finding correlations between the observed data and the key used. This characteristic information can be obtained by analyzing the running time of the algorithm, the energy consumption of the processor during the calculations or the electromagnetic radiation. Active, invasive attacks consist of intervening in the device and introducing errors in the execution of the cryptological algorithm. To prevent this, a side channel analysis is therefore part of the weak point analysis in the Common Criteria certification of chip cards and similar devices.

Examples of side channels

Timing attack

The timing attacks discovered by Paul C. Kocher in 1996 measure the computing time of the implemented cryptographic procedure for various inputs (usually selected by the attacker). Cryptosystems require slightly different execution times in order to process different inputs. These performance characteristics are dependent on both the key and the input data (plain text or ciphertext). The key can be gradually reconstructed through the runtime analysis.

Timing attacks have been published against both smart cards and software implementations.

Use memory

If processes on one computer share memory areas, they can infer the operations carried out from the use of the memory by the other process. Typical examples:

2005: A corresponding attack against OpenSSL exploited the shared use of the level 1 cache in Hyper-Threading of the Pentium 4 .
2015: Rowhammer
2017: Meltdown
2018: Specter

Simple Power Analysis (SPA)

Simple Power Analysis is a method in which the energy consumption of a microprocessor is recorded directly during cryptographic calculations. The energy consumption varies depending on the microprocessor instructions being executed. It thus provides information about the operations performed and the key.

A trace is a set of energy consumption measurements obtained from a cryptological operation. The comparison of tracks discovers patterns such as DES rounds or RSA operations . Differences in the tracks provide information about the key.

Differential Power Analysis (DPA)

Differential Power Analysis compares traces by using statistical methods in addition to the SPA technique.

Bug attacks

A bug attack uses incorrectly implemented functions in microprocessors ( e.g. Pentium FDIV bug ).

Electromagnetic radiation

The electromagnetic fields generated by a computer or device during calculations can often be measured at some distance and also allow conclusions to be drawn about the operations performed. These attacks are known as Van Eck phreaking or TEMPEST .

Sound analysis

An analysis of the operating noise of a computer with the help of inexpensive microphones can be used to extract RSA keys.

Dot matrix printers generate noises that allow conclusions to be drawn about the characters printed. After a learning phase and knowledge of the context, text recognition is better than 70% achievable.

Examples of active attacks

Reaction to incorrect entries

Some cryptographic implementations react differently to incorrect entries, depending on the point in the processing at which an error occurs. The type of reaction therefore provides an attacker with information about the secret key used. Such an attack was z. B. published against widespread implementations of SSL.

Glitch attack

Glitch attack is a method of compromising a crypto processor by interrupting the execution of machine instructions. The attacker observes the signals given during program execution. At the precise moment in which a compare or jump instruction is executed, it adds a disturbance that blocks the execution of the instruction. In this way you could e.g. B. bypass a critical authentication routine. In this way, the bootloader of the Xbox 360 was "tricked".

Differential Fault Analysis (DFA)

Differential Fault Analysis is a method of investigating a cryptographic unit by adding errors to it. This is mostly generated by changing the voltage, manipulating the system clock or radiation. The intervention can lead to four results: no effect, false results that can be exploited, no response, physical destruction. In this attack, the same plaintext, which may be unknown, is encrypted twice: once under regular conditions and once under test conditions. The two ciphertexts are then compared. Bit differences provide conclusions on z. B. the RSA signature scheme.

Countermeasures

Countermeasures work specifically against one or more forms of attack. These include: runtime smoothing through constant code execution (insertion of redundancies in order to execute machine commands independent of data, avoidance of conditional jumps), physical shielding against EM emissions, insertion of noise ( code obfuscation , gate obfuscation, signal noise etc.).

literature

National Computer Security Center: A Guide to Understanding Covert Channels
Paul Kocher: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. Proc Int Cryptol Conf, Volume 1109 of Lecture Notes in Computer Science, Springer 1996, p. 104-113. ISBN 3-540-61512-1
Paul Kocher, Joshua Jaffe, Benjamin Jun: Differential Power Analysis (PDF; 217 kB), Volume 1666 of Lecture Notes in Computer Science, Springer 1999, p. 388-397.

Individual evidence

↑ The ÖFIT trend sonar in IT security - side channel analysis. Fraunhofer FOKUS Competence Center Public IT, April 2016, accessed on May 20, 2016 .
↑ https://www.heise.de/newsticker/meldung/Sicherheitsluecke-bei-SSL-Bibiliotheken-74999.html
^ Andreas Stiller: eavesdropping. Hyper-Threading Security Risk . In: c't . tape 13 , no. 14 , 2005, pp. 48 ( heise.de [accessed June 13, 2019]).
↑ Eli Biham , Yaniv Carmeli, Adi Shamir : Bug Attacks . CRYPTO 2008, LNCS 5157, pp. 221-240, Springer, 2008
↑ RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
↑ Backes et al .: Acoustic Side-Channel Attacks on Printers ( Memento of May 8, 2012 in the Internet Archive ) (PDF; 827 kB)
↑ PDF at eprint.iacr.org
↑ gligli: The Xbox 360 reset glitch hack. August 2011, accessed on February 21, 2012 (English): "We found that by sending a tiny reset pulse to the processor while it is slowed down does not reset it but instead changes the way the code runs"

[1] The ÖFIT trend sonar in IT security - side channel analysis. Fraunhofer FOKUS Competence Center Public IT, April 2016, accessed on May 20, 2016 .

[2] ttps://www.heise.de/newsticker/meldung/Sicherheitsluecke-bei-SSL-Bibiliotheken-74999.html

[3] Andreas Stiller: eavesdropping. Hyper-Threading Security Risk . In: c't . tape 13 , no. 14 , 2005, pp. 48 ( heise.de [accessed June 13, 2019]).

[4] Eli Biham , Yaniv Carmeli, Adi Shamir : Bug Attacks . CRYPTO 2008, LNCS 5157, pp. 221-240, Springer, 2008

[5] RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

[6] Backes et al .: Acoustic Side-Channel Attacks on Printers ( Memento of May 8, 2012 in the Internet Archive ) (PDF; 827 kB)

[7] PDF at eprint.iacr.org

[8] : The Xbox 360 reset glitch hack. August 2011, accessed on February 21, 2012 (English): "We found that by sending a tiny reset pulse to the processor while it is slowed down does not reset it but instead changes the way the code runs"