modern threat model
- bypass strong cryptography
- bypass access privileges and authentication protocols
- observe physical variables
- sound
- voltage
- current
- EM radiation
eg.
arduino Uno uses AES-128
AES-128 has 10 rounds of operation
using oscilloscope, able to map wave to operation
observing physical variables
- passive –> use sensor to monitor
- timings
- power consumption
- EM radiation
- sound, temperature - invasive
- micro probing –> probe bus, read data directly
- circuit modification –> override security measures
- photonic emissions
- attacks are effective but costly
side channel attacks
- based on information gained from physical implementation of system
- information is leaked unintentionally
- does not depend on theoretical weakness in application or algorithm
- not constrained by access privileges
- requires expensive test environment
2 types of side channel attacks
- power consumption analysis
2. timing analysis
power consumption analysis
different power consumption when running, 0s and 1s
power consumption is related to operation and algorithm
2 main techniques
- simple power analysis
- differential power analysis
simple power analysis
- pump in known input
- observe output
- measure fluctuation in power consumption across a resistor or capacitor(reduce noise)
operation is in attacker control
protection is tamper proof
eg.
find patterns in the graph
match with numerical operation
match with instructions
Hamming weight model
- binary 0s and 1s have different power consumption
- 1s uses more power
- binary with the most 1s should have highest voltage
4 easier to guess which binary number has which voltage
eg.
- 15 00001111
- 25 00011111
when making jump –> access memory location –> semiconductor –> more power used
Differential power analysis
- when key guess is correct, spike in power
- take samples to reduce noise
- as many samples are needed, use software to collate, measure, provide statistical correction
guesses one bit at a time
Timing analysis attack
- learn the system secret by observing how long it takes to perform computation
- goal is to extract private key
- extremely powerful as isolation does not help
- target could be remote, inside VM, tamper proof - attacker simply monitor input and output response time
able to guess
- bypass operations
- RAM hit/miss
- processor instructions
- algorithms
- command sequences
Timing analysis attack: keystrokes
- focus on touch typing (standard time patterns in typing passwords)
- data collection
- pick one random password and ask user to type
- need large sample
Countermeasures for time analysis attack
switch off echo mode –> user typing can still be measured on client-side
randomise timing of keystrokes
set echo delay to be constant
