Author: Angela Raucher, Product Marketing Manager, ARC Processors, Synopsys
As additional security measures such as encryption and authentication are added to IoT applications, hackers must work harder to get the desired information or disrupt the operation of a network. How much effort and time they will spend will depend on the value of the information, making high-value targets especially vulnerable. This article focuses on techniques for protecting against side-channel attacks, which are attacks that rely on information from the physical implementation of security rather than exploiting a direct weakness in the security measures themselves.
To put it simply, perhaps your family is going out of town and you don’t want anyone to know. You don’t tell anyone you are leaving, you move your luggage to the car in the dead of night, and you leave some lights on in the house. Unfortunately, though, you may leave a trail of clues about your absence that your neighbors or criminals may pick up on to figure out the information without looking in your windows or breaking in. For example, there is a stack of newspapers on your front porch, the same lights are on day and night, and your dog that is always barking is somehow quiet. Using side-channel information to enable an attack is similar, although it requires a lot more effort than the simple example above. To protect against such an attack in an SoC, it is important to understand how the information is obtained and determine ways to prevent that from happening, and specifically some of the countermeasures that can be implemented in low-power IoT processors to diminish the threat.
As mentioned above, side-channel attacks rely on information that is gained based on the implementation of security, generally cryptographic functions. For an SoC, the information “leaked” includes timing information of operations, power consumption, and electromagnetic radiation. This information can reveal sensitive information such as cryptographic keys. As an example, let’s look at a side-channel analysis done on an RSA transaction. RSA is an asymmetric cryptographic standard commonly used in key exchange and uses modular exponentiation as a basis. In the example in Figure 1, RSA is implemented using a method where a square function is used if the key byte is odd, and square and multiply is used if the key byte is even. A would-be hacker will be able to measure a shorter peak for a 0 and a longer peak for a 1, making the secret key almost literally visible on the oscilloscope. Beyond this simple power analysis attack, there are more advanced attacks that record sample traces from multiple runs and apply statistical correlation on these to obtain the private key.