What are side channel attacks?

In cybersecurity, it is increasingly common to hear about side-channel attacks that exploit the implementation of a computer system rather than its algorithms or software. It all broke out when vulnerabilities in processors like Meltdown and Specter were discovered, but since then more and more have continued to emerge, as well as new techniques to perform such attacks.

What are side channel attacks?

In computer security, a Side Channel Attack is any attack that relies on information obtained through the implementation of a computer system rather than the weaknesses of the implemented algorithms themselves. The fact that side channel attacks produce physical effects when encryption systems are operating, and information derived from these effects can give clues about the systems. In particular, these attacks use one of these effects to obtain additional information about the secrets of the algorithms used.

Attackers can measure the electromagnetic emissions from these various processes over time and then use these insights to gain insight into a cryptosystem and encryption system keys. If attackers observe and analyze information from cryptographic transactions, they can use this information to learn the details of the encryption system and secret keys, ultimately undermining the security of the systems. Constant-time algorithms work on the theory that if time information from different processes provides clues to an attacker trying to compromise a system, removing this useful information will help maintain system security.

How are side channel attacks performed?

This eliminates the ability of attackers to leverage timing information to break the underlying systems. If attackers can execute their code on systems that use memory caching, they can exploit time-based attacks by looking not only at the execution time of the target application, but also at their own memory access time.

For embedded systems where an attacker has access to the hardware, heat and power are the most significant sources of leakage, but time-based attacks are more likely to increase in multitasking and multiprocessor systems where the attacker can discard code or exploit interactions. For networked systems, time-based attacks are more suitable and have been widely used. Another scenario that is quite familiar on the Internet surface is a time-based attack on blind SQL. The same applies, for example, in the case of a time-based attack on the web system to enumerate possible valid users.

By monitoring and measuring these delays, a malicious agent can perform actions known as side-channel attacks and re-create sensitive information stored in a program, such as a cryptographic key or password. In this case, an attacker can analyze processor response times and find out which caches are leaked, revealing confidential information.

What are side channel attacks used for?

Side channel attacks exploit noise, frequency, power usage, etc. to obtain the secrets of the execution workflow of ordinary applications and achieve the final result. can be used to exploit secondary information (e.g. plaintext versus ciphertext). It has been shown that a side-channel attack based on a deep learning framework using the energy and electromagnetic information of various devices can break the secret key of another identical device with just a trace.

A side-channel attack breaks the encryption by using information leaked from the encryption, for example by monitoring electromagnetic field (EMF) radiation emitted by a computer screen to see the information before it is encrypted, for example a Van phreaking attack (also known as Eck) or Transient Electromagnetic Pulse Emission Standard (TEMPEST) ). A side-channel attack is a type of vulnerability that aims to gather information about or affect the execution of a system program by measuring or exploiting the indirect effects of a system or its hardware, rather than directly targeting a program or its code. Another countermeasure in the first category is the use of security analysis software to detect specific classes of side-channel attacks that can be discovered during the design stages of the underlying hardware itself.

Examples of side channel attacks

In addition to reputational risks for silicon vendors, users of protected devices are at risk because an adversary can use side-channel analysis to recreate encryption keys and attack the system for financial gain or access to sensitive data. These attacks are a significant threat to modules that integrate cryptographic systems. For example, last year multiple flaws were discovered in some of the most popular pieces of physical hardware, with names like Meltdown, Spectre, Fallout, RIDL, and Zombieload each leveraging side-channel attacks as part of their obfuscation techniques.

As concrete examples of how emerging threats can manifest themselves, researchers from several different institutions have investigated data leakage from Intel CPUs. In 2017, two vulnerabilities were discovered in CPUs (nicknamed Meltdown and Spectre). To defend against such attacks against the SoC, it is important to understand how the information is obtained and identify ways to avoid it and, in particular, some countermeasures that can be implemented in low-power IoT CPUs to mitigate the threat.

A power analysis attack can provide more detailed information by looking at the power usage of hardware devices such as CPUs or encryption circuits. By monitoring how much power a system or one of its subcomponents uses or for how long, an attacker can infer activity on the system. In this case, the adversary can compare the duration of a known system with that of the victim to make an accurate prediction.

Beyond this simple strength analysis attack, there are more complex attacks that save sampled runs from multiple runs and apply statistical correlations to them to derive a private key. From the attackers’ perspective, almost any accidental information leak can be collected to learn what not to do. An attacker can leverage existing systems to access information they need to block. Using this type of attack can be extremely risky as it uses a different environment than traditional approaches to discover vulnerabilities.