One of the advantages of a Netflix subscription is the opportunity to binge-watch previously overlooked shows. We recently discovered “NCIS,” which made its debut in 2003 and is still going strong after more than 300 episodes. Several nights a week we thrill to the exploits of the intrepid team of agents from the Naval Criminal Investigative Service, especially the ease with which they hack into any secure system—from banks to the NSA—in a few minutes, armed only with a desktop or laptop.
One of the advantages of a Netflix subscription is the opportunity to binge-watch previously overlooked shows. We recently discovered “NCIS,” which made its debut in 2003 and is still going strong after more than 300 episodes. Several nights a week we thrill to the exploits of the intrepid team of agents from the Naval Criminal Investigative Service, especially the ease with which they hack into any secure system—from banks to the NSA—in a few minutes, armed only with a desktop or laptop.
Luckily for both the banks and the nation, it’s not quite that easy. A state-of-the-art encryption scheme such as AES-256 is essentially unbreakable. A key for AES-256 has 1.1 x 1077 possible combinations; cycling through all of them until finding the correct value (a brute-force attack) would take considerably longer than the life of the universe, even checking a billion billion (1018) keys every second.
Many security-conscious applications including bank ATMs, the electrical grid, industrial control, and the home, exchange secure information between a central server and a remote node containing an embedded microcontroller that performs the cryptographic operations. For the system architect, an embedded system poses unique challenges because a hacker can gain access to the hardware and use it to obtain the desired information.
If the bad guys can buy or steal a unit and get it into the lab, they can mount an invasive attack: remove the chip packaging, inject signals, and probe internal nodes to try and recover cryptographic keys. Another invasive strategy involves deliberately inducing system faults and logging the response.
A non-invasive attack strategy relies on the fact that even if the encryption method is mathematically unbreakable, any physical implementation must leak information about the process of calculation. A side-channel attack targets the physical implementation of the cryptographic code instead of the code itself; the method measures changes in device characteristics as the microcontroller performs its calculations and uses the data to draw conclusions about secure information.
A side-channel attack is much simpler to mount than its invasive counterpart: it may only require common laboratory equipment such as a PC, temperature probe, and digital oscilloscope. Standard side-channel attacks include:
Power analysis attack: Measures the power dissipation of the chip during cryptographic operations. Analysis can reveal what operations are performed in the chip, leading to conclusions about the secure information. In a differential power analysis, the attacker makes guesses about a secret or private key, collects the power signals related to the hypothesis, and correlates it with the actual power signal. The stronger the correlation between the hypothesis and the actual measurement, the closer the guess. After multiple operations, statistical analysis can yield the secret key.
Timing attack: Logs the number of clock cycles needed to provide a cryptographic result. The variation in computation time can provide information about the secure key’s Hamming weight—the correlation between the predicted key and the real value.
Electromagnetic emission attack: Uses the electromagnetic radiation emitted from the chip for simple or differential analysis using a comparable approach to that of a power attack. The attack can target a specific area of a chip and can even use a remotely-mounted detector.
Secure Designs Combat Hardware-Based Attacks
Recognizing the security risks posed by embedded systems, manufacturers are developing secure microcontrollers (MCUs) and other devices that include features to combat invasive and side-channel attacks.
A secure microcontroller includes a variety of specialized features. A die shield, for example, is a tamper-proof conductive mesh that surrounds the MCU to protect against decapsulation and interference in circuit operation. The mesh acts as a sensor in which all of the paths are monitored for interruptuons or short circuits; a supervisory module can take action, such as deleting sensitive data, if it detects tampering. The die shield also does double duty by forming an electromagnetic shield to protect against a side-channel EM attack.
Excessive variations in system voltage and temperature are two common ways to mount a hardware attack. An on-chip environmental monitor detects such excursions and initiates an appropriate response: switching to backup battery power if the system voltage is removed, then zeroing out private keys if the backup power drops out.
Several manufacturers offer microcontrollers that incorporate these features. ARM produces the SecurCore® processor family, aimed primarily at tamper-resistant smart card applications. STMicroelectronics offers a family of secure MCUs built around this architecture. Their ST33 microcontrollers use ARM’s SecurCore® SC300™ 32-bit RISC core, a derivative of the Cortex® M3; protections include an active shield, memory protection unit, and environmental parameter monitoring.
Maxim Integrated has also introduced a range of security products that include protection against invasive attacks. Their DS28E38 is a secure authenticator that uses ChipDNA™ PUF technology to implement ECDSA public-key encryption. ChipDNA provides security by using “physically unclonable function” (PUF) technology to generate a unique key for each device.
Maxim’s being coy about the precise PUF mechanism, but in general a PUF depends on the unique character of a device’s physical microstructure, which itself depends on random variables introduced during manufacturing. The result is a unique key that reflects the precise analog characteristic of the particular IC. The key is repeatable over temperature, voltage, and IC operating life conditions, but is altered by invasive probing or attempts at modification, changing its value and rendering it useless. The DS28E38 generates the unique PUF key only when needed for a cryptographic operation and then immediately deletes it, so it’s not available anywhere on the device for an attacker to access.
Side-Channel Attacks Require A Multi-Layer Defense
What can the designer do to protect against an attack based on passive monitoring of system parameters: i.e., a side-channel attack?
The algorithms and source code for the standard encryption schemes are publicly available, and the steps needed to perform the encryption operations and their correlations to physical events—power consumption, emissions, or computation time—are well understood. To combat a side-channel attack, therefore, the underlying principle is to break, or at least minimize, the link between the physical effect and the cryptographic operation. Ideally there should be no correlation between the two events.
Strategies to combat a side-channel attack can be hardware- or software-based. The hardware can be designed to minimize the magnitude of the relevant parameter in all phases of operation and normalizing it so that it remains unchanged during the cryptographic operation. Adding clock randomization, for example, can decouple execution time from the underlying operation; increased shielding or added internal metal layers can reduce emissions.
In software, the link between the leakage and the underlying operation can be obscured by inserting random elements such as wait states into the computation algorithm; or the code can be written to exhibit a constant execution path regardless of the operation being performed.
Needless to say, any countermeasures will incur penalties ranging from reduced computational efficiency to increased product size or cost.
As more and more systems exchange sensitive information, designers of secure embedded systems must continue to innovate to keep one step ahead of the hackers. Hardware-based attack and defense is at the forefront of this cat-and-mouse game.
