A Brief Peek Into the Fascinating World of Side Channel Attacks
As engineers, we often need to think about issues of data privacy and security. Side channel attacks, once the preserve of spies and governments, are increasingly becoming possible for less well funded attackers. Devising ways to protect against these attacks whilst still having a useable device can be challenging, especially given the range of interesting ways that data security can be compromised.
It’s important to have an overview of the types of attacks possible, so that you can design with protection in mind. It’s not just sensitive data that can be compromised, but whole control systems could be at risk. Something to bear in mind when working with or designing projects that rely in any way on computers or digital devices like flow sensors or RF communications.
Most of you will already know that it’s virtually impossible to secure digital data from a really determined attacker. As computers enter more areas of our lives, the ways that our data can be accessed continue to grow. Improvements in technology are helpful to information security professionals and hackers alike, and attacks that would have been unlikely or impractical just a few years ago are increasingly accessible to those with the right skills and equipment.
Just What Are Side Channel Attacks?
Side channel attacks make up some of the most interesting ways to compromise an electronic system. Methods of accessing your systems that would have sounded laughable just 5 years ago are now used widely by marketers, and protecting against every known attack vector is impossible if you also want to use your device in any normal fashion.
Side channel attacks utilise novel emissions from hardware generated by digital devices in their day to day usage. Many of them are hardware-dependant, though at this point the hardware that remains vulnerable includes things like ‘all smartphones with a microphone’, ‘computers with LED indicators’, and ‘machines with a CPU made before 2018 by Intel, IBM, AMD, or ARM’. Some of the methods used include:
- Audio-based attacks (e.g. ultrasonic beacons; acoustic cryptanalysis)
- Cache & Timing Attacks
- Power Analysis/Monitoring
- Electromagnetic Emission Monitoring
- Differential fault analysis
- Data remanence (e.g. cold boot attacks)
- Software-initiated fault attacks (e.g. RowHammer)
- Optical attacks
The History of Side Channel Attacks
In the 1950s the CIA discovered that they could recover plaintext of supposedly ‘secure’ military communications on the Model 131-B2 over ¼ mile away on power lines — a secure Army and Navy communication encryption machine using ‘unbreakable’ one-time tapes (one-time pads are still considered the only ‘unbreakable’ form of cryptography). This was after the machine had already been modified in the 1940s — the original version showed up to 75% of keys pressed to be decipherable on an oscilloscope nearby in a lab — leaks were caused by radio frequency emissions from the electrical contacts in the relays, induction signals on the communications network up to 1 mile away, and electromagnetic leakage from the coils in the relays to a distance of about 30ft.
Around the same time, Russian intelligence services began to issue instructions to their personnel to guide them through minimising their side channel attack exposure.
In 1964 US counter-intelligence found 64 microphones and a large metal grid in the ceiling of their embassy in Moscow. All of this led to the development of TEMPEST and combined with the Russian intelligence agency’s publication of how to prevent EM side channel attacks the beginning of research into these attack methods and their prevention. The countermeasures first developed by intelligence agencies from the end of WWII through the cold war still form the basis of side channel attack mitigation — low power, shielding, and a secure environment.
Types of Side Channel Attacks
EM attacks are essentially power monitoring attacks with a further magnetic component, adding depth and detail to the signals being analysed.
EM attack methods essentially combine power monitoring attacks with monitoring of the magnetic spectrum at various distances. Today’s low-power devices usually require that an attacker be fairly near the device being monitored at least once to install monitoring hardware.
An example of an EM attack at consumer level is RFID skimming, which can be done from a few feet away. Definitely something to consider now that contactless bank cards and travel permits are commonplace.
In the case of a physically compromised cryptographic system, physically accessing the device to get close-in readings of the microprocessor(s) in action (e.g. a CMOS chip or CPU). Clearly this type of technique is only really worthwhile for high-value targets, though the falling price of equipment and improvements in the techniques involved mean that an increasing number of methods are no longer inaccessible to anyone but state-level security operations.
A very thorough description of these methods can be found at https://bit.ly/2NngEpQ, including a discussion on probe design.
Acoustic cryptanalysis makes use of the sounds made by various devices to work out the content that’s being input or displayed in a number of different ways. One of the earliest known side channel attacks was used by MI5 against the Egyptian Embassy in London in 1965 to deduce rotor settings on a mechanical cipher machine used for secure communications.
By recording key strokes, input from keyboards (including ATM keyboards) can be worked out based on the slightly different sound each key makes. With the right microphone, the sound made by print heads on an ink jet printer can be used to reconstruct what was printed. Recently security researchers have been able to prove that it’s possible to record the coil whine from an LCD monitor to work out what’s being shown — previously listening to coil whine was only a laptop security issue.
In fact, with consumer-level devices, the constant drive for lower power (e.g. EnergyStar ratings on old PCs, low power Bluetooth LE) aren’t just part of a campaign to be eco-friendly; lower emissions and greater shielding are a key part in protecting devices from electromagnetic (EM) and other side channel snooping.
Mobile phones, with their huge range of always-on sensors are particularly at risk when it comes to privacy-compromising side channel attacks. Ever wonder why you’re getting ads on your phone related to a band you saw play at a music festival or a store you visited?
Though not by any means the only way that your smartphone can extract the private data you’re your life that advertisers and marketers exploit, ultrasonic beacons are increasingly used by advertisers to spy on your movements, media consumption, website visits, and more. Often using audio between 18 and 20 kHz range (just about audible to younger people when there’s no background noise), there are hundreds of Android apps that listen out for these beacons — a privacy issue that also has the potential for misuse.
Because most of the use cases are in noisy or crowded areas, the sound is often hard to detect ‘’in the wild’ — any higher, and many cheaper/older smartphones may not pick up enough of the beacon signal. Of course, a more malicious user could leverage this data to enable other attacks, including those in the real world.
Accelerometers are also an issue when it comes to audio attacks. Not only can they be turned into a microphone, they can also be used to disrupt a system. Though chances are the only accelerometers you own are in your phone and maybe your tablet or laptop, they’re also widely used in industrial control systems, e.g. as part of fuel flow controllers at a power plant. A more serious attack could involve drones overflying a target location and broadcasting a disruptive sound frequency, effectively causing a denial of service attack in the flow control system.
Cache & Timing Attacks
Cache based attacks on CPUs have been around for a number of years, with Spectre and Meltdown being some of the widely known issues of recent times. These attacks use things like execution times or execution order to leak secure information. In 2016 a team from Graz University of Technology proved that cache attacks are possible on un-rooted Android smartphones, leaving no type of CPU-based digital device unaffected. Because these attacks rely heavily on statistical analysis and repeated loops to attack the underlying architecture of a system, faster machines have made cache and timing-based attacks faster and more accessible than ever.
Power Monitoring Attacks
Every digital device uses power, and as every 0 or 1 is switched the power varies. This forms the basis of most power monitoring attacks. More sophisticated attacks can be used to retrieve cryptographic keys from devices, but with the advent of the Internet of Things, many households now have relatively insecure devices with default passwords installed on their home networks. Even encrypted IoT devices can be identified by their power use signatures, and once an attacker knows what devices you have installed they potentially have a route into your home network.
Smart meters are also an issue for an increasing number of users. Often, they collect such fine-grained data that they can tell if you’re boiling a kettle — or taking a shower. Combined with another power monitoring attack — one that reveals the encryption key of SIM cards (which all smart meters have), an attacker could monitor your home remotely, and ultimately find a way onto your home network. A malicious attacker could also bump up your bill, or know if you’re away.
IoT leveraged network attacks are something that users need to be aware of, many offices have insecure IoT cameras with poor encryption and/or easily discovered default passwords Power analysis is just one of the ways that an attacker could identify the model of IP camera, and a few seconds later be shoulder surfing passwords, account details, usual times for the office to be empty, and more — one of the simplest types of optical side channel attacks.
Differential Power Analysis
Differential Power Analysis takes multiple traces of two sets of data, then computes the difference of the average of these traces. If the difference is close to zero, then the two sets are not correlated, and if the p-value (typically ≥ 0.05) is higher, correlation can be assumed to be possible. By leveraging faster hardware and common sense, the difficult-to-solve 128-bit AES key can be broken into 16 bytes, where each byte can be solved individually.
Testing each byte requires only 28, or 256 attempts, which means it would only take 16 x 256 or 4,096 attempts to be able to decipher the entire encryption key. This is another attack that was once the preserve of state-backed intelligence operations.
Like other side channel attacks, these range from the relatively simple (eavesdropping on a monitor via reflections) through to complex (communicating with an infected device via LED blinks). In a more hi-tech optical attack, lasers can be used to both read key strokes and inject faults that are later read to deduce the cryptographic key being sought.
Side Channel Attacks in General
Many of these attacks can be used to leverage other attacks, thus gaining more information about the target. If you’re working in a high security environment, you will already know many of the ways to mitigate against these types of attacks — if you aren’t but there’s a chance someone is after your data then it’s time to look into ways to protect yourself.
All of the links in this article lead to some very thorough technical resources if you want to find out more about how side channels can be exploited. As engineering problems, devising ways to protect against these attacks is an ongoing task — especially given the rapid pace of technology.
The only way to fully protect against side channel attacks is to use your digital devices in a room buried deep underground, accessed by a long tunnel with shielded doors, lined with a Faraday cage, and running off of your own portable power supply. Luckily, very few people are in a position where the data they’re working with is quite this sensitive. We’re far more likely to fall victim to the “soft” end of side-channel access — BLE beacon powered advertising and the like, so rest easy.