Side Channel Attack

Question: Discuss about the report for Side Channel Attack? Answer: Introduction Side channel attack is based on side information and which are retrieved from encryption devices where information is coded in an abstract manner (Benger et al.). In computer and communication system, security is a major concern. In the past, encryption devices receive plain text as input and generate ciphertext as output (Carlet et al.). At that stage, attacks occurred either knowing the plaintext or knowing the ciphertext or both. Now a day, these encryption devices have additional input with additional output, and those are not in the form of plain text or ciphertext. These encrypted devices also produce timing information, power consumption statistics, and many more things. Side channel attacks use these data and information with other cryptanalytic techniques (Braunstein, Samuel and Stefano Pirandola). A cryptographic algorithm with public key ciphers, hash functions, and symmetric chippers form building block to construct and implement security mechanism in the network channels. However, some side channel attacks sometimes also called physical attack tries to modify the secret parameters involved in the cryptographic devices. In order to keep these devices secure, some major countermeasures will be discussed in the following sections. Side Channel Attack Side channel attack is considered as a form of reverse engineering, where changes in the processing behavior are monitored and examined, on a regular basis during the execution and operations of the cryptographic algorithm (Carlet et al.). The Cryptographic primitive is viewed as an abstract object that is transferred some input to some outputs by using a parameterized key. On the other hand, this cryptographic primitive sometimes implemented inside a program this will run on a processor to present some specific characteristics (Chen et al.). First consideration is viewed as classical cryptanalysis and the second one is called physical security. Physical attacks or side channel attacks are numerous and considered by the cryptographic device manufacturers very seriously (Coron et al.). Some of these side channel attack types are described in the following sections NonInvasive vs. Invasive: Noninvasive attack damages the information which is externally available such as power consumptions and running time (Crane et al.). On the other hand, invasive attacks depackage the chip and tries to access the internal information and data of the inside components (Dabosville et al.). An example of this attack is to see the occurrences of data transfers; wire can be connected to a data bus. Passive vs. Active: Active attacks modify the devices functioning like fault indication attack tries to add errors in the computation programs and processes (Guo et al.). Conversely, passive attacks is not so harmful, it just observes the behaviors of the cryptographic devices while their processing, but do not change them. The above side channel attacks are trying to damage and steal the physical leakage information such as electromagnetic radiation, timing information, and power consumption. As they are passive, non invasive and can be performed by cheap devices, lead to greater security threats for most of the cryptographic hardware devices (Hund et al.). These devices are ranged from smart cards to small computers, and radio frequency identification devices. Side Channel Attacks- Models While assessing the security of cryptographic module in the traditional cryptanalysis model, it has been assumed that the opponent party almost has all the knowledge about the protocol and all its public keys (Kotipalli et al.). Moreover that, the adversary may also have some intercepted data which can be engaged with valid participants and have the control over the nature of the data. Then the adversary will try to exploit the designs in the network protocol. In this case, mathematical abstraction tool cam is used as a cryptographic primitive to evaluate the security of the devices by considering them as mathematical functions (Kumar, Pardeep and Jagdeep Kaur). Secure cryptographic algorithm offers security against the unauthorized users who only have the access to the confidential information of the authorized users. However, this is not sufficient and adequate to protect cryptographic devices from these kinds of side channel attacks (Liu et al.). By monitoring the current scenario of physical attacks or side channel attacks, researchers have discovered that these kinds of attacks exploit the properties of the devices, modify the characteristics of the network and operating system. Therefore, it becomes so easy to utilize the leaked information for unauthorized activities (Braunstein, Samuel and Stefano Pirandola). In a recent case, it has been seen that adversary of the traditional security model can see the electromagnetic radiation or power consumed by smart card while it performs signature generation and decryption operation with public keys (Mohamed et al.). Te opponent party also can measure the operation time of the cryptographic operation and analyze its behaviors whenever errors are occurred (Prouff, Emmanuel and Matthieu Rivain). Therefore, side channel information can be easily gathered, so that proper security model must be used. Classic Side Channel Attacks Timing Attack: This attack is defined as the total time required for the performance of cryptographic operations. As these execution operations have conditional branching statements and unnecessary statements, operation time varies with inputs of the cryptographic devices (Veyrat-Charvillon et al.). Side channel attackers use these differences to make exact and proper identification of the encryption key. Time sample is gathered with inputs, and those samples are applied into the statistical model. This model helps to obtain the behaviors of the devices and keys used inside it (Yarom, Yuval and Katrina Falkner). By measuring the total required time, attackers easily find out and guess the behaviors of the fixed components and damage and modify other components and cryptosystems. Electromagnetic Attack: Electric current always carried out an electromagnetic field with it. This carried electromagnetic field includes some crucial and additional information such as time, the amount of consumed power, etc. If all these information and data can be collected and measured out; a side-channel attacker easily enters into the system and exploits the whole security system to find out the secret key (Yarom, Yuval and Naomi Benger). Electromagnetic attackers use this confidential information as side channel data and leads to EM attack inside the system. Radiations from these electromagnetic fields can be of two kinds; one is intentional, and other one is unintentional (Zhang et al.). Side channel attack explores and occurs due to unintentional radiations which help to find out and guess the secret encryption key of the cryptographic device. Fault Analysis Attack: It is dependent on the errors and faults cretaed by the cryptographic modules and devices either naturally or intentionally. The faulty outputs which are generated from these devices are the side channel information of faulty analysis attack (Zhao et. al.). The main two reasons behind these kinds of faults are computational faults while the operation of cryptographic computation and when the corrupted input is applied into the module or device to generate false outputs. Side channel attackers can achieve these successfully by two steps. In the first step, faults are injected into the device, where the time of injection is the primary concern (Naomi et al.). In the second step, attackers exploit these faults and analyze them to find out the secret private key. Through these stages, attackers can almost break each and every cryptographic algorithm of the system. Power Analysis Attack: Almost every cryptographic device needs external and additional power to process and operate. This kind of power analysis attack damages the relationship between consumed power and ecrypted data to find out the device operations and combine them with other analysis techniques to guess the secret encrypted key (Claude et al.). In order to measure the consumed power, a small resistor of 50 ohms is connected in series to ground or power. Voltage differences by the resistor will give the current as an output. Power analysis can be done with two analysis techniques; one is DPA (differential power analysis technique) and other is SPA (simple power analysis technique). Simple power analysis technique directly analyzes and measures the consumed power and can be gained from simple virtual representations (Rakesh et al.). This SPA technique can provide additional information about the operations of the encrypted devices and also can give the information of the secret key . Attackers with the SPA analysis technique uses trace method to measure the consumed power in the operation of cryptographic devices (Jean-Sebastien et al.). As simple power analysis, the technique provides the detail description of each and every stage encrypted operations, side channel attackers can easily break down the system for their unauthorized purposes. On the other hand, differential power analysis technique analyzes and evaluates the values of the system with a statistical model. Sometimes it becomes difficult to find out the private key, due to slight variations of power (Stephen et al.). Then a large number of the sample have to be collected and have to feed into the device, which is a quite time-consuming process. If the key, find out and guessed by the attackers are right, computed values will be generated as the probability 1 (Guillaume et al.). However, if the identified key is wrong, the function will differ. Current Side Channel Attacks In spite of the classic side channel attacks, some current side channel attacks have been identified which are discussed below and shown in the following figure Online Application Leakage: In this growing technology world, all the activities and operations are operated on software platforms, a huge number of applications and programs are offered by this software over the web. Theses software applications are loaded with lots of information and data for its users. As these data and information flows through a network, these work as channel side information and create a paradigm of new side channel attack (Carsten et al.). If proper security applications such as firewall web application, intrusion detection system are not deployed inside it, attackers can easily steal those confidential data and information from the system. Message Error Attack: While the operations of communication platforms and methodologies, the receiver has to send an acknowledgment to check and verify whether the message is received or not. These acknowledgment sent by the receiver from the receiver side to destination can be used by the attackers as side channel data and information to obtain these kind of attacks (Kotipalli et al.). In the case of Chipper block chaining (to offer information in an authentic manner), acknowledgement message needs to be in block form. During decryption technique, if such blocking results, then some error message will be returned and the attacker will use those errors by finding out the error status. Cache Based Attack: Cache memory is used to update and upgrade the operation speed of the network system. Data and information is stored in the cache memory; in order to fetch and extract them for operational purposes, cache memory does it by itself. But whenever, data and information are not stored inside the cache memory, it can be extracted and gained from primary memory (Fangfei et al.). It leads to unwanted delay and used as channel side information by the attackers to find out and guess the secret key. These kinds of attacks are adamant, as they are not dependent on the cipher text or plain text. Countermeasures Each of the above mentioned attacks is quite difficult to mitigate. But some classical mitigation techniques will be proposed in this section to resist these kinds of attacks from the system to some extent (Lange et al.). Name of the Side Channel Attack: Timing Attack Countermeasures: Masking Technique Main reason of the rising timing attack inside the network is the difference of time in the operation of encryption and decryption techniques. This time has to be made constant by exponentiation and multiplication operations with the addition of delays (Nicolas et al.). However, this technique can slow down the speed of the whole processing system. The masking technique combines the input value with a random value to make actual output at the receiver side (Pratiba et al.). In this case two kinds of algorithms can be adopted to proceed with the masking operations, one is algorithmic level countermeasures, and other is level architecture countermeasures (Park, Young-Ho and Nam Su Chang). Algorithmic level countermeasures help to transform the C programs inside the device so that that side channel information leakage can be avoided (Carlet et al.). On the other hand, architecture level countermeasure algorithm will help to smaller the size of the signal by creating better components with special but simple circuit techniques. Name of the Side Channel Attack: Electromagnetic Attack Countermeasures: Signal Information Reduction and Signal Strength Reduction. Electromagnetic attack and power attacks can be reduced by the same technique of timing attacks. Operational data has to make independent, and the clock cycles must be saturated for all the operations of the system so that power attack and electromagnetic radiation attack can be reduced to a larger extent. Branch and conditional statements must be avoided to resist the simple power analysis attack and timing attacks (Yinqian et al.). Noise addition can create a major impact on mitigating the power attacks or electromagnetic radiation attacks. As these power and electromagnetic radiations are generated from electronic circuitry such as transistors, resistors and they have an algorithmic level and program level to operate (Xinjie et al.). Therefore, at the transistor level, circuits and logic gates has to be built in such a way that dedicated hardware for the cryptographic operations can operate with a large area and with dedicated industrialization process. Name of the Side Channel Attack: Fault Analysis Attack Countermeasures: The entire system should be restarted again. Name of the Side Channel Attack: Power Analysis Attack Countermeasures: Reducing signal size, designing of the cryptosystem according to the hardware specifications. In order to mitigate the differential power analysis attack (DPA), the masking technique is very useful. Masking or blinding is the most useful countermeasure against the protection of DPA attack (Benger et al.). Architecture level algorithms present in the cryptographic system should be configured with high security mechanisms to overcome the side channel attacks. Therefore, theses cryptographic algorithms are set on the 8-bit chips with core design and customized frequency operations. This chip can check the credentials (PIN code) of the users with cryptographic hardware blocks (Cong et al.). A computing device called Hardware security model must be implemented inside cryptographic module that can provide strong authentication and integrity. The current side channels attacks that are described in Section 3, no such solution, has been proposed yet. Those areas are used for volatile research and researchers will propose some solutions very soon. Conclusion From the above study, it can be concluded that side channel attacks are the major class of cryptanalytic technique. Side channel attacks can generate from various sources and significantly affect the whole operation system and exploits their confidentiality and security. Some classical side-channel attacks like power analysis attack, timing attack, electromagnetic attack, fault message attack which steals the sensitive information of the cryptographic modules and devices. Some recent side channel attacks such as online application leakage, cache based attack, message error attack destroy the inside components of the system and tamper the confidential information present in it. These kinds of attacks target a specifically implemented system, which is very powerful and cannot mitigate easily. Therefore, these attacks which are almost present in every circuit technologies raised a greater security threats and must be considered by the adoption of proper countermeasures. From the operati onal perspectives, countermeasures of side-channel attacks can be achieved through some sound combination of countermeasures such as masking technique with the engagement of architecture level countermeasures and algorithmic level countermeasures can offer greater security over against these side channel attacks. Significant attention must be paid to fair analysis and evaluation of these security solutions, to assess properly the cryptographic devices' security with proper implementation efficiencies. Work Cited Benger, Naomi, et al. "Ooh Aah... Just a Little Bit: A small amount of side channel can go a long way."Cryptographic Hardware and Embedded SystemsCHES 2014. Springer Berlin Heidelberg, 2014. 75-92. Braunstein, Samuel L., and Stefano Pirandola. "Side-channel-free quantum key distribution."Physical review letters108.13 (2012): 130502. Carlet, Claude, et al. "Analysis of the algebraic side channel attack."Journal of Cryptographic Engineering2.1 (2012): 45-62. Chen, Chien-Ying, Rakesh B. Bobba, and Sibin Mohan. "Schedule-Based Side-Channel Attack in Fixed-Priority Real-time Systems." (2015). Chen, Cong et al. "Horizontal And Vertical Side Channel Analysis Of A Mceliece Cryptosystem".IEEE Trans.Inform.Forensic Secur.(2015): 1-1. Web. Coron, Jean-Sbastien, et al. "Higher-order side channel security and mask refreshing."Fast Software Encryption. Springer Berlin Heidelberg, 2013. Crane, Stephen, et al. "Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity."NDSS. 2015. Dabosville, Guillaume, Julien Doget, and Emmanuel Prouff. "A new second-order side channel attack based on linear regression."Computers, IEEE Transactions on62.8 (2013): 1629-1640. Guo, Shize, et al. "Exploiting the incomplete diffusion feature: A specialized analytical side-channel attack against the AES and its application to microcontroller implementations."Information Forensics and Security, IEEE Transactions on9.6 (2014): 999-1014. Hund, Ralf, Carsten Willems, and Thorsten Holz. "Practical timing side channel attacks against kernel space ASLR."Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 2013. Kotipalli, Siva, Yong-Bin Kim, and Minsu Choi. "Asynchronous advanced encryption standard hardware with random noise injection for improved side-channel attack resistance."Journal of Electrical and Computer Engineering2014 (2014): 19. Kumar, Pardeep, and Jagdeep Kaur. "To Propose A Novel Technique to Isolate and Detect Virtual Side Channel Attack in Cloud Computing." (2015). Lange, Tanja, Kristin E Lauter, and Petr Lisoneek.Selected Areas In Cryptography - SAC 2013. Heidelberg: Springer, 2014. Print. Liu, Fangfei, et al. "Last-level cache side-channel attacks are practical."IEEE Symposium on Security and Privacy. 2015. Mohamed, Mohamed Saied Emam, et al. "Improved algebraic side-channel attack on AES."Hardware-Oriented Security and Trust (HOST), 2012 IEEE International Symposium on. IEEE, 2012. Park, Young-Ho, and Nam Su Chang. "An Efficient Exponentiation Method Against Side Channel Attacks In Torus-Based-Cryptosystem".Journal of the Korea Institute of Information Security and Cryptology23.3 (2013): 561-566. Web. Pratiba, D. et al. "Cache Based Side Channel Attack on AES in Cloud Computing Environment".International Journal of Computer Applications119.13 (2015): 14-17. Web. Prouff, Emmanuel, and Matthieu Rivain. "Masking against side-channel attacks: A formal security proof."Advances in CryptologyEUROCRYPT 2013. Springer Berlin Heidelberg, 2013. 142-159. Thillard, Adrian, Emmanuel Prouff, and Thomas Roche. "Success through confidence: evaluating the effectiveness of a side-channel attack."Cryptographic Hardware and Embedded Systems-CHES 2013. Springer Berlin Heidelberg, 2013. 21-36. Veyrat-Charvillon, Nicolas, et al. "An optimal key enumeration algorithm and its application to side-channel attacks."Selected Areas in Cryptography. Springer Berlin Heidelberg, 2012. Yarom, Yuval, and Katrina Falkner. "Flush+ reload: a high resolution, low noise, L3 cache side-channel attack."23rd USENIX Security Symposium (USENIX Security 14). 2014. Yarom, Yuval, and Naomi Benger. "Recovering OpenSSL ECDSA Nonces Using the FLUSH+ RELOAD Cache Side-channel Attack."IACR Cryptology ePrint Archive2014 (2014): 140. Zhang, Yinqian, et al. "Cross-tenant side-channel attacks in paas clouds."Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014. Zhao, Xinjie, et al. "MDASCA: an enhanced algebraic side-channel attack for error tolerance and new leakage model exploitation."Constructive Side-Channel Analysis and Secure Design. Springer Berlin Heidelberg, 2012. 231-248. Bibliography Chari, Suresh, Josyula R. Rao, and Pankaj Rohatgi. "Template attacks."Cryptographic Hardware and Embedded Systems-CHES 2002. Springer Berlin Heidelberg, 2002. 13-28. Dabosville, Guillaume, Julien Doget, and Emmanuel Prouff. "A new second-order side channel attack based on linear regression."Computers, IEEE Transactions on62.8 (2013): 1629-1640. Fei, Yunsi, et al. "A Statistics-based Fundamental Model for Side-channel Attack Analysis."IACR Cryptology ePrint Archive2014 (2014): 152. Izu, Tetsuya, and Tsuyoshi Takagi. "A fast parallel elliptic curve multiplication resistant against side channel attacks."Public Key Cryptography. Springer Berlin Heidelberg, 2002. Joye, Marc, and Sung-Ming Yen. "The Montgomery powering ladder."Cryptographic Hardware and Embedded Systems-CHES 2002. Springer Berlin Heidelberg, 2002. 291-302. Page, Dan. "Theoretical use of cache memory as a cryptanalytic side-channel."IACR Cryptology ePrint Archive2002 (2002): 169. Zhao, Yi, et al. "Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems."Physical Review A78.4 (2008): 042333.