Your hardware is not secure

September 15, 2017 Craig Ramsay, University of Strathclyde

In the last few years, cybersecurity has garnered attention from all top industry folks, with companies now taking security more seriously than ever. However, hardware security is still in a niche phase. Lots of questions remain unresolved. I’m going to answer some of the basic hardware security questions.

How safe is your hardware?

With the IoT going more mainstream, one would think hardware build to support the IoT must be secure. It’s actually quite the opposite. The current generation of hardware isn’t designed to keep your secrets safe. The reality is that attacks are being created and developed much faster than the hardware manufacturers can follow. One very plausible attack method uses information that leaks through the side channels.

What is a side-channel attack?

A side-channel attack is one that a system’s physical implementation, rather than brute force or algorithms’ weaknesses. It can be any information about the system, such as timing information, power consumption, electromagnetic leaks, or even sound. These unintended leaks can be exploited by attackers, who can utilize the system’s flaws in a straightforward manner using special equipment. The most well-known and effective side-channel attack today is the one that implements information leaked through the power consumption.

How can a side-channel attack occur through power consumption?

A “power-consumption attack” attempts to find a correlation between the system’s instantaneous power consumption and the internal state of a cryptographic implementation. To perform that, you first need to measure and record the values of items of interest, like power consumption, and then evaluate the relationship between them.

Attacks on Advanced Encryption Standard (AES) implementations tend to require unrestricted physical access to the device. This basically means that you have to solder wires into your target device to catch multiple power traces of the cryptographic operation. But there’s room for improvement here.

Is there another way?

Alternative and more convenient way of reconnaissance shouldn’t involve any physical access and dangling wires. So, it is possible to gain access remotely. Using an improved antenna and signal processing, it’s possible to covertly recover the encryption key from particular AES implementations. All that’s required is affordable equipment, a distance of one meter, and a few minutes.

The first public demonstration of this remote attack will be performed during Craig Ramsay’s talk at 2017.

Craig Ramsay, currently pursuing a PhD at the University of Strathclyde, is focused on SoC hardware security and software-defined-radio applications.

Previous Article
Networking with CAN FD – have you also thought about testing?
Networking with CAN FD – have you also thought about testing?

With the flexible data rate and the thereby increased bandwidth, the raison d'être of CAN bus system archit...

Next Article
Power Integrations launches highly efficient offline flyback switcher IC family

Power Integrations' launch of the InnoSwitch3 offline flyback switcher ICs is a leader in the efficiency sp...


Follow our coverage of hardware-related design topics with the Hardware edition of our Embedded Daily newsletter.

Subscribed! Look for 1st copy soon.
Error - something went wrong!