Introduction to Side-Channel Attacks (SCA)
Cryptography is the art of hiding or securing data usually used to guarantee:
- Confidentiality: Sensitive data can only be read by users who have the proper keys,
- Integrity: Sensitive data cannot be altered by unauthorized third parties.
- Authentication: Sensitive data is ensured to have been sent by the claimed sender.
Different cryptographic functions exist to achieve confidentiality, integrity and authentication objectives. The most renown ones include:
- Symmetric cryptography (AES, SM4, etc.) for confidentiality,
- Asymmetric cryptography (RSA, ECC, etc.) for confidentiality and authenticity,
- Hash function (SHA2, SHA3, SM3, etc.) for integrity,
- MAC function (HMAC, CMAC, GMAC, etc.) for authenticity.
Even if cryptographic functions are mathematically secure and robust, their implementations can be altered by attacks and especially physical attacks. Physical attacks are intentional actions which aim at altering, disabling, stealing or gaining unauthorized access to sensitive assets of a system. Physical attacks can be divided into two sub-domains:
- Passive analyses, in which the attacker does not directly alter the target but exploits a physical property related to the activity of the sensitive data after observing it,
- Active analyses in which the attacker interacts directly with the target and disrupts its normal behavior.
Side Channel Attacks (SCA) are part of the passive analyses. They are used to break some encryption systems by extracting information from a chip or system through the measure and the analysis of physical parameters. They differ from conventional cryptographic attacks as they exploit data gathered from side channels.
To do so, an attacker will position an antenna, magnetic probe or other sensor close to a device or system. This will allow him to measure power consumption, voltage fluctuations or other kinds of leakages such as temperature or sound and make some deduction to recover a sensitive asset such as cryptographic keys. By default, all the cryptographic functions using a secret key (symmetric, asymmetric, MAC) are sensitive to SCA.
One of the most well-known side-channel attacks is what the NSA called Tempest. In 1943, Bell Labs discovered that every time the encrypted teletype terminal used by the Army to transmit wartime communications encrypted a message, an oscilloscope nearby would emit a peak. That means that although the teletype was supposed to guarantee secure and encrypted communications, anyone close enough to read its electromagnetic emissions could potentially decrypt its messages.
How does Secure-IC helps designing system which are protected against side-channel attacks?
Secure-IC’s offer includes protections against side-channel attack for connected devices and SoC:
Secure-IC has designed its own countermeasures against Side-Channel Attacks (up to the highest order level of attacks) which are already used in Mass Production and certified products. These countermeasures are included in SecuryzrTM products and all the cryptographic engines delivered by Secure-IC can embed these protections.
Secure-IC can also provide tools for Side-Channel analysis.
With the LaboryzrTM offer, Secure-IC offers the capability to validate the resiliency of a design or a system against Side-Channel Attacks:
- AnalyzrTM tool will check the resilience of a final product or testchip
- VirtualyzrTM tool will validate the resilience at HW design level such as on a RTL code.
- CatalyzrTM will provide unique features to evaluate and correct a software source code
Secure-IC can offer Evaluation as a service support. Our experts validate the resilience of a system against Side-Channel Attack and help solving the detected vulnerabilities.
Do you have questions on this topic and on our protection solutions? We are here to help.
Contact us