Primer on Embedded Side Channel Attacks

“Attack him where he is unprepared, appear where you are not expected.”
Sun-Tzu, Art of War

For much of the history of embedded systems, many product designers and engineers have had the luxury of building rather closed loop systems with little to no interaction with other systems. A so-called “security through obscurity” was perhaps not an unreasonable strategy. These days, with the more and more devices communicating and interacting with each other, that strategy is increasingly unsound. Consumer grade products that make up the Internet of Things market have been particularly vulnerable. Those products are highly cost sensitive so minimizing use of higher end components and more robust software development practices is key to competing in the marketplace. In addition, the long-term support of these products, such as continuous firmware updates, can vary greatly amongst OEMs. Even the most reliable tend to not support products more than 2 to 3 years.  For example, Google has promised three years of updates for devices running a “long-term support version” of its newly released Android Things 1.0 platform. In all likelihood devices will continue to be used long after support and firmware updates end. This means the device will be susceptible to any attacks discovered after updates end.

Security in embedded devices is increasingly getting the attention it is due. Best practices are merging that are beginning to be codified by industry standards. Eliminating use of simple default passwords used across devices, disabling interfaces (e.g. JTAG and UART) on production ready products, and ensuring use of encrypted communications between devices are some ways manufacturers are making IoT devices more secure. But as is true with all technology security, it’s a cat and mouse game between creators of products and those looking to abuse hidden vulnerabilities. Attackers have many techniques at their disposal to gain control of a system:

• Breaking the encryption by exploiting weaknesses of the underlying mathematics or software bugs.
• Brute force techniques.
• Using social engineering techniques to get user to unwittingly giving away the encryption keys.

Sophisticated attackers can take advantage of another category of attacks known as side channel attacks. These attacks exploit certain physical realities of the embedded hardware more so than finding flaws in the underlying mathematics of software algorithms. Performing side channel attacks typically requires expensive specialized hardware in addition to software. This has limited the usefulness of such attacks as the hacking hardware to perform side channel attacks historically costs tens of thousands of dollars. But the same technological advantages and economies of scale that gave us inexpensive IoT devices in the first place are also permitting the development of inexpensive hacking tools that cost only a few hundred dollars.

• Power Analysis Attack: When a device under attack (DUA) is performing calculations, such as AES encryption, transistors are constantly turning on and off. During the switching of states, power is consumed which can be monitored externally from the microprocessor. By monitoring power consumption over many cycles, it is possible to make educated guesses on the encryption key used as part of the AES encryption algorithm.
• Timing Attack: A set of attacks that measures the amount of time it takes to perform each step of a calculation to gain insight of the original input.
• Electromagnetic Attack: Similar to power analysis attacks but instead of measure the power being consumed, the DUA is monitored for electromagnetic radiation that emanates from the transistors as they perform calculations. The time-varying intensity of the electromagnetic field can be analyzed to recover encryption keys as well.
• Differential Fault Analysis: Introducing faults or glitches into the power rail or timing signals to cause the DUA to perform in an erratic, faulty manner. The corrupted outputs can be used to reverse engineer the algorithms and internal device state.

Countermeasures against side channel attacks are possible.  They include randomizing the order of operations that is performed on the inputs, precharging device registers and busses to mask power consumption, use of fixed-time algorithms whose calculation time is not dependent on the inputs, randomly interjecting fake computations, and running computations in parallel.

Looking to reach an an engaged audience of embedded professionals and enthusiasts? Advertise with Gears of Resistance and find your audience.

---

Michael Parks, P.E. is the owner of Green Shoe Garage, a custom electronics design studio and technology consultancy located in Southern Maryland. He produces the Gears of Resistance podcast to help raise public awareness of technical and scientific matters. Michael is also a licensed Professional Engineer in the state of Maryland and holds a Master’s degree in systems engineering from Johns Hopkins University.