A Survey on How Side-Channels Lead to Compromised Information Corentin Lavaud, Robin Gerzaguet, Matthieu Gautier, Olivier Berder, Erwan Nogues, Stephane Molton

A Survey on How Side-Channels Lead to Compromised Information Corentin Lavaud, Robin Gerzaguet, Matthieu Gautier, Olivier Berder, Erwan Nogues, Stephane Molton

Whispering devices: A survey on how side-channels lead to compromised information Corentin Lavaud, Robin Gerzaguet, Matthieu Gautier, Olivier Berder, Erwan Nogues, Stephane Molton To cite this version: Corentin Lavaud, Robin Gerzaguet, Matthieu Gautier, Olivier Berder, Erwan Nogues, et al.. Whis- pering devices: A survey on how side-channels lead to compromised information. Journal Hardware and Systems Security, Springer, 2021, 10.1007/s41635-021-00112-6. hal-03176249 HAL Id: hal-03176249 https://hal.archives-ouvertes.fr/hal-03176249 Submitted on 22 Mar 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. 1 Whispering devices: A survey on how side-channels lead to compromised information Corentin Lavaud, Robin Gerzaguet, Matthieu Gautier, Olivier Berder, Erwan Nogues, Stephane Molton Abstract—While operating, information processing devices or prevention methods to enhance security and confidentiality communication systems may emit unwanted signals (or alter ex- through training (awareness campaigns and good practice isting ones) through electromagnetic waves, light, sound or power workshops [1] [2]) and widespread use of cryptography. Al- drain. These side-channels can be intercepted by anyone with scientific or technical knowledge and appropriate equipment, though most of these countermeasures relate to software, if leading to a potentially high risk of security breaches. This the physical layer is not secured, all the upper layers are survey focuses on these emanation side-channels and provides exposed to major security flaws. Side-channel attacks rely on an extensive literature review. To provide an in-depth analysis this hardware vulnerability. despite the variety of attacks, we propose to classify the side- channels based on their criticality, their intentionality, the type A side-channel denotes the presence of information in an of attackers, and the physical medium. Illustrative use-cases illegitimate channel, whether at hardware or software lev- are presented and serve as a basis to infer individual threats. els. Side-channel attacks seek these deviations in the im- Particular attention is paid to electromagnetic side-channels plementation of a task (how the task is done) rather than which exhibit the highest criticality and have therefore been used the implemented algorithm weaknesses themselves (what the in the most recent attacks. The main characteristics of the side- channels revealed by state-of-the-art papers are summarized and task does). Several types of side-channels exist and they recommendations on countermeasures are provided to protect can be classified into two main categories depending on the any sensitive equipment. nature of the leakage. A software side-channel is contained Index Terms—Side-channel attacks, electromagnetic emana- within a device and is based on hardware weaknesses (e.g. tion, Security and Protection, eavesdropping, TEMPEST, Hard- RowHammer [3]) or firmware weaknesses (e.g. Meltdown [4], ware/Software Protection, Support for security Spectre [5]). On the other hand, as an emanation side-channel crosses the device boundary, its exploitation needs specific I. INTRODUCTION acquisition equipment according to the nature of the leakage. It is the result of one or more physical phenomena that deviate N recent decades, organizations, firms, states and admin- information from its proper path to reach an unintended one. I istrations have sought to become more efficient and pro- Recently, some attacks blur the boundaries between software ductive by adopting computer technologies, thus engaging in and emanation side-channels such as Plapytus [6] that uses digital transformation the process of . This new era of digital a power line side-channel (i.e. an emanation side-channel) services and globalization has made the movement of goods, directly at the software level (instead of relaying to external services, finance and information easier, and large companies power analysis component). can manage their international operations in a leaner, more efficient way. The present paper focuses on emanation side-channels. However, such large-scale deployment of digital technolo- Most of existing surveys on information security focus on gies has paved the way to new types of threats. Confiden- cryptography [7], or specifically electromagnetic (EM) side- tial data may be carried within the same system as ordi- channel [8]. Others are directly focusing on application-use nary content, blurring the boundary between the sensitive cases covering the scope of covert channels [9] or out-of- and non-sensitive area and leading to potentially numerous band signal injections [10]. This is the core difference with our malicious security breaches. With such a wide variety of survey that puts the EM side-channel in perspective with other attacks, many organizations are struggling to identify how to side-channels. The goal is to address the leak of information counter the threats they face. Companies tend to focus on from the side-channel outlook to better classify the attacks, protecting data based on their confidentiality (limited access the associated risks, and to point out the countermeasures. to information), integrity (the equipment used is reliable and This paper addresses information system confidentiality accurate) and finally availability (information only accessed by in the event of emanation attacks and presents an in-depth authorized people). To that end, several defense mechanisms analysis of state-of-the-art emanation side-channels. To that have been proposed such as: limited use of control access end, emanation side-channels are divided into three distinct and systems, security watchdog at every network access point, classes. These classes, from the attacker profile to the phys- ical side-channel, will serve as a baseline comparison (See C. Lavaud, R. Gerzaguet, M. Gautier, O. Berder are with Univ Rennes, Table III on the appendix) and provide an effective means CNRS, IRISA(email: fi[email protected]). E. Nogues and S. Molton are with DGA-MI (email: first- of highlighting the characteristics of side-channel attacks and [email protected]). associated countermeasures. More specifically, EM attacks are 0000–0000/00$00.00 2 the main focus, since this side-channel tends to be more dangerous than the others. Paper organization: The paper is structured as follows. Sections II exposes the key concepts related to emana- tion side-channels and data criticality. Section III intro- duces the proposed classification of emanation side-channels used subsequently in the paper. Section IV deals with non- electromagnetic side-channels (acoustic, light and power con- sumption) and outlines their threats and limitations. Section V focuses on electromagnetic side-channels and presents state- of-the-art emanation types and their level of risk. Section VI addresses various ways to secure a system against these Fig. 1: Overview of emanation side-channel attack. attacks. Finally, Section VII draws a number of conclusions and presents various challenges. the nature of the information, or because the information is II.W HEN EMANATION SIDE CHANNEL MEETS CRITICAL supposed to be safe (e.g. using encryption). The latter is true DATA of so-called black data. In NACSIM report [13], the NSA A. What is an emanation side channel ? provided the first definition of TEMPEST (see Section V) and introduced the concept of red and black signals. Emanation side-channels include fortuitous emanations red signal caused by the normal functioning of a device as well as the A is an unencrypted signal that must be treated alteration and amplification of an internal signal to produce as highly sensitive material. In the NSA specification, this an emanation. A common feature of these side-channels is type of signal must be contained within a specific perimeter to their non-intrusive nature, as a direct contact with the target ensure security. To that end, security measures [14] have to be is not needed to get the side-channel. This is in opposition to taken into account such as shielding the location or ensuring a software side-channel which requires to be inside the target minimum physical distance between wires (to avoid coupling). (mostly in the form of a software program). The typical case A black signal is considered to be a safe signal, i.e. it does of a side-channel attack is shown in Fig. 1. In the normal flow, not directly carry a compromising signal, using encryption or sensitive data is processed and sent to an intended receiver via other methods to render interception impossible. Unlike red a legacy channel. However, either the processing system or the signals, black signals are not defined by their secure perimeter. legacy channel leaks to another medium i.e. the side-channel. It should be noted that breaking cryptography does not A person gathering this leaked data can recover sensitive form part of the work carried out in the present survey. information. This person may either be an active attacker if We do acknowledge the importance of this issue and many he launches the attack (emits a signal toward the system to research activities are currently underway. However, these generate the side-channel emanation) or an eavesdropper if he issues are generally already covered in dedicated surveys only passively intercepts the information. Despite awareness (e.g., [15] [16]). Hence in this paper, cryptography systems of the potential risks posed by such emanations since the early will be addressed from a side-channel attack perspective (i.e. days of ElectroMagnetic Compatibility (EMC) in the mid- recovery of a secret key used during ciphering due to side- 20Cℎ century, proof of their actual use has only recently been channel leakage).

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    24 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us