Abstract
Physical attacks have been subject of extensive research since more than twenty years. Nevertheless, several problems still have to be solved. This paper, after recalling the most popular physical attacks, introduces three (of the many) possible research directions in the area: the methodological study of the interaction between countermeasures against one type of attack and the resistance against another attack, the development of automated techniques for applying and verifying the correct application of countermeasures, and the study of physical attacks in the novel and changed scenario of cyber-physical systems.
You have full access to this open access chapter, Download conference paper PDF
1 Introduction
Physical attacks exploit weaknesses of an implementation to reveal the secret information. These attacks are possible since very often an adversary has physical access to the target device and can easily record its activity. Among the physical attacks, side channel attacks have been demonstrated to be extremely powerful, since they allow to e.g., extract the secret key from a cryptographic circuit with minimal efforts. In a nutshell, side-channel attacks collect information leaked from the target device while data is being processed, and exploit the dependence between this leakage and the processed data. Information can leak through several “channels”, including power consumption [15], the time needed to complete an operation [14], and the chip’s electromagnetic emissions [1].
Researchers dedicated significant efforts to defeat these attacks. However, developing general, reliable and effective countermeasures against physical attacks remains an extremely challenging task. Countermeasures are often considered only in the later stages of the full design flow, and applied manually by designers with strong security expertise. Very little is known about the interaction between different physical attacks and about the role which a countermeasure against one physical attack would play on the robustness of the device against another attack. The problem will be further complicated in the near future when cyber-physical systems will pervade several areas of our daily lives, including numerous safety-critical or privacy-relevant ones. These devices will have to provide strong security, but they should also often provide safety, real time computation capabilities, and achieve an extremely little energy footprint.
In view of this increasingly relevant problem, it is crucial to have the complete awareness of the security threats which cyber-physical system will have to face and to address the design challenges associated with the deployment of systems secure against physical attacks. This paper summarizes the main physical attacks and discusses three possible future research direction in the area.
2 Overview of Physical Attacks
In cryptography, a physical attack is an attack where the adversary, instead of focussing on the mathematical structure of a cryptographic routine, tries to extract secret information by exploiting the weaknesses of its implementation. Physical attacks are usually divided in two groups: active attacks and passive attacks. During an active attack, the adversary has to actively manipulate the device, by modifying its inputs or its operating environment, to force it to behave abnormally. This abnormal behavior is then exploited to perform the attack. During a passive attack, the adversary observes the normal behavior of a device and analyzes some side effects to gain information of the secret key.
Side channel attacks are very powerful passive attacks. Informally, a side channel is an information (often unintentionally leaked) which, indirectly, allows to infer knowledge about a different, and often more interesting, event. Side channels have been used and are used in several fields. For instance, the amount of pizza delivery over night in offices was used to infer if some important activity was under planning, the use of electric power was used to determine if a person was actually residing in the declared house. A field where side channels are deeply used is biology. Biological tests and medical exams often do not check directly the presence of a particular virus or of a specific disease, but they examine a side consequence which indicates with good approximation if the searched disease is present (for instance, positron emission tomography checks the concentration of light emitted by radioactive sugar, to infer, in a less invasive way, the possible presence of cancer).
Side channel have been also used in security for several years. A well known example of of the use of side channel for security application is the opening of safes. The mechanical locks of the safes which were used in past centuries were producing a slightly different noise when the pin of the combination was aligned to the correct digit. Exploiting this difference in noise, bank robbers were able to infer the secret combination and open the safe without trying all possible combinations of the lock. Nowadays, most of our security systems are controlled by electronic components. Instead of mechanical noise, attackers exploit other side information, such as power consumption or time needed for computation, but the principle is the same: use some side information to extract the secret data.
To take advantage of physical vulnerabilities however, the adversary needs to have physical access to the device. Such access was not always available. At the beginning of the digital era, when the computation was carried out in insulated mainframes, it was almost impossible to access the devices. As a result, physical attacks were not possible. Years later, with the diffusion of personal computers, it became easier to have physical access to the devices. However, personal computers are usually located in a rather safe environment (inside an office or an apartment), which is still reasonably protected from an adversary. As a result, the main security threats for personal computers were mainly coming from viruses and unprotected network connections.
The situation dramatically changed with the creation of the internet of things (IoT) and the pervasive diffusion of the embedded systems which are populating it. These devices are often operating in a hostile environment, and very often they are easily accessible by adversaries. In this scenario, where the devices are available to the adversary, resistance against physical attacks has become of primary importance.
Physical attacks as we know today appeared in the open literature in the late Nineties, but the recent declassification of the project Transient Electromagnetic Pulse Emanations Standard (TEMPEST) [12] demonstrates that there was awareness of the problem at least since fifty years before.
Timing analysis, the first physical attack that was published, was presented in 1996 by Kocher et al. [14]. Timing analysis attacks exploit the different time required by a device to process different data and to carry out different computations. Such time difference is due to several factors, such as the time needed to fetch the data (cache or memory hit or miss), the program behavior (branch taken or not), or the speed of difference components (a multiplier is generally slower than a shifter). Although these timing characteristics are often extremely small, the work of Kocher et al. demonstrates that they are sufficient to infer the entire secret key.
Soon after the first timing analysis attack was presented, Boneh et al. [7] proposed fault attacks. Fault attacks are attacks in which an adversary voluntarily induces a fault into a circuit and exploits the erroneous behavior to gain information about the secret key. The first step of a fault attack is the introduction of an error, possible transient, in the device. There are several ways to induce a fault. The adversary usually trades the cost of the equipment for mounting the fault with the precision of the injection (and thus the power of the attack). Common methods to inject faults are: variation in supply voltage, variation of the external clock, variation of operating temperature, exposure to X-rays, or precise laser illumination.
Power analysis was presented in 1999 [15]. The instantaneous power consumption of a cryptographic device strongly depends on the processed data and on the performed operation. Power analysis attacks essentially exploit this fact. These attacks are very powerful and can be performed with pretty inexpensive equipment. Several variations of power analysis attacks have been proposed in the past, the two most common are simple power analysis and differential power analysis. In simple power analysis attacks, an adversary attempts to derive the secret directly interpreting a set of power traces collected during the computation of the cryptographic routine. To be effective, simple power analysis requires often a detailed knowledge about the implementation of the cryptographic algorithm under attack. Differential power analysis attacks allows to retrieve the secret key with the only knowledge of the algorithm used in the device under attack. DPA attacks are based on a divide and conquer approach: the general idea is that the attacker, instead of attacking the whole key at once, targets a small portion of it, makes a hypothesis on possible values of the key and verifies these hypothesis using the power traces. The full key is recovered iterating this process.
After these pioneering works, several other physical attacks and channels have been discover and presented, including attacks exploiting the electromagnetic emission of a device [1] and attacks exploiting the photons emitted by electronic components during the computations [23]. The scientific community devoted significant efforts to the study of the problem. As usual, research activities focused on attacks and countermeasures against attacks. On the one hand, researchers tried to develop countermeasures to defeat physical attacks (or, at least, to complicate as much as possible the task of the attacker). Hardware implementations and software routines capable of computing cryptographic operations in constant time [13], hiding the power consumption using power analysis resistant logic styles [8, 26,27,28] or masking it using randomization [17, 19], or efficient error detection and correction codes [6] are possible examples of countermeasures developed over the years. On the other hand, researchers tried to improve the effectiveness of the attacks to better understand their potential and limits. Template attacks [9] and fault sensitivity [16] are two possible example of this improvement. Furthermore, especially for power analysis, researchers also developed metrics for fairly evaluate the robustness against attacks [25].
The amount of carried out research dealing with physical attacks is visible from Fig. 1, which depicts the number of references, as reported on Google scholar [24] the 8th of August 2016, to the first papers discussing each of the most common physical attacks. Although not being an exact and precise measure, this figure gives an intuition of the large impact which physical attacks had (and still continue to have). The physical attack more deeply studied is power analysis. This is probably caused by the power of the attack and by the relatively inexpensive equipment needed to mount it. Electromagnetic attacks and photon emission attacks did not get the same exposure as the other physical attacks simply because they appeared only recently. Surprisingly, fault attacks were not investigated with the same effort as timing and power analysis attacks. This fact is unexpected because, at least in their low cost version, fault attacks are extremely simple to be carried out.
Despite such a vast effort however, the problem of physical attack is still on scientific agenda, since some issues are still open. We need a better understanding of some physical attacks (as visible from Fig. 1, only power analysis and timing attacks have been explored in depth), we need to develop effective countermeasures against some other attacks, in particular photon emission, and several other problems have to be addressed to ensure the robustness of cyber-physical and embedded systems. The next section will focus on three of these problems, presenting their main challenges and highlighting possible research directions.
3 Challenge 1: Interaction Between Physical Attacks
Physical attacks, so far, have been mainly analyzed in isolation. This fact is even more evident when it comes to the design of countermeasures. Researchers often concentrate on one type of attack, developing a countermeasure against it and evaluating how the protected design behaves compared to the original one. However, the goal of the attacker is just to get access to the secret information stored in the device (and not get access to the secret key using a specific attack). Thus, application of a countermeasure against one attack without considering the global effect on security of the countermeasure is extremely dangerous. In fact, countermeasures against one attack might harm the robustness of the system against another type of attack.
An example of this risk reported in the past is the negative effect which countermeasures against fault attacks have on the resistance of a circuit against power analysis [21]. Several error-detecting and correcting codes have been used to harden the non-linear transformation of the AES algorithm and have been analyzed. Each error-detecting and correcting code is characterized by its coverage and its error recovery capability. As a result, some codes where more suitable than others to protect against fault attacks. After this exploration, the resistance against power analysis attacks of each of the considered error-detecting and correcting codes was analyzed in detail, using the information theory metric [25]. The results, reported in Fig. 2, demonstrate that the circuit characterized by the highest resistance against power analysis attacks is the one without any error-detecting and correcting codes (basically the one which could be easily attacked by fault attacks).
This example shows that, even though the intention of the designer was to increase the resistance of the circuit by making it more robust against fault attacks, the achieved result was to help the attacker, since the added circuit significantly simplified the procedure for extracting the secret key using a different type of attack. Currently we have a pretty good knowledge of some physical attacks, but we still know very little about the possible interaction between them and we know even less about the about interactions between the different countermeasures which we apply. Exploring these problems in much more depth is of crucial importance for designing much more resistant and much more secure embedded and cyber-physical systems.
4 Challenge 2: Automatic Application of Countermeasures
Despite the pervasive diffusion of electronic systems also in extremely private and critical aspects of our live, security is often considered only at the end of the whole design process, after other goals (such as performance and cost) are achieved. This is not a good approach for designing secure systems in general, but is even less effective for tackling the problem of physical attacks, since these attacks are strictly depending on the underlining architecture and on the specific implementation. Thus, a much more effective way of achieving robustness from physical attacks is to consider security since the beginning of the whole design flow, and to use security related metrics as forefront design variables as now are area or memory occupation, performance, and power consumption.
Furthermore, implementations of countermeasures against physical attacks require engineers and designers with strong security expertise and good knowledge of state of the art in the field. Currently designers have to rely only on their experience and on good practices for finshing the implementation. Once the design is completed, it is evaluated by laboratories which test the device against a number of known attacks. If problems are encountered, the design has to be corrected and re-evaluated.
A parallel can be made between today’s techniques for achieving physical attacks resistance and the design process of electronic circuits as it was decades ago. At the beginning, design of electronic circuits was carried out by teams of expert designers, who were sometimes manually drawing the layout of the fabrication masks. Then electronic design automation arrived to support designers in their tasks. The boosted productivity (together with the progresses of technology) allowed us to achieve the level of integration and to handle the level of complexity which made possible the existence of extremely powerful personal computers, smart devices and all other electronic components which are currently populating our lives.
In the same way, security would significantly benefit from the development of design tools allowing designers to automatically apply countermeasures against physical attacks, to evaluate their effects, to early estimate the impact of these countermeasures on other design parameters and to verify their correct application. An automation tool would take an unprotected design and apply a set of existing countermeasures, as would have been done by a designer. Such automation tools would not replace the work of researchers studying and designing novel and more effective countermeasures (as electronic design automation did not replace designers manually implementing extremely optimized blocks), but would provide an essential support for implementing systems which are robust against physical attacks by constructions and, ultimate, overall more secure.
Despite the importance of these topics, design automation for security did not receive significant attention. Previous works have addressed the topic mainly from the hardware point of view, proposing design flows for power analysis resistant logic styles [20, 28, 29]. More recently, the topic of automatic application of physical attacks countermeasures tackled also software aspects, proposing tools for power analysis aware instruction set extensions [22], and compilers for the automatic application of software countermeasure as hiding and masking [3, 4, 18]. The focus was still mainly on power analysis attacks. Verification tools for asserting the correct applications of countermeasures have also subject of research [5, 10, 11]. Verification tools are extremely important since they would allow to immediately identify not only errors introduced by designers during the implementation, but also several other security pitfalls, such as intrinsic weaknesses of the applied countermeasure and the involuntary removal of protections caused by various optimizations carried out in the tool chain.
These works represent however only the begin of a research direction, the one of automation tools for security, still in infancy, which would, once more developed, enable the design of more physical resistant, and thus overall more secure, embedded and cyber-physical systems.
5 Challenge 3: Physically Secure Cyber-Physical Systems
Embedded systems are becoming more and more intelligent and connected. Together with network connectivity, these devices began to integrate sensors since several years. Now, these devices integrates also some support for autonomous decision and actuators for putting these decisions in place. Systems composed by an analysis and decision-making part (cyber) and by a sensing and actuating parts (physical) take the names of cybper-physical systems (CPSs). The block representation of such systems is depicted in Fig. 3.
The presence of actuators dramatically increase the consequences of misuse of such systems, since a malicious attack can cause much more damage than the ones cause by a leak of private data. Cyber-physical systems are often used in critical applications, e.g., to automatically monitor patients or to control our smart grid. The security of these applications should be guaranteed, since a breach in such systems might have also catastrophic consequences and cause also the loss of human lives. For these reasons, it is of utmost importance that the cyber part of CPSs is resistant against physical attacks.
However, this is not sufficient. Cyber-physical systems are composed of two parts, a cyber part, very similar to the computational part of embedded systems, and a physical part. We know what are the threats to the cyber-part, and we know what can be the defense mechanisms for it. However, the goal of the attacker is to take control of the system, not necessarily take control of the system attacking the cyber part. An attack directed to the physical part, could be much simpler while allowing the adversary to reach his goal. In the past, security was only concentrating on cyber attacks carried out against electronic components.
As discussed in Sect. 2, the discovery of physical attacks against the electronic components was devastating for embedded systems. Now, with the addition of a physical part to systems, the game changes again. The physical portion of CPSs will be exposed, exactly as the cyber part, to cyber and physical attacks. However, we are not prepared to address this new situation, since little or nothing is known about attacks and countermeasures against the physical portion of a system. Few works addressed the problems so far (physical attacks to the physical portion of CPSs were analyzed, for instance, in the context of additive manufacturing [2]). Future security research should definitely address, as indicated by the red arrow in Fig. 3, security threats and possible countermeasure devoted to the physical portion of systems, since the adversary will attack through the weakest point, and the physical part is much likely to be the weakest point of CPSs.
6 Conclusions
Approximately 20 years have passed since physical attacks were published in the open literature. Since then, researchers have deeply studied the subject, aiming on the one side at discovery of new and much more powerful ways for carrying out the attacks, and on the other attempting to increase the robustness of the implementations. Nevertheless, several problems are still open. This paper presented three (of the many) possible directions for future research in the area, namely the study of the interaction of different physical attacks (and the effects which a countermeasure against one attack might have on the robustness against another physical attack), the study of techniques for automatically applying countermeasures against physical attacks (and to verify the proper applications of them), and, finally, the study of the robustness of cyber-physical systems, where the presence of a physical part could completely change the rules of the game.
References
Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). Cryptographic Hardware and Embedded Systems - CHES 2002. LNCS, pp. 29–45. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_4
Abdullah, M., Faruque, A., Chhetri, S.R., Canedo, A., Wan, J.: Acoustic side-channel attacks on additive manufacturing systems. In 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS), pp. 1–10 (2016). http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7479068
Bayrak, A.G., Regazzoni, F., Brisk, P., Ienne, P.: A first step towards automatic application of power analysis countermeasures. In: Proceedings of the 48th Design Automation Conference, San Diego, California, pp. 230–235, June 2011
Bayrak, A.G., Regazzoni, F., Novo, D., Brisk, P., Standaert, F.-X., Ienne, P.: Automatic application of power analysis countermeasures. IEEE Trans. Comput. 64(2), 329–341 (2015)
Bayrak, A.G., Regazzoni, F., Novo, D., Ienne, P.: Sleuth: automated verification of software power analysis countermeasures. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 293–310. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40349-1_17
Bertoni, G., Breveglieri, L., Koren, I., Maistri, P., Piuri, V.: Error analysis and detection procedures for a hardware implementation of the advanced encryption standard. IEEE Trans. Comput. 52(4), 492–505 (2003)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)
Cevrero, A., Regazzoni, F., Schwander, M., Badel, S., Ienne, P., Leblebici, Y.: Power-gated MOS current mode logic (PG-MCML): a power aware DPA-resistant standard cell library. In Proceedings of the 48th Design Automation Conference, San Diego, California, pp. 1014–1019, June 2011
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_3
Eldib, H., Wang, C.: Synthesis of masking countermeasures against side channel attacks. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 114–130. Springer, Cham (2014). doi:10.1007/978-3-319-08867-9_8
Eldib, H., Wang, C., Schaumont, P.: Formal verification of software countermeasures against side-channel attacks. ACM Trans. Softw. Eng. Methodol. (TOSEM) 24(2), 11 (2014)
McNamara, J.: The Complete, Unofficial TEMPEST Information Page (1996). http://www.eskimo.com/joelm/tempest.html
Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04138-9_1
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). doi:10.1007/3-540-68697-5_9
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_25
Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 320–334. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15031-9_22
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)
Moss, A., Oswald, E., Page, D., Tunstall, M.: Compiler assisted masking. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 58–75. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33027-8_4
Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006). doi:10.1007/11935308_38
Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005). doi:10.1007/11545262_13
Regazzoni, F., Breveglieri, L., Ienne, P., Koren, I.: Interaction between fault attack countermeasures and the resistance against power analysis attacks. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography, pp. 257–272. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29656-7
Regazzoni, F., Cevrero, A., Standaert, F.-X., Badel, S., Kluter, T., Brisk, P., Leblebici, Y., Ienne, P.: A design flow and evaluation framework for DPA-resistant instruction set extensions. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 205–219. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04138-9_15
Schlösser, A., Nedospasov, D., Krämer, J., Orlic, S., Seifert, J.-P.: Simple photonic emission analysis of AES. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 41–57. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33027-8_3
Google Scholar. http://scholar.google.com/
Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_26
Tiri, K., Akmal, M., Verbauwhede, I.: A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on Smart Cards. In: Proceedings of the 28th European Solid-State Circuits Conference, Florence, pp. 403–406, September 2002
Tiri, K., Verbauwhede, I.: Securing encryption algorithms against dpa at the logic level: next generation smart card technology. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 125–136. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45238-6_11
Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Paris, pp. 246–251, February 2004
Tiri, K., Verbauwhede, I.: A digital design flow for secure integrated circuits. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 25(7), 1197–1208 (2006)
Acknowledgements
The author thanks Ilia Polian for his constructive comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Regazzoni, F. (2017). Physical Attacks and Beyond. In: Avanzi, R., Heys, H. (eds) Selected Areas in Cryptography – SAC 2016. SAC 2016. Lecture Notes in Computer Science(), vol 10532. Springer, Cham. https://doi.org/10.1007/978-3-319-69453-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-69453-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69452-8
Online ISBN: 978-3-319-69453-5
eBook Packages: Computer ScienceComputer Science (R0)