Power and EM Analysis in Side-Channel Attacks
Key Takeaways
-
When your device is exposed to side-channel attacks, power and EM analysis techniques can be used to extract sensitive information such as passwords, encryption keys, or other personal data.
-
These methods involve measuring transient voltages, power consumption, radiated power, or field emission from a device as it processes the data an attacker wants to steal.
-
Physical layer security is a primary method for preventing side-channel attacks in electronics. You can implement physical layer security measures with the right design tools.
James Bond might be coming for your encryption keys with power and EM analysis.
When you think of cyber attackers stealing protected information, you might imagine a hacker typing away at their keyboard in a dark room. Another way to steal information is through side-channel attacks, where an unwanted party takes advantage of the construction of a system to retrieve data, rather than exploiting a weakness in an algorithm. The second method invokes images of secret agents using sophisticated gadgets for capturing data from a computer system.
Many mobile and hardwired products, such as hardware security modules, smart cards, smartphones, and other smart devices, carry personal information and other sensitive data. This data is often exposed when communicating with the cloud or when it needs to be moved between different portions of a larger system. As more devices become connected and exchange larger amounts of data, the attack surface for these devices only increases and leaves sensitive information exposed to unwanted parties.
Power and EM analysis techniques are side-channel attacks that can be used to extract information from a noisy signal. These techniques have been used to retrieve sensitive data or encryption keys from a computer system, which can encompass everything from wireless devices to large servers in a data center. Designing for physical security is the primary way to prevent these types of attacks and to ensure the attacks themselves are more difficult to execute.
What Is Power/EM Analysis in a Side-Channel Attack?
Whenever data is transmitted between two locations, there is a risk that the data is exposed to a third party. Most cyber-attacks that make the news are executed by taking advantage of some weakness in an algorithm, either by injecting code or using built-in features in the program’s interface. Side-channel attacks are more insidious; they simply rely on measuring data moving through a computer system without injecting code or manipulating a compromised algorithm. Note that the term “computer system” isn’t limited to your phone or laptop; your smartphone and the entire cellular network connected to it would qualify as a large computer system.
The standard way to deal with these security problems is encryption, where a well-known encryption algorithm (or a multiple encryption algorithm, such as repetitive SHA-256 hashes used in Bitcoin) is used to mask the message being transmitted between two portions of a system. When the receiver has the key and knows the algorithm used to generate the encrypted message, they can decode the message and recover the sensitive data. This process is used in everything from password protection to payments with credit cards.
Power and EM analysis are sometimes used interchangeably, in that they involve the following aspects of monitoring and capturing data from an electronic system:
-
Data capture. Data flowing in a system is not necessarily captured directly by measuring signals with probes. Instead, the electromagnetic field (EM analysis), radiated power, or power consumed by a device (power analysis) are used to infer a particular bitstream.
-
Bit extraction. Bits in a binary data stream can be extracted from a collected signal visually or algorithmically. Depending on the method used to capture data, different analysis methods can be used to extract bits in a data stream.
The method used for data capture could be as simple as monitoring current or power consumed by the device while a critical operation is performed, which the attacker might know is transferring sensitive data or an encryption key. Another simple method is to use an H-field probe to determine when bits are switching between ON and OFF states. The measured signal will reflect in some way the bitstream traveling through the device at a given instant.
The simple example below shows how the signal level in a bitstream (blue curve) is related to the radiated power and H-field emitted from a device (orange curve). The H-field will be roughly proportional to dV/dt, which is shown in the orange curve. If we know the unit interval, we can see that the bitstream is 10110. Multilevel bitstreams with modulation (e.g., PAM-4 in a SerDes channel) would produce a more complicated multilevel waveform.
H-field measurement in an EM attack
When the exposed device is transmitting or reading sensitive data, it will present a different gathered waveform than when the device is not reading such data. Measurements in the two states can be compared to examine how the device processes these different bitstreams. The waveforms can be compared using simple subtractive techniques for simpler devices, but more advanced systems will be analyzed with correlation techniques.
Preventing these types of attacks and the resulting data exposure requires implementing physical and electrical measures that block access to the fields radiated by the device, the device itself, as well as upstream power.
Physical Layer Security Measures
Implementing physical layer security can be as simple as scraping model numbers off components or blacking them out such that they cannot be easily identified. Other methods are more sophisticated and can involve a device that shorts out the system in the event of tampering. For power and EM analysis attacks, the radiated power/fields need to be suppressed or blocked entirely in order to prevent unauthorized reading of these data. Sensitive defense systems typically require some level of physical layer security to prevent tampering.
From a PCB layout perspective, this can be as simple as placing shielding in critical portions of the layout or enclosure. This blocks fields that could be measured from a probe and requires an attacker to go upstream to look at power consumption by the device. If other access points are also protected at the physical and electrical level, it becomes very difficult or impossible to extract data from an operating device using power and EM analysis techniques. In addition, running a device at lower signal levels and slower edge rates will reduce the radiated power and field strength emitted from the device.
Shielding prevents power and field emission measurement forcing an attacker to look upstream for opportunities to attempt power and EM analysis techniques.
By this point, it should be obvious that physical layer security measures are hierarchical. You might be able to prevent physical tampering of a device or certain side-channel attacks that require direct monitoring, but you may not be able to prevent power monitoring somewhere else on the premises. This motivates approaches like the castle approach in defense settings, where multiple layers of security need to be penetrated to access sensitive equipment and data. This goes far beyond PCB design, but sensitive systems should still be designed with physical layer security in mind to prevent tampering and protect users.
If you’d like to keep up-to-date with our System Analysis content, sign-up for our newsletter curating resources on current trends and innovations. If you’re looking to learn more about how Cadence has the solution for you, talk to us and our team of experts.