Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Embedded

Guard encryption systems against side-channel attacks

Posted: 01 Apr 2015     Print Version  Bookmark and Share

Keywords:Cryptography  encryption  decryption  AES-256  Hardware Security Modules 

Cryptography has ancient origins as a tool for protecting sensitive wartime or espionage-related messages. Now, however, it has become a foundational building-block for securing the systems, protocols, and infrastructure that underpin our modern interconnected world. But the physical mechanisms used in performing encryption and decryption can leak information, making it possible to bypass this security. Protecting designs against such side-channel attacks starts with understanding how such attacks operate.

At its very essence, cryptography is a branch of mathematics dealing with efficiently computable transforms that convert inputs to outputs using additional data known as a cryptographic key. These transforms have the property that, despite observing many input/output pairs, it remains infeasible to compute or invert the transform without the knowledge of the key.

An example of a cryptographic transformation is the symmetric-key based Advanced Encryption Standard (AES-256). An AES-256 encryption device that has access to a 256bit secret cryptographic key, can transform any sensitive message—known as plaintext—into an unintelligible form known as the ciphertext. Anyone observing the ciphertext, without knowing the plaintext or the key, cannot recover the plaintext or the key. Further, even an observer who knows or can choose the plaintext and can observe the corresponding ciphertext can still not recover the secret key being using within the encryption device. However, any AES decryption device that has access to the same 256bit secret key as the encrypting device, can readily recover the plaintext from the ciphertext.

Another example of a cryptographic transformation is a public-key based RSA (Rivest-Shamir-Adelman) digital signature algorithm. This algorithm uses pairs of cryptographic keys consisting of a non-secret public key and a secret private key. A signing device that has access to a secret private key can attach a "tag" or digital signature to any message. This RSA signature has the property that without knowledge of the private key, it is infeasible to calculate the digital signature to a message. Anyone who receives a message with a digital signature on that message can use the corresponding public key to establish the authenticity of the message by verifying that the digital signature corresponds to that message.

Strong mathematical guarantees make cryptographic primitives (established, low-level cryptographic algorithms) highly popular as building blocks for securing systems and infrastructure. Encryption is widely deployed to protect confidential data during storage or transmission over insecure networks. Digital signatures are widely used for validating the authenticity and integrity of software, software updates and the data that systems rely upon. Other cryptographic primitives such as message authentication codes, key agreement protocols, and hash functions are also widely deployed for protecting information and systems from attacks.

However, successful attacks on fielded cryptographic systems have also highlighted the pitfalls of relying on purely mathematical guarantees for securing physical systems. It may be infeasible to extract keys mathematically from message traffic, but monitoring message traffic is only one of many possible approaches to breaking encryption.

One common attack vector is exploiting deficiencies in protecting secret cryptographic keying material. Real world systems need to be carefully designed so that secret keys cannot be easily recovered by malicious software or via a simple hardware attack. Unfortunately, incidents where systems get compromised due to poorly protected secret keys are still common.

Another source of problems has been poor communication between the cryptographers, who are mostly mathematicians, and the engineering community that actually develops these systems. If cryptographers do not properly convey all the requirements needed for the mathematical proofs of security—such as the non-reuse of certain parameters or the quality of certain random inputs – to the system designers, the resulting implementations may be vulnerable to a mathematical attack. For example, hackers were able to recover the digital signature key used for signing code for the Sony PlayStation 3 because designers reused a once-per-signature parameter across multiple signatures.

Side-channel attacks
Even if a system protects keying material and meets all the mathematical requirements of the security proofs, there is a class of attacks on all cryptographic implementations that can easily and non-invasively recover secret keys from a system. These attacks, known as side-channel attacks, rely on the fact that any physical realisation of cryptography in hardware or software cannot be an atomic black-box transform as assumed by the mathematical proofs of security. A physical system must necessarily leak information about the process of computing the transform into the environment.

1 • 2 • 3 • 4 Next Page Last Page

Comment on "Guard encryption systems against sid..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top