February 27, 2021
Hot Topics:

Zen and the Art of Breaking Security - Part I

  • By Razvan Peteanu
  • Send Email »
  • More Articles »
mplementations do not occur in the real world, but a considerably more secure solution would have used well-researched algorithms only. Indeed, and applying timing attacks to DH, RSA and DSS is exactly the topic of a research paper. See [3].

Power Analysis

Suppose we don't have access to all the pins of the chip (it is sealed in a box that Mr. Cruise will have to surreptitiously return in MI4). There is another type of side-channel attack that is still possible, and for that, we again need to peel a layer from the conceptual processor that is doing all this work. At a lower level, a CPU consists of electrical circuits and, by definition, they can only function if they get power. Depending on what circuits are involved, the power consumption varies.

For instance, a CMOS memory cell practically consumes most of the power when transitioning from a logical state to another, and not while maintaining its state. We don't have such extremely low-level access to the internal structure of the memory chips, but at a CPU level, sequences of instructions that do a lot of memory transfers (thus involving the cache as well) would lead to a different power consumption pattern than a code that does a lot of swapping and arithmetic operations with values in the internal registers.

Or, during an idle loop the CPU would exhibit a different pattern than when executing another code. It may sound far-fetched, but power analysis has been used against real systems. Like timing attacks, it would rarely reveal the solution directly, but in the hands of the knowledgeable attacker, it would provide valuable hints. For instance, in [4] the authors show how the number of rounds in a DES cryptobox can be visibly determined by power analysis.

Further then, by knowing the building blocks of a DES cryptobox, the analysis can uncover further details. Even if the current values reveal little by themselves, the attacker can compare the measured patterns with known sequences and thus determine the type of operations involved (comparisons, multiplications, exponentiations and so on). Not a task for the weak, indeed, but to a sufficiently interested party with enough technical resources, this is but an interesting challenge.

The electrical current is not the only way to convey information about an otherwise closed system. An infrared camera can reveal heat patterns occurring during functioning that may lead to a better understanding of the internal structure. Heat is better suited for analysis of static conditions, as the various materials existing between the actual circuit and the camera have thermal inertia. Sound and vibration reveal information about mechanical devices. The Enigma machine used by the Germans in WW2 generated noise, and this could have been used in a side-channel attack ([5] referred to in [6]).

In the next part we will look at other ways to break a secure system.

References for Part I

[1] Robert M. Pirsig, Zen and the Art of Motorcycle Maintenance: An Inquiry into Values, Bantam Books, 1984

[2] http://cryptome.org/#NSA-TS

[3] Paul C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

[4] Paul Kocher, Joshua Jaffe, and Benjamin Jun, Differential Power Analysis

This article was originally published on April 13, 2001

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date