General embedded systems based on micro-controller and complex processors:
-Remote access tokens
-Multi-media chipsets for pay-TV
Think of Security:
-What is the threat from side channel analysis to embedded systems?
-How does it compare with attacks on smart cards?
-What are the future developments?
Attacking Side Channels
-Signal leakage from busses, registers, ALUs, etc.
Statistical data detection
-Where is data processed in presence of noise?
-Collect many traces with different data (n > 1000)
-Assume data values are:
known (e.g. algorithm input or output)
uniformly random (typical for crypto)
-We focus on one bit of one variable in the process
-Input: n traces with known variable (e.g. input or output)
-Output: 1 trace with indication where bit causes trace differences
Purpose of Side Channel Attacks on Embedded Systems
-Retrieve secrets (Key, PIN, Unlock code)
-Reverse engineer (Program flow, Crypto protocol, Algorithm)
Why Side Channel Attacks are interesting? If side channel threats depends on:
-Access time window?
-Interfacing and control?
-Exploitation equipment $?
A device becomes interesting when:
-It contains a secret
-It contains a feature that can be unlocked
-Logical or physical access to internals is hard
Typical Side Channel Attack Example
-Access to side channel
-Access to input or output data
-Minimize noise in side channel
-Time measurement of operation (trigger)
-Link data to operation
Processor comparison with Smart Card
Test vs. Attack
-An attacker needs to turn a vulnerability into an exploit
-A tester needs to gain insight in attacker cost efficiently
-How to create the optimal environment to discover a vulnerability?
General aspects of testing
-Controlling the crypto
-Linking data with measurements
-Efficiency of acquisition
-Increased speed versus increased complexity
-Peripheral outputs assist (example XBOX 360)
-Exploiting runtime access (cache)
-Increasing accuracy with EM and power
-Timing is a risk in many software implementations: both crypto and comparisons
XBOX 360 with Backdoor
-First boot loader security implemented with a HMAC-SHA1
-Hash secret key + boot loader with SHA1
-Compare 16 bytes result with stored 16 bytes
-Comparison is per byte -> timing attack
-Implementation in this infectus board:
It can modify stored HMAC-SHA1 value in NAND flash
Observes timing of diagnostic POST byte on PCB
Reset CPU with nTRST
-Brute forcing 16*128 = 2048 values on average takes about 2 hrs
-Tapping power or supplying it
-Identifying the correct supply rail
-Disabling power domains
-All require more detailed knowledge on target
EM (Electro Magnetic) Analysis
-EM signal adds dimension
-How to locate?
-When can EM be better?
-EMA is an active research topic
-EM seems to add most when target operation is small relative to overall chip
Threat and Impact
-Required level of control
-Attacks needed to achieve control
-High noise level, increased acquisition times
-Data / Key masking
-Blinding / Masking