Attacking Hardware

rootoftrust training provides the skills to counteract attacks

Attacking Hardware

Embedded devices can be attacked in numerous ways to leak privileged information. These attacks focus on vulnerabilities in the implementation of secure functions or in the chip itself. Countermeasures have been proposed to tackle these vulnerabilities singularly however attackers now use multiple attacks to achieve the same aim. The most popular attacks are described below.

 

When manufacturers moved to a re-use model of IC design, this plug and play concept reduced design times, risk and time to market. IP could be used that was already proven in silicon. However, this model of production, especially when the IP is delivered from outside of the organisation, can be vulnerable to trojan attacks. Malicious insiders (who could range from disgruntled employees to state actors) could insert small amounts of circuitry that either change the functionality of the device, destroy it or leak valuable information. Hardware trojans are covered in our article.
 

Power analysis was the most simple of attacks to be discovered and could be carried out for relatively little cost by attackers of medium skill level. One of the first attacks carried out used a resistor coupled to a power and ground pin to measure the current flow during computations. Recording and then analysing the traces showed clear patterns of when a bit changed from 0 to 1 or from 1 to 0. The more simple attacks now have countermeasures and more complex attacks such as differential power analysis and the use of machine learning are required.
 

Fault attacks rely on disrupting the normal operation of the device under attack. This can be achieved by sending voltage or clock glitches to underpower the device or disturb timing through an extra clock edge. The ability to cause an error in computation allows the attacker to undertake a differential fault attack. The attacker tries to encrypt the same message (plaintext) a number of times to produce a number of ciphertexts. In principle, the ciphertexts should be the same, however, if the attacker is able to induce a fault in the latter stages of computation, he or she can learn information about the key used by comparing the different ciphertext values.

 

Timing attacks are one of the oldest attacks to be developed and concentrate on the differences in time taken for certain computations. In hardware, all computation is carried out in binary. Safeguards had to be put into place to check for an attempt to divide a number by zero. This usually involved creating a branch condition in assembly code which created an additional delay in the computation as the processor jumped to another position in the code. It was therefore feasible to determine whether or not a bit involved in the computation was a 1 or 0. The timing taken to perform computations is therefore dependent on its inputs. More modern attacks look at the architecture of the device and the use of resources such as processor, memory and cache. Memory and cache attacks are described below.

 

 

Modern computers are built with a hierarchy of memory due to the structural (von Nuemann) problem. Expensive memory with relatively quicker access times are situated close to the processor whilst cheaper memory with longer access times are situated further away from the processor. For cache memories, which sit closest to the processor, this hierarchy is demonstrated with the labels, L1, L2 and L3 which represents the closeness of the memory to the processor. For example, L1 memory is the closest to the processor and L3 is the furthest away. When instructions are loaded into a cache, it is done so under the locality principle which generally means that in normal program flow, the required instructions are usually located in memory addresses close to the current one being processed. Therefore, the cache is loaded from a number of sequential addresses. If the next instruction to be executed is not in the cache, it has to be flushed and re-packed with the relevant code. This causes a timing delay and from mapping the timing, an attacker can deduce when a cryptographic computation is being carried out.