Defending against side-channel attacks

Side-channel attacks: strategies and defenses

Posted On

By Jake VanAdrighem


What is a side-channel attack?

When you think of cybersecurity threats, it generally involves stealing or accessing sensitive information—whether it’s user credentials, encryption keys, sensitive IP, or communications data. So, logically, many cybersecurity strategies revolve around a) preventing hackers from breaking in or b) using strong encryption to protect the information so that it’s not decipherable even if they do get access. That might make sense on paper, but, as University of Michigan computer scientist Daniel Genkin points out, computers don’t run on paper.

In the real, physical world, every action a device takes—like booting up, executing an algorithm, or loading stored data—creates measurable effects: a sound, fluctuation in current, displacement of air, the generation of heat, an elapse of time. As a result, hackers don’t necessarily need to crack an encryption algorithm or tamper with secure software to steal information. All they have to do is observe the multitude of different signals that a device gives off. Attacks that utilize these indirect signals are known as “side-channel attacks.”

The potential of physical effects to crack security systems has been documented since World War II. Modern research has shown how even the movement of a house plant’s leaves or the vibrations of a lightbulb can reveal what people are talking about in a room. In the cybersecurity field, side-channel attacks are a growing concern due to the wealth of measurable effects created by device components such as processors, chips, fans, and hard disks.

Here are just a few examples of known side-channel attacks.

Speculative execution attacks

This class of side-channel attack exploits vulnerabilities in how a CPU loads information into caches and buffers when trying to efficiently execute a program. In recent years, this has revealed huge vulnerabilities in Intel, ARM, and AMD chips, leading to a string of high-profile attacks, including CacheOut and ZombieLoad.

Power monitoring attack

In a power monitoring attack, a hacker measures how much power is being used during computation and correlates it to the implementation of a program. In doing so, they’re able to work out which step of a computational process a computer is performing, which helps them identify critical information such as cryptographic keys.

Cache attack

This type of side-channel attack monitors cache access. It can be deployed in a variety of settings, but is most effective in cloud or virtualized environments. The basic concept is for the hacker to tamper with and monitor a data cache that is shared between them and their victim. By modifying specific cache locations and then watching for changes and observing the time to access, the attacker can use this leaked information to identify specific targets or even extract keys used by cryptographic ciphers.

Timing analysis

This side-channel attack measures the length of execution time while data is being loaded to or from a CPU cache or memory. Analysis of this data then allows a hacker to narrow the range of possible values for the elements of an encryption key. In some instances, they can even define the key itself. 

Differential fault analysis

This type of side-channel attack sees an attacker trying to generate a “fault” or unexpected error in a cryptographic implementation to try and glean information and ultimately steal sensitive cryptographic material. There are many ways to trigger faults in sensitive applications including tampering with the code or applying unexpected voltage to a hardware device. One example of this fault injection technique is the Row hammer attack, where cells in DRAM can be manipulated into leaking information when adjacent cells are accessed repeatedly.

Thermal imaging

These side-channel attacks use infrared images to monitor the heat generated by a processor and then correlate changes in heat production with the execution of certain stages of algorithm execution or processes.

Strategies and defenses against side-channel attacks

With the recent growth in the prevalence and sophistication of side-channel attacks, cybersecurity professionals and academics have been devoting greater attention to understanding how to mitigate these attacks and keep devices and data secure. Defense against side-channel attacks has developed along two main axes:

  • Reducing the signals leaked by computers and how usable they are, or
  • Breaking the link between the leaked information and sensitive data.

For the first strategy, a number of different security strategies need to be deployed. These include:

  • Eliminate cache information leakage: In cases where applications share hardware caches, both the software and hardware implementation should be designed to avoid leaking sensitive information through this shared hardware resource. This can be done by writing “leakage free code” or designing more sophisticated cache allocation
  • Introducing “random noise” into the computation: Deliberately adding breaks, delays, or unnecessary computation into a process means that statistically useless and misleading “noise” will be included in the attacker’s data. This makes analyzing or deciphering implementation details and sensitive information like crypto keys.
  • Using tamper resistance and hostile environment detection: This technique involves detecting malicious modifications of the cryptographic implementation or a hostile execution environment and triggering a defensive response behavior. This defensive technique can be used to defend against the class of injection and some analysis attacks.

The problem with all of the above is that attackers constantly find new methods of attack and new techniques that aid in deciphering system signals.

White-box cryptography

The other strategy for defending against side-channel attacks is by decorrelating, expanding, and complicating the leaked data the attacker receives from the cryptographic processes being performed. One of the most successful approaches in this line of defense has been the use of white-box cryptography.

Under the white-box model, it is assumed that an attacker can observe and manipulate cryptographic algorithms. Therefore, white-box cryptography employs technologies that keep encryption keys hidden even as cryptographic operations are performed.  

Intertrust’s leading white-box cryptography solution

whiteCryption Secure Key Box (SKB) is part of the application protection suite from Intertrust. It functions as a drop-in cryptographic library that protects critical cryptographic functions like digital signing and key wrapping. This ensures that keys never appear in the clear, whether at rest, in transit, or in use. This way, even if a side-channel attack is successful, the keys can’t be deciphered and used.

whiteCryption SKB is one of the world’s most advanced white-box cryptography solutions and currently the only enterprise-ready white-box cryptography solution for protecting web apps. In the fight against side-channel attacks, Secure Key Box can be your most reliable defense. To find out more about how whiteCryption protects against side-channel attacks read the Secure Key Box white paper or get in touch with our team.

Jake VanAdrighem

About Jake VanAdrighem

Jake VanAdrighem is Technical Product Manager at Intertrust Technologies, responsible for product vision of Intertrust's whiteCryption Code Protection application security solution and white-box cryptography library Secure Key Box. Jake has a user focused background in systems and compiler engineering.