Your hardware is not secure

By Craig Ramsay

Professor

University of Strathclyde

September 15, 2017

Your hardware is not secure

In the last few years, cybersecurity has garnered attention from all top industry folks, but hardware security is still in a niche phase. Lots of questions remain unresolved.

In the last few years, cybersecurity has garnered attention from all top industry folks, with companies now taking security more seriously than ever. However, hardware security is still in a niche phase. Lots of questions remain unresolved. I’m going to answer some of the basic hardware security questions.

How safe is your hardware?

With the IoT going more mainstream, one would think hardware build to support the IoT must be secure. It’s actually quite the opposite. The current generation of hardware isn’t designed to keep your secrets safe. The reality is that attacks are being created and developed much faster than the hardware manufacturers can follow. One very plausible attack method uses information that leaks through the side channels.

What is a side-channel attack?

A side-channel attack is one that a system’s physical implementation, rather than brute force or algorithms’ weaknesses. It can be any information about the system, such as timing information, power consumption, electromagnetic leaks, or even sound. These unintended leaks can be exploited by attackers, who can utilize the system’s flaws in a straightforward manner using special equipment. The most well-known and effective side-channel attack today is the one that implements information leaked through the power consumption.

How can a side-channel attack occur through power consumption?

A “power-consumption attack” attempts to find a correlation between the system’s instantaneous power consumption and the internal state of a cryptographic implementation. To perform that, you first need to measure and record the values of items of interest, like power consumption, and then evaluate the relationship between them.

Attacks on Advanced Encryption Standard (AES) implementations tend to require unrestricted physical access to the device. This basically means that you have to solder wires into your target device to catch multiple power traces of the cryptographic operation. But there’s room for improvement here.

Is there another way?

Alternative and more convenient way of reconnaissance shouldn’t involve any physical access and dangling wires. So, it is possible to gain access remotely. Using an improved antenna and signal processing, it’s possible to covertly recover the encryption key from particular AES implementations. All that’s required is affordable equipment, a distance of one meter, and a few minutes.

The first public demonstration of this remote attack will be performed during Craig Ramsay’s talk at hardwear.io 2017.

Craig Ramsay, currently pursuing a PhD at the University of Strathclyde, is focused on SoC hardware security and software-defined-radio applications.

I work in Harper Macleod's Corporate department where I specialise in advising clients on corporate acquisitions and disposals. I have a particular interest in advising shareholders of owner-managed and family run companies on the sale of their business to private equity backed buyers and consolidators.

More from Craig