A Primer on Power and EM Side-channel Attack Countermeasures and Prevention
Get a high-level understanding of designing electronics to prevent the threat of side-channel attacks (SCAs), namely power- and EM- (electromagnetic) based attacks.
So far, in this article series, we’ve discussed what side-channel attacks or SCAs are, as well as specific types and examples of SCAs. Leveraging that knowledge, let's discuss some of the ways that we can design our electronics to help prevent the threat of SCAs.
While it would be impossible to provide a fully comprehensive list of mitigation techniques, the goal of this article is to provide a foundational understanding of SCA mitigation as well as provide examples of real proposed countermeasures to show how it is done in the real world.
Preventing SCAs: Understanding Side Channel Leakage
To prevent side-channel attacks, we must first approach the problem from a first-principles perspective.
As discussed in earlier articles, the entire basis for side-channel attacks relies on exploiting two fundamental characteristics of electronic devices.
- First, we know that electronic devices will leak sensitive information in unintended ways, known as side channels.
- Second, we assume that there is a deterministic relationship between this information leakage and the secret data we are trying to protect.
With these fundamentals understood, we can see that our options for preventing the threat of side-channel attacks require us to either eliminate the leakage of side-channel information and/or remove the relationship between information leakage and sensitive data. In reality, it is impossible to completely prevent the threat of SCAs; however, certain design choices help significantly improve device security and limit threat potential.
Basic Side Channel Attack Mechanics—Power and EM Attacks
On top of just understanding the fundamentals of side-channel theory, it is also important to know how SCAs are performed in order to prevent being at risk.
With respect to power and EM-based (electromagnetic) SCAs, we can see that the general attack process (example shown in Figure 1) is relatively the same.
Figure 1. The attack flow of power/EM SCAs. Image used courtesy of Das et al
Attackers generally start by gathering a lot of data points on either the device’s power consumption or radiation. The attacker then performs a series of statistical analyses on these traces following a chosen leakage model.
If the leakages are strong and the relationship to the data is apparent, an attacker only needs a couple of traces to get the job done. However, it is most often the case that noise will require the attacker to gather thousands of traces to successfully determine the statistical significance between their traces and the secret data. Generally speaking, the more traces an attacker can gather, the higher the probability of the success of their attack.
By understanding this general attack flow, as shown in Figure 1, another angle we can take at preventing SCAs is to make the effort required by the attacker extremely high. We can make our system safer by requiring the attacker to gather an infeasible amount of traces to break our system. Thus, from a design perspective, our task is to implement enough countermeasures such that the attack becomes too expensive to be feasible.
Example Hardware Level Techniques for EM Attacks
One way that we can mitigate the threat of side-channel attacks is to implement safe design techniques at the hardware level, where we can design logic gates, circuits, and silicon layouts in such a way that physical leakage is reduced.
For reducing EM emanations, there are many methods that can be taken to reduce leakage signal strength.
For example, on a silicon layout, a designer can shield sensitive signals in their layout through the judicious routing of metal layers. In a 2019 paper, Das et al proposed a silicon layout technique where the entire cryptographic core within the local lower-level metal layers, whose leakage cannot be picked up by an external attacker. The results of this paper are shown in Figure 2.
Figure 2. We can minimize the signal strength of EM emissions by judiciously choosing our silicon layout and metal layer routing. Image used courtesy of Das et al
Another EM countermeasure proposed at the silicon level is employing a dual logic technique, where, similar to differential signaling, the radiated emissions from two complementary logical operations would theoretically cancel each other out.
Example Hardware Level Techniques for Power
For power attack mitigation, there are many proposed techniques as well. In a 2015 paper, Gornik et al. proposed a method of preventing power-analysis attacks through the use of a power supply decoupling circuit. The main concept of this countermeasure was to decouple the power supply of the logic gates from the main power supply of a chip. In doing this, the instantaneous power consumption caused by the switching activity of the logic within the chip would not be observable by an adversary with access to the main power supply.
Figure 3. Proposed power supply decoupling circuit for power-attack mitigation. Image used courtesy of Gornik et al
Another proposed countermeasure for power attacks is random dynamic voltage scaling, where voltage rails will randomly vary in value such that it becomes difficult to directly correlate current consumption with logical operations.
Non-hardware Side Channel Mitigation Techniques
Beyond hardware-level countermeasures, there are a plethora of other SCA mitigation techniques that can be employed. At the program level, software engineers can reduce the correlation between leakages and real data by randomizing the software’s order of operations. The use of randomized out-of-order execution software can be designed to make the alignment of traces much more difficult for an attacker. On top of this, engineers can implement dummy instructions into their code to further obscure the attacker’s traces from the actual sensitive data.
At the cryptographic protocol level, engineers can redesign their protocols in such a way that it limits the number of computations an attacker can provoke with a given key. One way of achieving this would be through frequency key refreshing, where the cryptographic key being used is continually changed throughout the protocol—making it extremely difficult for an attacker to pinpoint a specific key.
Learning the Basics of Side-channel Attacks
Side-channel attacks are one of the most significant security threats to hardware systems. While they are not fully preventable, there are absolutely many things we can do as designers to minimize the risks of an attack.
It is clearly impossible to provide a fully comprehensive list of SCA countermeasures, however, this article aimed to provide a foundational understanding of how to approach SCA countermeasures. Beyond this, we provided a series of real countermeasures that have been proposed and used in academia and industry.