By Álvaro Gómez, PhD in Electronic Engineering from the Universitat Politècnica de Catalunya. He is currently a member of the QinE research group in the Department of Electronic Engineering at the Universitat Politècnica de Catalunya, and a course instructor of the Master’s Degree in Industry 4.0 at the Universitat Oberta de Catalunya.
By Joan Melià graduated in Telecommunications Engineering from the Universitat Politècnica de Catalunya, and PhD from the Universitat Oberta de Catalunya. He is a faculty member at the Wireless Networks research group.
While the most high-profile attacks, or those that cause the most disruption (and to which the most resources are devoted), are usually carried out remotely via a network connection, these are not the only potential threats. The concept of security encompasses many different levels, from hardware (transistors or logic gates that implement a particular system) to the different layers and communication protocols that enable connectivity.
Let’s focus on low-level security. Consider a smartkey card (e.g. a credit card) in which a cryptographic algorithm such as AES is used. The AES algorithm receives a plaintext and a key, and by means of a series of cryptographic operations, specified according to a standard, it provides the ciphertext. How secure is this algorithm, or rather, how difficult is it to find out the desired encryption key? The answer is that it is extremely difficult to determine which key has been used for encryption. In fact, if the attack is carried out by brute force on the AES algorithm using the technology that is currently available, it could take centuries to crack the key.
And while this may be the case, this would only answer the question in terms of an exclusively algorithmic or “black box” perspective. That is, the attacker does not have access to any internal information while the encryption is taking place. But is this always the case? The answer is no. Any algorithm running on a particular hardware is susceptible to becoming a “grey box“, i.e. a system that unintentionally leaks information. By this “leakage” of information, we do not necessarily mean explicit data from the algorithm, but rather information that is loosely correlated with the data being processed. Such information leakage is what gives rise to the well-known “side-channel attacks“. Take an example: Imagine an everyday situation in which we withdraw money from our trusted bank’s ATM, an operation which requires us to enter the 4 digits of our (secret) pin number. If, a few seconds after entering it, an ill-intentioned individual approaches the ATM keypad with a thermographic camera, they will be able to detect, through a slight change in temperature, the precise keys that have been pressed, and even discern which ones were pressed first. This is what is known as a side-channel attack. Due to the simple fact that the security system (i.e., the pin code) needs to be carried out physically, it is therefore susceptible to this type of information leakage, which is thermal in this case.
Let us return to the case of the AES algorithm used in a smartkey and implemented on a microcontroller which uses a supposedly secret key during the encryption process. One of the main information leak sources is the power consumption of the system. Indeed, memory data movement operations account for a substantial percentage of the power consumed in such devices. Furthermore, it is also known that consumption levels vary depending on whether they are kept at logic level 0 or logic level 1. As a result, the number of ones (or zeros) of the data being written to memory is proportional to the instantaneous power consumption of the device. This simple consumption model is known as the Hamming weight model, and it represents a first approximation towards correlating the internal data handled by the processor with the externally observable device consumption. All this implies that through continuous monitoring in different situations (different encryption operations), and subsequent processing of consumption traces, it is possible to use statistical methods (e.g. differential power analysis) to determine certain data that were supposed to be secret, thereby posing a real threat to security and operations in industrial environments.
Universities are on the lookout for problems such as those described in this article. The QinE research group at the Universitat Politècnica de Catalunya (UPC) is currently developing new proposals for security primitives through the use of non-volatile memory nanodevices and countermeasures to prevent side-channel attacks. And in the Joint Master’s Degree in Industry 4.0 (UOC, ESUPT) we are working to train industry professionals who will have to tackle challenges such as the ones posed in this article.