Call for Participation: Practical Demonstration of Side-Channel Attacks as a Serious Threat to the Security of Embedded Systems

Christoph Hahn | 27. September 2016 | 2 Minuten Lesezeit

Speaker: D. E. Lazich Date: September 27, 15:45 - 16:30 Location: Bonhoefferstraße 11 (Room 205), 69123 Heidelberg

Abstract – Just thirty years ago, the civilian use of cryptography was predominantly confined to banking systems and secure communication between government agencies. Today, with the advent of ubiquitous embedded systems, the use of cryptography is unavoidable in a much larger number of applications. However, due to the easy accessibility of embedded systems, their usually timecritical components, limited resources and competitive prices, the security of embedded systems is especially vulnerable and needs considerable improvements. This is particularly necessary for the defense against the socalled side-channel attacks.

A side-channel attack on a cryptosystem is any attack based on information gained from physical or technical properties of the implemented crypto device (hardware), rather than theoretical weaknesses in the crypto algorithm used (software). For example, power consumption, electromagnetic radiation, timing information, or even emitted light or sound can provide an extra source of information, which can be exploited to break the cryptosystem. By now, side-channel attacks, pioneered by Paul Kocher in the late 1990s, have become very powerful easy-to-implement practical attacks against cryptographic implementations. Unfortunately, these facts are often unknown or heavily underestimated among devel- opers of embedded systems.

To draw attention to the dangers of side-channel attacks, two particularly successful side-channel attacks will be demonstrated with the aid of low-cost equipment. The first demonstration, known as an Electro-Magnetic Attack or Analysis (EMA), shows how a standard integrated circuit leaks information with its own electromagnetic radiation. The second demonstration presents the complete procedure of breaking the Data Encryption Standard algorithm executed in an application specific integrated circuit using the EMA.