“We show that co-location can be achieved and detected by monitoring the last level cache in public clouds,” the Worcester team explained in an article extract. “More significantly, we present a full-fledged attack that exploits subtle leakages to recover RSA decryption keys from a collocated instance.”

To be sure, the researchers targeted a recently patched Libgcrypt RSA implementation by mounting Cross-VM Prime and Probe cache attacks in combination with other tests to detect co-location in a cloud-based service. As a preparatory step, the team reversed engineered the unpublished nonlinear slice selection function for a leading server processor powering the cloud service, which significantly helped accelerate the attack.

After co-location was detected and verified, the researchers performed the Prime and Probe attack to recover noisy keys from a carefully monitored cloud service VM running the vulnerable libgcrypt library. The noisy data was subsequently processed, allowing the team to obtain the complete 2048-bit RSA key used during encryption.

This work, says the Worcester team, reaffirms privacy concerns and underlines the need for deploying stronger isolation techniques in public clouds. Chris Gori, a Technical Director at Rambus Cryptography Research concurred.

“Physical electronic systems routinely leak information about the internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys,” Gori told Rambus Press. “This is true for enterprise servers and data centers, as well as mobile devices, PCs and SIM cards.”

As we’ve previously discussed, the Rambus Cryptography Research division has designed a range of DPA countermeasures that offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.

Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.

“As we set out to provide our customers with the most secure hardware solutions, we know that protecting against the threat of side-channel attacks is a priority – especially in the mobile payments arena,” Chester Hwang Business Unit Leader of Secure memory solutions of Winbond explained in an official press release (insert press release link here). “Rambus DPA countermeasures ensure that Winbond’s TrustME^TM flash memory components are protected from these types of attacks.”

Paul Kocher, chief scientist of the Rambus Cryptography Research division, expressed similar sentiments.

“As mobile devices or IoT objects increasingly manage sensitive data and encrypted transactions, it becomes more important than ever to safeguard them against security threats,” he said. “Our DPA countermeasures allow Windbond to develop DPA resistant flash memory components that are capable of passing high-level industry security certifications.”

[youtube https://www.youtube.com/watch?v=-1tOirH1-FM]

As we’ve previously discussed on Rambus Press, physical electronic systems routinely leak information about the internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys.

As such, the Rambus Cryptography Research division has designed a range of DPA countermeasures that offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.

Interested in learning more? You can visit our official DPA countermeasures page here and browse our article archive on the subject here.

“[The cards use] AES-128, which is supposed to be virtually unbeatable by a brute-force attack, but turns out to be easy to defeat using side-channel analysis,” explained Iain Thomson of The Register. “Side-channel attacks measure things like power consumption, electromagnetic emissions and heat generation to work out what is going on in a chip. The technique has been around for years, and requires physical access to the target device.”

Have you read our primer?
– Side-channel attacks: explained

As Thomson reports, Yu Yu and his university team tracked power levels using an oscilloscope, monitored data traffic with an MP300-SC2 protocol analyzer and correlated the results with a SIM card reader and a standard PC.

“With this simple setup they cracked eight commercial SIM cards in between 10 and 80 minutes,” said Thomson. “Yu [also] demonstrated how the cloned SIM card can successfully impersonate the owner in class [and] showed how a cloned card could change the password on an Alipay and potentially drain the account.”

According to Yu, the above-mentioned hack is based on known differential power analysis attacks.

“The move to AES-based encryption algorithms in 3G/4G USIM cards did not systematically take advantage of state-of-the-art countermeasures against side-channel attacks,” he added. “Indeed, the USIM cards we analyzed essentially relied on plain (unprotected) software implementations of the AES.”

Helena Handschuh, a Director at Rambus’ Cryptography Research division, co-designed the MILENAGE standard discussed in Yu’s Black Hat paper. According to Handschuh, AES-128/Rijndael was chosen for MILENAGE in 2001 so that side-channel countermeasures could be easily incorporated in a SIM-class platform.

“Yu Yu’s paper demonstrates once again that, even though these algorithms are mathematically strong and unbroken, all implementers of crypto need to be aware of side-channel attacks and take appropriate steps to mitigate them,” Handschuh concluded.

As we’ve previously discussed on Rambus Press, physical electronic systems routinely leak information about the internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys.

As such, the Rambus Cryptography Research division has designed a range of DPA countermeasures that offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.

Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.

“In the past, most issues involving power—notably current leakage, physical effects such as electromigration, electrostatic discharge, RC delay and reduced battery life from inefficient designs—were dealt with by large, sophisticated engineering teams at leading-edge process nodes,” Sperling explained.

“When they couldn’t solve those problems the foundries stepped in and adjusted their processes. But with 55nm now considered a mainstream process for the Internet of Things, and most designs now using multiple cores and power domains—sometimes as many as 100 power domains per design—everyone is being forced to grapple with incredibly complex power techniques.”

To make matters worse, says Sperling, the manufacturing side is already dealing with its own power-related problems, which includes shrinking gate oxides between ever-thinner wires, increasing dynamic power density at 16/14nm and beyond, as well as a massive industry effort to create next-generation processes capable of handling increasingly complex designs.

According to Steven Woo, VP of enterprise solutions technology at Rambus, one particular issue that continues to grow in importance is power integrity.

“A good analogy is what happens if you turn on all the water inside a building,” Woo told Semiconductor Engineering. “You lose pressure everywhere. For a chip, if you turn on every subsystems, that’s devastating. You may not have enough voltage to turn on everything, and power integrity goes down.”

Not surprisingly, power-related security concerns may also prompt a reassessment of how future chips and electronics are designed.

“Security requires power to operate, but the flip side is that power is noisy. When you activate circuits you can monitor that noise,” he added. “There’s a growing problem with differential power analysis. What it really comes down to is that you’re trying to give confidence for some period of time, so now you have to determine what is a useful lifetime and how long you’re going to guard it.”

As we’ve previously discussed on Rambus Press, physical electronic systems routinely leak information about the internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys.

As such, the Rambus Cryptography Research division has designed a range of DPA countermeasures that offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.

Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.

“The risk of breaches continues to explode and customers need to quickly get secure solutions into the market,” said Blake-Wilson.

“This is why Barco Silex will be utilizing differential power analysis, or DPA, countermeasure technology to help protect against security risks in a variety of point-of-sale applications. These include banking, retailing, mass transit and wireless telecommunications.”

Sébastien Rabou, Product Manager at Barco Silex, expressed similar sentiments.

“Side-channel attacks are becoming more prevalent and we need a sound solution to combat this growing risk to ensure customer confidence and protect high value assets,” Rabou explained. “The partnership with Rambus provides us with access to world-class cryptography engineers – while developing solutions to benefit the point-of-sale market.”

As Blake-Wilson notes, concerns about DPA security breaches originally surfaced in the smartcard space. Nevertheless, the potential for such attacks is quickly spreading into numerous markets.

“For this reason, there is a need for DPA countermeasures to be adopted across all markets where valuable financial and personal data is being handled,” he added. “Today, products commonly at risk include point-of-sale devices, mobile phones, secure USB flash drives, pay television set-top boxes and optical disc players, among others.”

As we’ve previously discussed on Rambus Press, DPA countermeasures developed by the company’s Cryptography Research Division offer a combination of software, hardware and protocol techniques specifically designed to shield tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.

Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.