Meanwhile, academicians and scholars are closely investigating yet another group of bad actors that – like those vulnerabilities – are up to no good and are also attacking electronics systems. These are fault injection attacks or FIAs.

Bart Stevens, Sr. Director, Product Management for the Cryptography Product Group, recently wrote a piece for eeweb.com/EE Times network to explain to SoC and system designers what FIAs are all about and how best to skirt them in their next generation designs.

Simply put, he says, the whole idea of an FIA is to make silicon do something else besides what it’s intended to. The attackers objective is to create a transient fault during the execution of some particular chip operation or lead to the reduction or disabling of security features and countermeasures.

Two examples Stevens writes about are voltage and clock glitching.  In the first one, he says the attacker increases voltage or creates a fake glitch in the system. As for clock glitching, he says one or more short pulses in the external clock are introduced to temporarily accelerate the chip’s clock.

Stevens tells eeweb.com/EE Times network readers that embedded security establishes the barriers to guard against FIAs and chip vulnerabilities.

“Certain key countermeasures like those in Rambus’ Root-of-Trust core are critical to assure the SoC and system designer an attacker is completely deprived of any attack avenue.  Those countermeasures include items such as critical control signal redundancy, canary logic, separated key bus logic and logic to protect cryptographic algorithm implementations,” Stevens asserts.

Check out Rambus’ DPA Workstation (DPAWS) that’s available with Riscure fault injection products offering complete fault injection functionality and differential fault analysis (DFA).

Differential Power Analysis (DPA) is a form of a side-channel attack that monitors variations in the electrical power consumption or electro-magnetic emissions of a target device. The basic method involves partitioning a set of traces into subsets, then subsequently computing the difference of the averages of these subsets. A trace refers to a set of power consumption measurements taken while the device is performing cryptographic operations. Given enough traces, extremely minute correlations can be isolated no matter how much noise is present in the measurements.

Differential Power Analysis-Resistant Software Libraries (DPASL) are a portfolio of unique software products that provide performance optimized, quantifiable side-channel resistant security for embedded software systems with seamless integration across a wide range of applications. DPASLs’ performance optimized side-channel attack resistant solutions include AES, 3DES, SHA-2, HMAC, ECDSA, ECDH, RSA, and RSA-CRT.

What makes DPASL unique is that with the platform, DPA protections can be enabled at the device level, without relying on DPA countermeasures being implemented at the silicon level. DPASLs are validated to resist first-order and second-order DPA attacks in over one million traces. They are highly flexible and easy to deploy software attacks, utilizing both platform neutral C-code and optionally ARM Cortex optimized code, thereby providing a wide range of device design options. The platform has a strong balance of side-channel protection and performance and code-size.

High-performance software libraries offer application builders an easy-to-integrate software security solution with built-in quantifiable side-channel resistance. The libraries are validated by Rambus for performance across a range of compilers and processors to protect against key extraction of up to 1 million traces, compared to 1 to 10K traces for non-protected implementations like Gladman reference code or other commercial and open source crypto libraries.

The implemented data structures and APIs allow easy integration in industry standard software security protocol implementations by swapping their unprotected cryptographic primitives with protected versions available in the selected DPA-Resistant Software Library.

While it can be argued that silicon-level protections are more robust than those implemented in software at a device-level, DPASL does offer a convenient alternative if designing side-channel resistant hardware is not a realistic option, when standard silicon with non-DPA protection ciphers are used.

The Bottom Line

As devices and services become more advanced and sophisticated, so too do the exploitations and attacks that target them. It is more important than ever for high level security to be implemented as a primary design focus. Should designing side-channel resistance on the hardware level was not a realistic option, DPASLs are a feasible alternative that offers side-channel resistant security on the software level with seamless integration across a wide range of applications with wide range of device options. The platform offers security against side-channel attacks, providing even more options for those who wish to secure their devices.

“Cyber-threats and attacks are becoming increasingly sophisticated and pervasive. Thales products are designed to help organizations stay ahead of the security game by protecting sensitive information from compromise,” said Cindy Provin, chief strategy and marketing officer at Thales e-Security. “By adding Rambus DPA countermeasures, we are able to protect against side-channel attacks, which adds an important element in our robust data security solutions.”

Dr. Martin Scott, senior VP and general manager of the Security Division at Rambus, expressed similar sentiments.

“Thales recognizes the various threats posed by side-channel attacks and has developed solutions that help their customers in businesses, governments and technology sectors mitigate the growing risk associated with these types of attacks,” Scott explained. “Strong countermeasures against these attacks provide the security needed to protect sensitive data and make sure attacks are thwarted.”

As we’ve previously discussed on Rambus Press, Differential Power Analysis is a form of side-channel attack that monitors variations in the electrical power consumption or electro-magnetic emissions of a target device. The basic method involves partitioning a set of traces into subsets, then subsequently computing the difference of the averages of these subsets. Given enough traces, extremely minute correlations can be isolated—no matter how much noise is present in the measurements.

Image Credit: Rambus Security Division (via “Introduction to Differential Power Analysis”)

A typical DPA attack comprises 6 primary stages: communicating with a target device; recording power traces while the target device performs cryptographic operations; signal processing to remove errors and reduce noise; prediction and selection function generation to prepare and define for analysis; as well as computing the averages of input trace subsets and evaluating DPA test results to determine the most probable key guesses. Additional DPA variants include reverse engineering unknown S-boxes and algorithms, correlation power analysis (CPA), probability distribution analysis, high-order DPA and template attacks.

Specific DPA countermeasure techniques include decreasing the signal-to-noise ratio of the power side channel by reducing leakage (signal) or increasing noise, for example, by making the amount of power consumed less contingent upon data values and/or operation (balancing); introducing amplitude and temporal noise; incorporating randomness with blinding and masking by randomly altering the representation of secret parameters and implementing protocol-level countermeasures by continually refreshing and updating cryptographic protocols used by a device.

It should be noted that Rambus has licensed a range of DPA countermeasures to a number of prominent corporations such as Boeing, NVIDIA, Idaho Scientific, The Athena Group, NAGRA and Winbond.

Hardware security cores do not replace CAS or DRM, but are added to a set-top box as an extra layer of security to strengthen the hardware that protects the most important keys and business logic. Hardware security cores can also be effectively equipped with strong protection against many sophisticated attacks, including power and clock glitching, emulation and side-channel attacks such as simple power analysis (SPA) and differential power analysis (DPA).

Put simply, embedded cores bring security inside the set-top box chipset. This paradigm eliminates the smart card and significantly reduces cost – in both the near and long term – via decreases in BOM, card deployment and support, as well as liability of possible card swaps.

It is important to note that all hardware security cores are not created equal. Indeed, operators should ensure that a hardware security core is compatible with multiple leading CAS and DRM systems. If it is, operators will not be locked into a single vendor for the entire lifetime of a set-top box.

Moreover, the ability to function alongside numerous CAS and DRM systems can potentially enable new ways of securely distributing pay content, offering tangible benefits to both DTH operators and OTT distributors. For example, operators can provide their subscribers OTT content alongside broadcast content on a single set-top box using the same robust hardware security, all while maintaining cryptographic isolation between the different systems.

Last, but certainly not least, embedded hardware security cores should be capable of renewing security in the event of a successful breach, while allowing for in-field provisioning of new keys and security algorithms to adapt to new threats. This offers pay TV operators and OTT media providers a cost-effective, future-proof method of securing the broadcast and streaming of next-gen, premium digital content, including 4K and UHD, throughout the lifecycle of a set-top box.

Interested in learning more about implementing a cardless set-top box with embedded security cores? You can check out our eBook on the subject here and our CryptoMedia page here.

“Connected devices of all sizes can [now] be amassed into an army of bots that can bring even giants like Amazon and Netflix to a dead stop,” they explained. “This attack was predicted and warned against by numerous security experts since [Mirai] was published as open source code several months earlier, but that did little to stop its progression.”

According to Sperling and Dorsch, there are not enough layers of security being built into electronics to stop these kinds of problems, and no standard way of creating them.

“What’s interesting here is that the most recent attack went well beyond the usual software and network breaches. It targeted the firmware inside [connected] devices that were secured by weak passwords. And most security experts believe this is just the beginning,” the journalists observed. “[Nevertheless], digging into firmware is more difficult because it requires access to software stored and, frequently, hidden within a chip. That’s why systems companies park their SSL keys there, along with a history of private keys that can work with those SSL keys.”

Yet, security can be compromised if the keys leak.

“If you can crack into a key, you can replace the software and remotely control the device,” Asaf Ashkenazi, senior director of product management in Rambus’ Security Division told Semiconductor Engineering. “Keys are the Holy Grail for hackers.”

Many attacks against keys require a physical component, such as a grinder, physical probes and a scanning electron microscope.

“That’s an invasive attack,” said Ashkenazi. “There also are combination attacks, where you reconstruct keys from a string of bits, not from the software.”

In addition, keys can be extracted via side-channel attacks which utilize passive methods to pick up and monitor electromagnetic activity. Indeed, as we’ve previously discussed on Rambus Press, all physical electronic systems routinely leak information about their internal process of computing.

In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys from IoT endpoints. Regardless of specific instruction set architecture (ISA), most industry security solutions on the market today can be soundly defeated by side-channel attacks. Even a simple radio is capable of gathering side-channel information by eavesdropping on frequencies emitted by electronic devices. In some cases, secret keys can be recovered from a single transaction clandestinely performed by a device several feet away.

Worryingly, millions, if not billions, of connected IoT endpoints are powered by chips that are vulnerable to side-channel attacks. Such unprotected silicon can be found in a wide range of electronic devices including wearables, medical equipment, vehicles, smart appliances and rapidly evolving smart city infrastructure. Fortunately, specific DPA countermeasure strategies can be employed to protect IoT devices and related infrastructure. These include techniques to minimize information leakage, generating noise to drown out leakage signals, the use of randomness to mask computational intermediates, algorithm and implementation obfuscation as well as the use of protocols designed to preserve secrecy even in the presence of (some) leakage.

Interested in learning more? The full text of “What’s Next for IoT Security?” can be found on Semiconductor Engineering here. You can also check out our DPA countermeasures page here and our article archive on the subject here.

“As the world begins to take security more seriously, it becomes evident that a device is only as secure as its weakest component. No device can be made secure by protecting against a single kind of attack,” Bailey explained. “Encryption and root of trust can add additional layers of protection. But even then, the system may not be secure.”

This is because every electronic device emits information about what it is doing, says Bailey, and that information can be used to pry open its defenses. This technique is generally referred to as a side-channel attack. Essentially, side-channel attacks, which include Simple Power Analysis (SPA) and Differential Power Analysis (DPA), can be exploited to analyze characteristics such as power, radiation and timing to infer what a system or chip is doing.

According to Bailey, a Rambus paper written by Gilbert Goodwill confirms that an unprotected AES128 algorithm running on a generic processor can be cracked with only 4 minutes of sample data collected and 10 minutes of analysis.

“When the same algorithm was implemented in an FPGA board, it increased the collection time to 50 minutes plus 12 minutes for analysis,” he noted. “Using that same board, but with a DPA-protected implementation, they were not able to crack it even after obtaining 3 hours of trace data. The statistics they collected also indicated that obtaining more traces would not enable them to crack the device.”

As Bailey points out, there are still many connected devices that have yet to be hacked.

“Lightbulbs never had to have security built into them, but they do now. Security didn’t matter until they become connected,” he added. “Now they provide a way into your network. One can only hope that more companies take hacking seriously, but early indications are that it is still an afterthought.”

As we’ve previously discussed on Rambus Press, all physical electronic systems routinely leak information about their internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys from IoT endpoints. Regardless of specific instruction set architecture (ISA), most industry security solutions on the market today can be soundly defeated by side-channel attacks. Even a simple radio is capable of gathering side-channel information by eavesdropping on frequencies emitted by electronic devices. In some cases, secret keys can be recovered from a single transaction clandestinely performed by a device several feet away.

Worryingly, millions, if not billions, of connected IoT endpoints are powered by chips that are vulnerable to side-channel attacks. Such unprotected silicon can be found in a wide range of electronic devices including wearables, medical equipment, vehicles, smart appliances and rapidly evolving smart city infrastructure. Fortunately, specific DPA countermeasure strategies can be employed to protect IoT devices and related infrastructure. These include techniques to minimize information leakage, generating noise to drown out leakage signals, the use of randomness to mask computational intermediates, algorithm and implementation obfuscation as well as the use of protocols designed to preserve secrecy even in the presence of (some) leakage.

Interested in learning more about protecting silicon from side-channel attacks? You can check out our DPA countermeasures page here and our article archive on the subject here.

As Nathaniel Mott of Tom’s Hardware reports, Rambus’ countermeasures will help protect NVIDIA’s GPUs from side-channel attacks that steal encryption keys by measuring the power consumption of a device.

“Attacks like this can be used to break into protected systems and undermine the common encryption protocols used to secure private data,” he writes. “As computers control more objects–be it through AI, self-driving vehicle technologies, or the rise of the Internet of Things (IoT)–these side-channel attacks could simultaneously grow in popularity and in their ability to wreak havoc on people’s lives.”

By licensing DPA countermeasures, says Mott, NVIDIA is making sure it’s prepared for all types of potential attacks.

“It’s not enough to encrypt information, prevent it from being posted to the internet, or even making sure a device is completely self-contained,” he explains. “If someone can conduct a side-channel attack, there’s a good chance they’ll be able to gain access to devices to use them for nefarious purposes… Increasingly connected lives create a growing number of attack vectors, which means Rambus and NVIDIA working together to block these attacks is likely to pay off sometime in the near future.”

As we’ve previously discussed on Rambus Press, DPA is a type of side-channel attack that involves monitoring variations in the electrical power consumption or EM emissions from a target device. These measurements can then be used to derive cryptographic keys and other sensitive information from silicon.

This is why Rambus’ Cryptography Research division has developed a comprehensive portfolio of application-specific hardware core and software library solutions that can be used to build DPA resistant products. It should be noted that Rambus has licensed its DPA countermeasures to a number of companies over the past year, including Boeing, Winbond, NAGRA and The Athena Group.

Interested in learning more? You can check out our DPA countermeasures product page here.

With 14.9 million subscribers and a growing user base, DishTV India required a simple, yet effective method of protecting premium content from unauthorized access. Ultimately, DishTV India chose Rambus’ CryptoMedia technology over competing solutions to facilitate the design of a secure, cardless set-top box.

Commenting on the deal, Rethink Technology Research analyst Thomas Flanagan stated: “The key to CryptoMedia is that it does not belong to any individual DRM provider. Multiple DRM providers can use [CryptoMedia], as long as they have a relationship with both the operator in question and can access credentials on the device.”

As Flanagan notes, CryptoMedia is embedded in over 70 chipsets from 6 different manufacturers.

“CryptoMedia has been installed in [a number of] set top box chips now, starting with Broadcom and Sigma in 2011 and MediaTek’s Mstar chips in 2014,” he added.

As we’ve previously discussed on Rambus Press, the CryptoMedia Content Protection Core can perhaps best be described as an independent key and rights management engine that protects content and services by guarding control words, services keys and other critical security assets.

Simply put, the Core is somewhat analogous to a non-removable smart card embedded in the actual chipset silicon of a set-top box. Since the Core is tightly integrated with additional security elements such as a descrambler, it is capable of providing a more robust security foundation than a standard, discrete smart card. As discussed above, the Core is available for use with any CAS, OTT or DRM system. Meaning, operators are not locked into a single vendor for the entire lifetime of a set-top box.

Beyond the Core itself, Rambus’ CryptoMedia Content Protection Services (CPS) provides pay TV operators and OTT media providers with robust security infrastructure integration for cryptographic data delivery, while offering engineering services and technical support before, during and after installation to ensure rapid system deployment. Last, but certainly not least, CryptoMedia also supports VIDITY-based formats – securely enabling the delivery of premium content across multiple devices, including smartphones, tablets and smart TVs.

Interested in learning more? You can check out our PayTV page here, our CryptoMedia product page here and our eBook on the subject here.

With 14.9 million subscribers and a growing user base, DishTV India required a simple, yet effective method of protecting premium content from unauthorized access. Ultimately, DishTV India chose Rambus’ CryptoMedia technology over competing solutions to facilitate the design of a secure, cardless set-top box.

“[With Rambus’] embedded CryptoMedia core, we no longer need a smart card to provide secure access to premium content. [This] significantly reduces cost and improves the security of the set-top box,” Jawahar Goel, Managing Director of DishTV India told Rambus Press. “Alongside the standard security blocks inside chipsets and a flexible software CAS, we are using the CryptoMedia core to augment our STB security. This allows us to combine the security of hardware with the flexibility of software solutions within our cardless set top box.”

Sunil Kumar, Vice President-Broadcast RF & Content Protection for DishTV India, expressed similar sentiments.

“By [using] the embedded CryptoMedia core, we were able to deploy multiple security chains within a set top box without needing a smart card. Not only was it easy to integrate into our platform, it also allowed us to eliminate the expense and logistics involved with smart cards,” Kumar explained. “Another benefit of using the CryptoMedia CPC was that it is broadly available. All we had to do was ask our chipset vendor to enable it and our CAS supplier to include the functionality in their solution. By taking these simple steps, we are making huge strides towards revolutionizing our operations for years to come.”

Rambus’ CryptoMedia Content Protection Core can perhaps best be described as an independent key and rights management engine that protects content and services by guarding control words, services keys and other critical security assets. Simply put, the Core is somewhat analogous to a non-removable smart card embedded in the actual chipset silicon of a set-top box. Since the Core is tightly integrated with additional security elements such as a descrambler, it is capable of providing a more robust security foundation that a standard, discrete smart card. It should also be noted that the Core – already embedded in over 70 chipsets from 6 different manufacturers – is available for use with any CAS, OTT or DRM system. Meaning, operators are not locked into a single vendor for the entire lifetime of a set-top box.

Beyond the Core itself, Rambus’ CryptoMedia Content Protection Services (CPS) provides pay TV operators and OTT media providers with robust security infrastructure integration for cryptographic data delivery, while offering engineering services and technical support before, during and after installation to ensure rapid system deployment.

Interested in learning more? You can check out our PayTV page here and our CryptoMedia product page here.

By 2010, smart cards had achieved a high level of robust security against attacks. Nevertheless, hackers – often employed by organized crime rings – had already placed themselves at least one step ahead by exploiting critical vulnerabilities between the card and set-top box. Current vectors of attack against the payTV sector are numerous and include set-top box/card cloning, control word sharing, modchips and free-to-air emulators.

This is precisely why it is critical for PayTV operators to deploy cardless set-top boxes secured by a hardware root-of-trust CAS. This paradigm offers operators robust security with embedded, integrated hardware that stores and protects cryptographic keys against unauthorized access. A cardless hardware root-of-trust CAS can also be effectively equipped with DPA countermeasures, making it resistant to a variety of sophisticated side-channel attacks, including simple power analysis (SPA) and differential power analysis (DPA).

In addition, eliminating the need for a smart card in set-top boxes significantly reduces cost – for both short-term BOM and long-term liability in the form of frequent card swaps. To be sure, a robust hardware root-of-trust CAS significantly extends the overall lifetime of a set-top box as it allows remote operators to securely implement in-field subscriptions and service upgrades. Of course, it is also important for any hardware-based root-of-trust solution to be compatible with multiple leading CAS and DRM systems. Simply put, this ensures that operators are not locked into a single vendor for the entire lifetime of a set-top box.

Perhaps not surprisingly, cardless CAS set-top boxes equipped with a hardware-based root-of-trust are increasing in popularity amongst major operators. A hardware root-of-trust, provided by platforms such as Rambus’ CryptoMedia, offers operators like DishTV India a cost-effective, future-proof method of securing the broadcast and streaming of next-gen, premium digital content, including 4K and UHD.

As we’ve previously discussed on Rambus Press, CryptoMedia, which fully complies with MovieLabs’ Enhanced Content Protection Specification, supports numerous ecosystem configurations, such as CAS, broadcast, OTT and DRM. CryptoMedia also integrates a variety of DPA countermeasures, making it resistant to numerous side-channel attacks, including simple power analysis and differential power analysis. Last, but certainly not least, CryptoMedia helps operators accelerate time-to-market with pre-validated IP by simplifying the certification process.

Interested in learning more about how Rambus CryptoMedia is helping payTV operators go cardless? You can check out our
ebook on the subject here and our CryptoMedia product page here.