14-07-2021 | By Paul Whytock
Side-channel attacks on semiconductor technology are nothing new and were first documented in the mid-1990s by cryptography expert Paul Kocher. Back then they were extremely tricky to perform well because measuring equipment had nowhere near the sophistication of today’s systems and couldn’t really extract sufficient meaningful information from the targeted processors. And when it came to analysing the attack results the computational power available at that time was barely adequate.
All that has changed and side-channel attacks are now much easier to implement. Not only has computational power grown in quantum proportions but artificial intelligence-based analysis has made the results harvested from processors much more useful.
So not only do the perpetrators of side-channel attacks glean higher levels of information it also means they are much harder to defend against. High-value processors are always the optimum targets and these can include secure processors, trusted platform devices and cryptographic keys.
One of the problems is these attacks are almost impossible to detect when they are happening or after they have finished. Data harvested systems will continue to operate as normal.
However, a recent development from cybersecurity specialists Crypto Quantique is claimed by the company to make its CMOS semiconductor IP for second-generation, physically unclonable functions (PUFs) immune to side-channel attacks when used to create exclusive, permanent fingerprints for CMOS chips.
The company’s PUF, called QDID, measures minute quantum tunnelling currents which it says makes it more robust than some other chip security technologies. But more on PUF later. What are some of the already established strategies for thwarting side-channel attacks?
Broadly speaking side-channel attacks feed on data that is leaked through a side-channel relative to secret data. Consequently, counter-measures involve blocking the release of such information and secondly neutralising the link between the leaked information and the secret data, that is making the leaked information unrelated or uncorrelated to the secret data.
Displays with shielding to lessen electromagnetic emissions thereby reducing susceptibility to attacks are now commercially available. Power line conditioning and filtering can also help deter power-monitoring attacks and physical enclosures can cut the risk.
Further security strategies involve jamming the emitted channel with noise and the use of security analysis software to identify certain susceptible classes of side-channel attacks that can be found during the design stages of the hardware.
In the case of timing attacks against targets whose computation times are quantised into discrete clock cycle counts, an effective countermeasure is to design the software to be isochronous, that is to run in an exactly constant amount of time, independently of secret values.
In this company’s view, side-channel attacks exploit key-dependent variables to extract bit values. For example, if a cell consumes more power when settling at a 1 state than at 0, measuring the difference can reveal the semiconductor's identity and cryptographic key secrets.
Technologies exist to mitigate this problem but are expensive to deploy. This company feels its QDID can provide semiconductor manufacturers with a more economical method of meeting the IoT device security requirements and the achievement of EAL4+ security for their devices.
What are QDID fingerprints? These are random numbers, or seeds, that are used to produce device identities and cryptographic keys on demand. The identities and keys together form a hardware root-of-trust (RoT) for the chip or device in which it is used, which is a cornerstone of IoT device security.
QDID IP produces 64 x 64 arrays of cells, each cell consisting of two transistors. The technology then exploits the quantum tunnelling that occurs through the CMOS oxide layer. Electrons propagate through this layer to varying degrees, depending on its thickness and the atomic structure at particular points. Variations in these physical characteristics are completely random and unavoidable in manufacturing. The currents involved are in the order of femto-amps or a few tens of electrons. QDID measures these electron flows to generate random 1s or 0s based on readings of adjacent cells.
A study of Crypto Quantique’s system was conducted by eShard, an independent cybersecurity testing house. The company’s CEO Hugues Thiebeauld commented: “Our security analyst probed near-field electromagnetic emissions over the Crypto Quantique test chip and concluded that with respect to the QDID analog IP the product shows resistance to high attack potential required for EAL4+ certification.”