Physical Attacks on Secure Systems

Questions and Answers

In the context of fault injection attacks, which of the following strategies exhibits the highest likelihood of successfully bypassing modern memory protection schemes, considering both temporal and spatial attack surface complexities?

• Undertaking a broad-spectrum electromagnetic pulse (EMP) attack, aiming to induce bit flips across a wide range of memory addresses irrespective of their content or access frequency.
• Executing a series of cache-timing attacks to discern memory access patterns, and subsequently using that information to selectively target memory locations during periods of low system activity.
• Targeting infrequently accessed but critical configuration registers within the CPU's memory management unit (MMU) during a context switch.
• Employing a precisely timed voltage glitch to corrupt the page table entry (PTE) corresponding to a read-only memory region just before a crucial kernel function is called. (correct)

Given the multifaceted nature of modern System-on-Chip (SoC) architectures, what constitutes the most effective methodological paradigm for a comprehensive side-channel analysis (SCA) resistant design, considering both implementation diversity and potential attack vectors?

• Performing statistical analysis on post-layout simulations to identify potential leakage sources, and then applying ad-hoc countermeasures to mitigate these specific vulnerabilities.
• Focusing primarily on securing the cryptographic cores with robust countermeasures, assuming that peripheral modules are inherently less susceptible to SCA.
• Implementing uniform coding practices across all modules, coupled with aggressive clock gating to minimize power consumption during sensitive operations.
• Employing a combination of algorithmic masking, hardware randomization, and formal verification techniques, applied iteratively throughout the design and implementation phases. (correct)

What is the most critical implication of mandating resilience against physical attacks for industries handling sensitive data, considering the economic and technological trade-offs?

• It reduces the overall cost of security by focusing resources on physical rather than cyber defenses.
• It leads to a uniform global standard in security protocols, simplifying international commerce.
• It ensures complete elimination of all possible attack vectors, guaranteeing absolute data security.
• It requires ongoing investment in advanced security technologies and expertise, potentially creating barriers to entry for smaller players. (correct)

Within the TOM (Tamper, Observe, Modify) adversary model framework, which of the subsequent tactics represents the MOST sophisticated approach to bypassing hardware-based security mechanisms in a modern cryptographic module, assuming access to advanced microprobing and reverse engineering tools?

Utilizing a side-channel attack to derive the cryptographic algorithm's implementation details and subsequently using fault injection to induce a state transition that exposes sensitive data. (D)

Considering the operational intricacies of side-channel power analysis, what represents the most formidable countermeasure strategy against differential power analysis (DPA) attacks targeting cryptographic implementations?

Employing a combination of constant-time algorithms, masking schemes, and shuffling techniques, fine-tuned via extensive empirical evaluation using high-resolution power measurement equipment. (A)

What is the most effective strategy to mitigate electromagnetic (EM) side-channel attacks, considering the limitations of near-field and far-field probing techniques?

Utilizing differential signaling and shielding layers within the integrated circuit to minimize detectable EM emanations at their source in conjunction with camouflaging techniques. (D)

In the context of side-channel evaluations, what is the fundamental trade-off between unprofiled and profiled attacks when assessing the security of a cryptographic implementation?

Unprofiled attacks require significantly more computational resources but less implementation-specific knowledge, whereas profiled attacks demand precise knowledge of the target device and operating conditions. (B)

When evaluating the resilience of a cryptographic system against side-channel attacks, what criteria should be used to decide between software and hardware implementations?

Evaluate based on the system's threat model, performance requirements, and the feasibility of implementing robust side-channel countermeasures in both domains, considering inherent trade-offs. (A)

Given the constraints of real-world power measurement setups, what represents the MOST significant challenge in accurately characterizing power signatures for side-channel analysis?

Synchronizing the power measurement acquisition with the precise execution timing of cryptographic primitives amidst asynchronous system interrupts and preemptive multitasking. (A)

What is the MOST critical strategic consideration when interpreting an EM scan of a chip surface during side-channel analysis to identify potential leakage sources?

Correlating EM emission peaks with specific cryptographic operations through precise temporal alignment and signal processing techniques. (C)

Which of the following is the MOST likely motivation for a manufacturing company to seek security evaluation services?

Because they have to, or the product cannot be sold. (C)

What is the MOST significant advantage of security certification?

It regulates access to specific markets. (B)

Why do security evaluation standard recognize certificates?

To make evaluations cost-effective. (A)

What is the most important aspect the Common Criteria (CC) aims to achieve regarding Information Technology (IT) product evaluations?

To ensure that evaluations of IT products are performed to high standards and contribute to confidence in the security of those products. (B)

From the options below, select the assertion which accurately reflects the relationship between evaluator impartiality and sponsor influence.

The evaluation sponsor is the vendor. (A)

In Common Criteria (CC) evaluations, what is the primary significance of separating the roles of evaluator and certifier?

To maintain impartiality and prevent conflicts of interest. (B)

Under what circumstance can a Common Criteria (CC) certificate be withdrawn?

When wrong evidence was submitted during the evaluation. (B)

How does EMV chip certification ensure secure composability?

By focusing on the chip, OS, and application as a whole. (D)

What poses the GREATEST challenge to maintaining the ongoing validity and relevance of security certifications?

Keeping up with rapid technological advancements. (D)

Which factor MOST limits the utility of Chip and PIN tech?

Online payments are incompatible with Chip and PIN tech. (D)

What future challenges exist for security?

Addressing how security is impacted by technology shifts, remote attacks and subjective expert evaluation. (D)

Regarding the impact of fault injection attacks, which of the following scenarios exemplifies a second-order fault attack with the highest potential to compromise cryptographic integrity, considering both temporal and spatial fault propagation?

Triggering a race condition in a multi-threaded cryptographic library by precisely timing a power surge during a shared memory access, causing data corruption undetectable by traditional memory safety checks. (B)

For an organization that must decide whether to pursue side channel attack protections, what represents the most financially sound course of action considering the information available?

Protect against side channel attacks based on the value of the data processed and the possible attack vectors. (D)

Rank the following fault injection techniques based on their spatial precision, from highest to lowest:

Laser Fault Injection, Electromagnetic Fault Injection, Voltage Glitching, Clock Glitching (D)

Rank the following Common Criteria components on how difficult they are to achieve (low to high):

EAL1, EAL4, EAL7 (A)

How does the white-box nature of Common Criteria impact the effectiveness of its analysis?

It enables a more precise analysis of security due to unlimited access. (D)

Which industry does EMVco currently standardize security for?

Payment Card Industry (B)

How could a malicious actor violate a 'secure' software implementation of AES using a side-channel attack?

By exploiting the fact that the precise execution time depends on the input plaintext and the key. (A)

Suppose you are tasked with selecting a side-channel analysis countermeasure for a hardware implementation of ECC (Elliptic Curve Cryptography). Which is the MOST comprehensive solution?

Algorithmic Masking (A)

What are the implications of a side channel resistant architecture on performance?

The latency for operations are generally increased. (D)

Imagine you are designing a secure element (SE) for a mobile payment system and want it to be resistant to physical attacks, and thermal based attacks, what measures taken at the design level would result in the most secure device?

Implementing a mesh grid to detect microprobing. (C)

How can advanced electromagnetic fault injection be prevented?

Implementing key diversification as part of an advanced key management scheme. (C)

How can an attacker get arbitrary reads and writes on a memory controller?

By crafting a malicious sequence of memory commands. (B)

What is the least restrictive of all the EAL levels?

EAL1 (C)

Which of the following algorithms would reduce the effectiveness of side channel attacks?

BLAKE3 (A)

Why does EMVco focus on Chip, OS and Application?

Because all three are important in maintaining a consistent security level. (D)

What aspect makes it difficult to maintain ongoing security compliance?

New attack vectors and techniques. (A)

Which of the following are a current issue regarding the limitations of today's security certifications?

They do not look at attack chain complexity. (B)

If a company needs to store credentials, what is the best approach?

Hardware. (C)

What is a large barrier for grey/white box approaches?

The results are subjective. (B)

Given the current landscape of security vulnerabilities, what is an advanced technique for a TOM attacker to get keys?

Exploiting algorithm implementation details. (D)

Flashcards

What are Side Channel Attacks?

Attacks that exploit physical characteristics of a device to recover cryptographic keys, NN training data, or reverse engineer code.

What are Fault Injection Attacks?

Attacks that intentionally introduce faults into a system to recover cryptographic keys, modify memory or register contents, or alter the execution sequence.

Who is the adversary TOM?

An adversary that aims to tamper with hardware, observe side channels, and modify restricted data to bypass security checks.

Why invest in security evaluation?

Evaluation of a device's security to meet requirements for market access or to protect against future damage.

What is security certification?

Evidence that a product meets a set of security requirements.

What is Common Criteria?

A standard that ensures evaluations of IT products meet high standards and contribute to confidence in security.

Who sponsors the evaluation?

The vendor.

What does it mean when CC certificates are public?

This means they can be access by the public.

What are the merits of a CC evaluation?

Guarantees security claims are verified, offers white-box evaluations, attack-based assessments, and uses vetted labs.

What requirements does EMV certification require?

Provides a secure composability including chip, OS and application.

What payments are becoming obsolete?

Online payments are becoming obsolete.

What do conclusions lead us to believe?

Security certifications regulate evaluation and testing in the security industry.

Study Notes

• The presentation introduces the concept and importance of physical attacks on secure systems.
• It addresses why these attacks are important, who an adversary might be, and whether these attacks are relevant to the industry.

The Lecture Covers

• The reasons physical attacks are important.
• Identifying potential adversaries.
• Basic vocabulary related to physical attacks.
• The industry's perspective on physical attacks.

Why Protect Against Physical Attacks

• Physical attacks are powerful and can have devastating consequences.
• Side channel attacks can recover cryptographic keys, recover Neural Network (NN) training data, and reverse engineer code.
• Fault injection can recover cryptograhic keys, modify memory contents, modify register contents, and alter the sequence of executed instructions.
• In certain industries, resilience against physical attacks is mandated.

The Adversary

• The adversary, referred to as "TOM," embodies three key actions: Tamper, Observe, Modify.
• Tamper: Obtain access to the hardware, seeking evidence, resistance, or proof.
• Observe: Identify components and side channels.
• Modify: Read restricted data and bypass security checks.

Side Channel Analysis Setups

• Side-channel analysis setup for power analysis includes: Oscilloscope, target, power supply and current probe.
• Side-channel analysis setup for electromagnetic analysis includes Langer EM probe, target Decapped, XYZ station, and Riscure EM probe.

Side Channel Evaluations

• Side channel evaluations include unprofiled, profiled attacks, and leakage detection.
• Unprofiled attacks' goal is to attack.
• Profiled attacks' goal is to attack.
• Leakage detection's goal is to evaluate.

Software vs Hardware implementations

• Security evaluation service is motivated by the need to sell a product, protect against future damage, gain competitive advantage, and produce secure devices for customer safety.

Common Criteria

• Security certification demonstrates a product meets given security requirements.
• Certification regulates market access for areas like payment and content protection.
• Different security evaluation standards are available.
• Cost-effective due to recognition of certificates, pre-defined security requirements, and evaluation methodology with considerations like industry, product type, security needs, and location.
• Vendor liability is a consideration.

History & Influence of Common Criteria

• Common Criteria originated in 1994 involving France, Germany, the Netherlands, and the UK.
• By 2022, Certificate authorizing members included: Australia, Canada, France, Germany, India, Italy, Japan, Malasia, Netherlands, New Zeeland, Norway, Korea, Singapore, Spain, Sweden, Turkey, USA
• Certificate consuming members include: Austria, Czeck Republic, Denmark, Ethiopia, Finland, Greece, Hungary, Indonesia, Israel, Pakistan, Poland, Qatar, Slovak Republic, UK
• There is a separation of roles between evaluator and certifier.
• The vendor is the sponsor for the evaluation.

Objectives of Common Criteria Evaluation

• To ensure IT product evaluations meet high standards, boosting confidence in their security.
• To improve availability security-enhanced IT products and protection profiles.
• To eliminate duplications in IT product evaluations.
• To enhance the efficiency and cost-effectiveness of the certification/validation process.
• Objectives of CC evaluation has certified CC products per category end of 2022 including; trusted computing, products for digital signatures, other devices and systems, operating systems, network and network-related devices and systems, Multi-Function Devices, etc.
• Common Criteria certificates are public.
• A CC certificate from Qualcomm includes; Security features of the target, components, evaluation facility etc.

Common Criteria Evaluations

• A CC certificate does not guarantee security, by ensures claims about security are independently verified.
• Merits: White-box evaluations, attack-based evaluation, recognized multiple markets, and vetted evaluation labs.
• Criticism: Static, a lot of documentation, and expensive.
• CC certificate can only be withdrawn when issued under misconception, not if a vulnerability is found.

EMV Chip

• Europay Mastercard Visa - First published in 1996
• EMVchip has three key elements: perform processing, store confidential information securely, and perform cryptographic processing.
• EMV certification has keywords like secure composability, chip, OS, and application.
• Certified by accredited labs.
• Manufacturers sponsor evaluations.
• Certification bodies are private companies.
• Online payment world has the chip & pin becoming obsolete.
• Beyond EMV chip needs support for different integrated payment methods, and includes mobile payment,payment tokenization, wearables, EMV3D, etc.
• Technology evolves: HCE, TEE, etc.
• Secure storage of credentials is hardware related.

Conclusions

• Security certification regulates evaluation and testing in the security industry.
• Security certifications exist in complex eco-systems.
• Some schemes do not look at the final product, but the development process.
• The challenges ahead: technology shifts, costs, unclear impact because of attacks, white/grey-box evaluation, and scoring of attacks is subjective expert interpretation.