It’s safe to assume that the average computer user is somewhat aware of the notion of cyber threats and computer security. However, there exist threat areas that are so obscure that even professionally trained security experts are just coming to grips with their true scope.One such area involves ‘side-channel attacks’. Put simply, a side-channel attack (or SCA) is an attack that uses incidental computer events to gain privileged access and information. Side-channel attack methods are totally separate and unique from the most commonly executed cyber assaults such as those that exploit software bugs.
When engineers design a device or system, typically it’s only feasible (as far as cost and time) to protect against the most likely adverse scenarios. Cars, for instance, are engineered to protect the occupants against common types of crashes. Airbags and similar safeguards do a good job of protecting passengers from hazards such as other cars, buildings, guardrails, telephone poles, and other objects commonly found on or near roads. However, by that same token, if a driver accidentally goes over a towering cliff or ravine, things won't end too well. Cars simply aren’t engineered to protect passages from such dangers.
Similarly, IT engineers design computer systems and programs to protect against the most commonly known hacks. In other words, they design devices to thwart the sort of attacks they assume a hacker will use. However, as side-channel attack research continues to grow, we’re learning that engineers can be quite wrong in their assumptions.
As alluded to above, SCAs use 'incidental' or 'by-product' events as a basis for attack. Exactly what constitutes a by-product computer event varies widely, however, researchers in this area have found system timing, power usage, electromagnetic and acoustic emissions, cache, and data remanence to be areas of vulnerability.(1)
One of the first widely publicized side-channel attacks was identified by cryptographer Paul Kocher in 1996. He showed that he could crack supposedly secure systems by carefully timing how long it took the computer to decrypt an encrypted message. Kocher’s attack serves as a real-world example of the point we made above. That is, while the engineers who designed the encryption scheme did so to mathematically protect data from an attack, they didn’t foresee hackers measuring slight changes in a machine’s timing as a weakness.
Over two decades later, modern hackers are still using surprisingly similar methods to attack IoT devices. Electromagnetic and acoustic emissions that emanate from these devices are providing enough information to afford a hacker the ability to decipher encryption keys. Adding to the problem, side-channel attacks are extremely difficult to detect. As IoT devices become cheaper and more ubiquitous, the problem will continue to grow in proportion. This is troublesome considering some IoT devices will be used to collect seriously important data including personal health stats.
Going further, security research groups from across the globe are starting to realize that practically every class of technology is vulnerable to one side-channel attack or another. In 2008, a team of Israeli and Belgian security experts proved that an anti-theft device for cars could be cracked with a side-channel attack. What’s shocking is the device known as KeeLoq was designed to have 18 billion billion possible key values. Such a figure should take several decades to crack, according to underlying mathematic principals. Nevertheless, the aforementioned team uncovered a SCA that lead to the discovery of the key in less than one day. Once found, the encryption key could be used by an assailant to deactivate the alarm and drive off with the vehicle. Surprisingly, this technology was used by several major auto manufacturers including GM, Honda, Toyota, and Volkswagen.
Side-channel attacks aren't limited to uncovering encryption keys. Indeed, these cyber assaults are as wide-ranging as any other. Even cloud-based businesses are susceptible.
When we use our computers, typically we have a number of programs (i.e. browser, word processor, music player, email client, etc.) running at once. Data generated by these different programs are stored together in memory. By design, your OS doesn’t allow these data to interact. Interestingly, it’s practically the same in a cloud-based environment. Despite that, savvy hackers are using time-based SCAs within these shared environments to deduce what the other programs are doing in memory. Such nefarious attacks can be used by competitors to steal intellectual property via reverse-engineering proprietary algorithms.
Fortunately, as the bad actors continue to find creative ways to steal information, researchers are developing solutions. Unfortunately, however, according to Nigel Smart, a University of Bristol cryptology professor, “In security, and especially cryptography, it takes a long time to go from an academic idea to something that’s actually used in the real world.” He goes on to say that newly devised protection schemes can take decades to be fully implemented.