Prof. Dr. Horia-Nicolai Teodorescu
Technical Universita of Iasi
Institute of Computer Science of the Romanian Academy
Physical and Hardware Issues in Cybersecurity
Security may refer to fault tolerance, where faults are not necessarily intended, or to security by immunity to attacks. There are three levels of attacks: hardware, software, and communication; at each of the levels, there are two classes of attacks: passive (“listen-only”, “silent”) and active. The passive attacks try to learn what the system is doing, or to identify the system. Digital forensics and attack attribution is difficult in case of passive attacks, because of the passive nature of the attacks.
We focus on the hardware level and on issues related to the physical level of communication (and related use, e.g., radar). We primarily discuss aspects related to immunity to lateral attacks and current methods to resist them. Lateral attacks extract information typically from a small distance by monitoring the electromagnetic fields generated. The very operation of a processor produces fields that carry information about data and code. On the other hand, a humble circuit such as a switching power supply may provide enough information to identify and track an entity: the switching power supply clock has fluctuations that represent a signature, moreover may provide information on the operation and the environment (temperature) of the system. Lateral attacks can reveal cryptographic keys and other sensitive information such as biometric data during the operation of processors.
When the information comes from both the processor and the annex circuitry, it may help information extraction. In principle, when the processor and its power supply operate with different clocks, each may partly mask the operation of the other. However, when they use a single clock, or their clocks are synchronized for the purpose of communication between them, this contributes to simplify the task of lateral attack. This may affect modern chips for power management ICs (PMIC). Examples are given in the presentation (such as the TLF and S6BP from Infineon, or some designs in the PMP78XX series from Texas Instruments). Further signature type information may be provided by the internal clock of the processor used for watchdog operations. Various forms of delays and hysteresis in a processor operation also may provide signatures for identification. When the processor is used in communication, for example in FM or PSK modulations, these signatures, especially those of the clock fluctuations, may be detectable from larger distances, enabling an extended range than that for typical lateral attacks. Solutions suggested in the literature for avoiding these types of attack, including masking with chaotic clocks and other timing generators are discussed in detail.
The presentation concludes with the description of potential directions for future research. It is unclear if the exposed issues affect the operation of NIST encryption methods recommended for resistance to quantum computing deciphering, but in principle they should work as well for them. Also, it is unclear if lateral attacks can compromise quantum encryption hardware.