Unexpected information leakage from side channel

Mar 21, 2014
Unexpected information leakage from side channel
Sakiyama Laboratory from the University of Electro-Communications discovered a weakness in the threshold of normal and abnormal behaviour during overclocking (CLK, above) in cryptographic device. This weakness could be used to reveal the secret key, the parameter used to change ciphertext to plaintext, allowing attackers to decipher a code.

In this high-technology age, finding ways to prevent information leakage via device hacking is increasingly important. In order to pre-empt attacks, researchers carry out false attacks on encrypted devices to find weaknesses that may be exploited in order to implement safeguards.

In particular, so-called "side-channel attacks" are used to collect data on emissions from circuits such as heat and , to analyse information about the circuit and the devices.

Kazuo Sakiyama and his group at the University of Electro-Communications in Tokyo has uncovered a previously unknown target they refer to as 'fault sensitivity' that can be exploited in devices to retrieve such as (cryptographic key). The target lies on the threshold between a device's normal behaviour and any abnormal behaviour triggered when a device is attacked.

In certain attacks, a fault of some kind is deliberately introduced into the device environment - for example inducing strong magnetic field, or forcing the internal electronics to work faster than the device expects ('overclocking'). These cause the device processor to output incorrect results, potentially allowing attackers to decipher encrypted information.

In a series of attacks on three different hardware implementations, Sakiyama and his team found that, during overclocking in one of the three implementations, the fault sensitivity threshold could be used to extract the secret key - the parameter that transforms ciphertext into plaintext. This was in spite of previous error safeguards in programs which stop working once the is forced into abnormal behaviour.

The researchers believe that a specialized 'S-box', a component used to hide the relationship between the key and the ciphertext, incorporated into devices specifically to respond to timing abnormalities may lessen the chances of sensitive data leakage during the fault sensitivity attack.

Explore further: Cyberattack traced to hacked refrigerator, researchers report

More information: Yang Li, Kazuo Ohta, & Kazuo Sakiyama." New fault-based side-channel attack using fault sensitivity." IEEE Transactions on Information Forensics and Security 7 (1) (2012).

add to favorites email to friend print save as pdf

Related Stories

Beefing up public-key encryption

Feb 18, 2013

Most financial transactions on the Internet are safeguarded by a cryptographic technique called public-key encryption. Where traditional encryption relies on a single secret key, shared by both sender and ...

Researchers test quantum encryption hacking risk

May 28, 2013

(Phys.org) —Quantum communication systems offer the promise of virtually unbreakable encryption. Unlike classical encryption, which is used to send secure data over networks today and whose security depends ...

Thefts via public Wi-Fi are grounds for warning

Mar 09, 2014

(Phys.org) —If you are basking in the convenience of doing an online bank transfer at a coffee house while spooning the cream off a designer special, consider the tradeoff, which is placing your personal ...

Recommended for you

Facebook sues law firms, claims fraud

8 hours ago

Facebook is suing several law firms that represented a man who claimed he owned half of the social network and was entitled to billions of dollars from the company and its CEO Mark Zuckerberg.

IBM 3Q disappoints as it sheds 'empty calories'

8 hours ago

IBM disappointed investors Monday, reporting weak revenue growth again and a big charge to shed its costly chipmaking division as the tech giant tries to steer its business toward cloud computing and social-mobile ...

User comments : 0