Unexpected information leakage from side channel

Mar 21, 2014
Unexpected information leakage from side channel
Sakiyama Laboratory from the University of Electro-Communications discovered a weakness in the threshold of normal and abnormal behaviour during overclocking (CLK, above) in cryptographic device. This weakness could be used to reveal the secret key, the parameter used to change ciphertext to plaintext, allowing attackers to decipher a code.

In this high-technology age, finding ways to prevent information leakage via device hacking is increasingly important. In order to pre-empt attacks, researchers carry out false attacks on encrypted devices to find weaknesses that may be exploited in order to implement safeguards.

In particular, so-called "side-channel attacks" are used to collect data on emissions from circuits such as heat and , to analyse information about the circuit and the devices.

Kazuo Sakiyama and his group at the University of Electro-Communications in Tokyo has uncovered a previously unknown target they refer to as 'fault sensitivity' that can be exploited in devices to retrieve such as (cryptographic key). The target lies on the threshold between a device's normal behaviour and any abnormal behaviour triggered when a device is attacked.

In certain attacks, a fault of some kind is deliberately introduced into the device environment - for example inducing strong magnetic field, or forcing the internal electronics to work faster than the device expects ('overclocking'). These cause the device processor to output incorrect results, potentially allowing attackers to decipher encrypted information.

In a series of attacks on three different hardware implementations, Sakiyama and his team found that, during overclocking in one of the three implementations, the fault sensitivity threshold could be used to extract the secret key - the parameter that transforms ciphertext into plaintext. This was in spite of previous error safeguards in programs which stop working once the is forced into abnormal behaviour.

The researchers believe that a specialized 'S-box', a component used to hide the relationship between the key and the ciphertext, incorporated into devices specifically to respond to timing abnormalities may lessen the chances of sensitive data leakage during the fault sensitivity attack.

Explore further: Cyberattack traced to hacked refrigerator, researchers report

More information: Yang Li, Kazuo Ohta, & Kazuo Sakiyama." New fault-based side-channel attack using fault sensitivity." IEEE Transactions on Information Forensics and Security 7 (1) (2012).

add to favorites email to friend print save as pdf

Related Stories

Beefing up public-key encryption

Feb 18, 2013

Most financial transactions on the Internet are safeguarded by a cryptographic technique called public-key encryption. Where traditional encryption relies on a single secret key, shared by both sender and ...

Researchers test quantum encryption hacking risk

May 28, 2013

(Phys.org) —Quantum communication systems offer the promise of virtually unbreakable encryption. Unlike classical encryption, which is used to send secure data over networks today and whose security depends ...

Thefts via public Wi-Fi are grounds for warning

Mar 09, 2014

(Phys.org) —If you are basking in the convenience of doing an online bank transfer at a coffee house while spooning the cream off a designer special, consider the tradeoff, which is placing your personal ...

Recommended for you

China blocks 'privacy' search engine DuckDuckGo

12 hours ago

China has begun blocking the privacy-protecting search engine DuckDuckGo, which avoids storing user data or tracking online activity, according to the company and security researchers.

FBI widens probe of naked celebrity photos

12 hours ago

The FBI vowed Monday to widen a probe into the massive hacking of naked celebrity photos if necessary, after new reported leaks including nude shots of Kim Kardashian.

New ZEBRA bracelet strengthens computer security

16 hours ago

In a big step for securing critical information systems, such as medical records in clinical settings, Dartmouth College researchers have created a new approach to computer security that authenticates users ...

CloudFlare tackles lost SSL key risk with Keyless SSL

Sep 19, 2014

Organizations looking for and concerned about optimal security protection are the targets of a new service announced by San Francisco-based CloudFlare. The offering is called Keyless SSL. CloudFlare explained ...

When does Google hand over your data to governments?

Sep 19, 2014

Governments around the world want to know a lot about who we are and what we're doing online and they want communications companies to help them find it. We don't know a lot about when companies hand over ...

User comments : 0