Temperature: A Growing Concern For Chip Security Experts

While everyone in the semiconductor industry wants to have the hottest new product, having that type of temperature manifest in a literal sense poses a threat not just to product stability and performance but to the security of the chips themselves.

Temperature has become an object of fascination to security researchers due to the vagaries of how the physical properties of heat affect performance. The chips inside devices only operate well within strict boundaries, just like for humans. They need a range of temperature, voltages, radiation, and environmental conditions, which can affect how these chips work.

Those conditions exist most of the time, but not always. “As much as humans like room temperature, chips like that, too,” said Marc Witteman, CEO of Riscure (recently acquired by Keysight). “They can work well with room temperature, but if the temperature becomes very extreme, then things may get different. Traditionally, we’re thinking of a range where for any of those parameters, a chip will work well, and outside that range it will not work. In reality, there is also a gray area in between, in which the chip will work most of the time, but maybe not always as good as you want it. That area is quite interesting for security researchers, because if you switch from working well to working not at all, there is not a lot of security impact as the device is no longer available. Think about your electric car. If it freezes, then it won’t drive anymore, and that’s a problem. But at least it doesn’t crash. Whereas, if the temperature gets in a certain range, your car would start to crash or do other funny stuff that you don’t want. Then it gets really tricky.”

Heat can be used to crash a system or device entirely but it also poses a second type of threat, via temperature-based side channel attacks, a possibility that has only recently been recognized.

“This is quite a new research domain,” said Lang Lin, principal product manager at Ansys. “In the old days, people were thinking about temperature being just a slow response of the system. It’s not like when we talk about power or electromagnetism, those are just instantaneous signals of the system, but temperature, usually it’s slow,” meaning it can be difficult to immediately derive any sensitive information from a system.

Direct attacks
Thermal attacks are hardly new. In a 2005 paper, researchers at the University of Virginia warned that malicious software could be developed to alter how a chip dissipates its power, thereby raising the temperature. The paper, which used Pentium 4 chips loaded on an ASUS motherboard inside a machine running Windows XP, listed a number of ways this could be accomplished, including using thermal throttling to launch a denial of service attack, both by blocking off air vents and by using software to shut off the system’s fans. Another denial of service method was accomplished by finding ways to raise the temperature to the point of forcing the computer to reset. Heat also was used to gradually damage the components, aging them faster than normal. The researchers theorized that even more egregious harm could be done by disabling the computer’s fail-safe systems.

“There are examples of using temperature as a side channel to recover security keys, so the risk is real,” said Kevin Skadron, professor of computer science at the University of Virginia, co-author of the paper. “These are not hypothetical studies, they’ve actually demonstrated effective attacks. So when we were writing that paper many years ago, we just focused on using temperature as a denial of service attack. But while that’s an annoyance, being able to actually steal information is much more of a concern.”

He pointed out that alongside side channel attacks, temperature could also be used as a cover channel, though he admitted this may have limited usefulness. “In the case of thermal covert channels, presumably what’s going on here is that you’ve got two processes that are running on the same system and they can’t communicate through normal means because it might be detected,” he said. “So they control the temperature of the processor by executing a pattern that leads the temperature to change in a specific way that the receiving information can monitor and say, ‘Oh, this is kind of like Morse code.'”

The paper is almost two decades old, and chips have evolved considerably since its publication, but heat remains a threat. In fact, Scott Best, senior technical director of silicon IP at Rambus, noted that silicon’s transparency to infrared energy allows it to be exploited by an adversary by heating the inside of the chip in a semi-invasive attack.

“Your adversary actually has the silicon, they’ve unpackaged the silicon, they’re looking at the backside of an active chip, and they’re shooting lasers at it,” Best said. “These lasers are tuned to the near-infrared spectrum. Usually it’s in the near-infrared, because silicon is transparent in the infrared, so they’re actually creating heat spots of about 100 nanometers in size inside of the chip. They’re creating localized heat spots, which are pushing charge into some parts of the chip. This type of attack is called fault injection, and your adversary is trying to corrupt secure calculations.”

In this kind of attack, a bad actor uses this technique to extricate firmware from non-volatile memory while the system boots. The attacker then runs a cryptographic process to authenticate the firmware. If the theoretical adversary shoots a laser at the right part of the chip at the exact right moment, “instead of reporting a zero saying inauthentic, it reports a one, saying everything’s fine. And now this malicious firmware image is in the chip and running.”

This type of attack may not attract media attention, but Best said it had been created in lab conditions and described in a recent paper. Researchers were able to get a malicious firmware image running and executing with high permissions, allowing it to remove other protection in the system.

“It went into the fuse memory, and adjusted the fuse memory to say, ‘Make sure you always allow the adversary’s code to run correctly.’ Then, you could take it out of the fault injection system, you could put it back into the system, and now it would very happily accept malware because permissions had now been granted or removed. All of the protections have now been removed and disabled by this one piece of malware that they got running the first time, so now the system is permanently corrupted.”

While this type of attack obviously can be dangerous to an individual chip or system, there can be wider ramifications. It can enable an attacker to gain access to secrets stored on a chip, and it can give them precious data about the entire line of chips. “If every other chip on the product line is, say, an authentication IC, and that authentication IC is protecting, say, post-market consumables in medical devices, which is a $10 billion industry, and the only thing preventing an adversary from shipping a compatible medical component is this $20 authentication chip, they’re going to break into that authentication chip using fault injection. They’re going to get your key material. They’re going to field a compatible security chip. And now they’re stealing a large portion of your $10 billion a year.”

The answer to this problem would seem fairly obvious – just have different keys in every device – but Witteman pointed out this is not always possible. “If you design a new chip and you want to produce a million of them, then you typically produce a million exact copies. All of them will have initially the same data,” he said. “If there’s a secret involved for setting up secure communication, it will be the same for all those chips. So this is an initial problem for loading the first data on a chip. All of them have the same secrets.”

Another solution is proper monitoring, said Lin. “If you have good thermal sensor design, the system can react instantaneously,” he said. “When you sense a high temperature, you shut down the system, then you still can protect it.”

Though often theoretical, these types of heat-based attacks on a system also could result in data being stolen. Lin used the example of a computer loaded with two different Internet browsers to explain how it could be accomplished.

“Let’s say you’re opening a Chrome web server, versus Safari or Firefox, and you search for a website. The entire operation from your click to when the website is being presented to you takes some time. It will increase the temperature of the chip that is doing this operation correctly. It’s like a set of operations. The settle-down temperature of this different browser could be at different temperature. Let’s say Chrome gives you maybe a two-degree increase of temperature, versus Safari, which gives you maybe three degrees of temperature difference. That granularity, you can sense with some very accurate temperature sensors, if you think about that.”

Remote attacks
To exploit a chip using heat, it’s not always necessary to have direct access. While Lin said he couldn’t think of many remote thermal attacks in recent history offhand, they do remain a possible method of infiltration. However, Best noted there usually are very solid measures in place to limit the potential for physical or economic damage.

“Denial of service attacks can be done this way,” said Best. “You could shut down a remote server by causing some sort of malicious hardware to start consuming way more performance than it was actually intended to do. Usually these remote servers allocate very carefully the number of compute cycles that are allowed by any one of the clients, and they’re happy to bill you per CPU cycle that you’re actually using. So if you’re consuming that many cycles, they might move you to your own private server and just charge you an infinite amount of money, but you’re not going to bring down that server. They’re just going to keep charging you more money and moving your compute load to other blades to manage the overall. So it is a path to potential denial of service if you could bring a server down, but there are so many protections in place for limiting the amount of CPU that any one user can perform a normal data center setting.”

While distributed denial of service (DDoS) attacks are unlikely, Best did note that temperature also can be used indirectly for hacking purposes. Many cooling systems are programmed to adjust automatically to the level of heat being emitted within a system, which presents another avenue for attack.

“There have been papers published where that creates what is called an audio side channel, because all that you need to do is listen to the speed of the fan,” he said. “The speed of the fan is being adjusted at such high rates that the actual compute that’s occurring is now correlating to the speed of the fan. So if you listen carefully enough to the speed of the fan, you can actually glean some information about what’s actually happening in the compute. People were able to correlate the speed of the fan to secret key material and the processing of the secret key material inside of the system by forcing the system to cause the compute and then ratcheting up the fan. The fan changed back and forth very slightly, depending on the level of compute, and that could give you a real time view of what the power supply consumption was doing.”

Conclusion
Temperature-based attacks, for the moment, appear to be difficult to pull off, often requiring lab-like conditions to execute properly. But Witteman warned this won’t always be the case, necessitating continuous experimentation to shore up defenses. Security experts have begun taking heat-based vulnerabilities seriously, dedicating themselves to figuring out all the ways they can be exploited before the bad actors can arrive at the same conclusions.

“We argue that attacks will only get worse over time. Attacks will not get more difficult. They will get easier,” said Witteman. “When it comes to heat, this is a method that will require precise equipment. So typically, it’s unlikely that somebody will extract money from your bank accounts because you are carrying your banking cards in a public space. There might be other methods that are much more suitable for that. If you’re specifically interested in heat, the application would most likely require a lab. But then again, if the attacker is also the owner of the device, that is not impossible.”

Related Reading
Power/Performance Costs In Chip Security
Implementing security measures isn’t free. It affects everything from latency and battery life to the equipment and processes used to develop a chip.
Using Real Workloads To Assess Thermal Impacts
A number of methods and tools can be used to determine how a device will react under thermal constraints.