Thwarting Side-Channel Attacks With DPA-Protected Software Libraries

All physical electronic systems routinely leak information about the internal process of computing via fluctuating levels of power consumption and electro-magnetic emissions. Much like the early days of safecracking, electronic side-channel attacks (SCA) eschew a brute force approach to extracting keys and other secret information from a device or system.

Moreover, SCA conducted against electronic devices and systems are non-intrusive, relatively simple and inexpensive to execute. Side-channel attacks comprise a wide range of techniques including Differential Power Analysis (DPA), Simple Power Analysis (SPA), Simple Electromagnetic Analysis (SEMA), Differential Electromagnetic Analysis (DEMA), Correlation Power Analysis (CPA) and Correlation Electromagnetic Analysis (CEMA).

Fortunately, SCA can be effectively blocked by a layer of side-channel countermeasures that are implemented via hardware (DPA resistant cores), software (DPA resistant libraries) or both.

Countermeasures – including leakage reduction, noise introduction, obfuscation and the incorporation of randomness – are critical to ensuring the protection of sensitive keys and data. However, it should be emphasized that stand-alone noise introduction is incapable of sufficiently masking side-channel emissions. Indeed, DPA conducted against a device can effectively bypass stand-alone noise countermeasures, ultimately allowing the signal to be isolated. This is precisely why it is critical for systems to be carefully evaluated with a Test Vector Leakage Assessment (TVLA) platform to confirm the cessation of sensitive side-channel leakage.

As we noted above, side-channel attacks can be blocked with countermeasures on either a hardware or software level. If designing side-channel resistant hardware is not a realistic option (i.e. when standard silicon with non-DPA protected ciphers are used), cryptographic implementations can still be effectively protected from side-channel attacks by deploying a DPA-protected software library. Such software libraries should be validated to resist first-and second-order DPA attacks in over 1 million traces. Perhaps most importantly, the libraries should be highly flexible and easy to deploy in existing security software stacks, utilizing both platform neutral C-code and ARM Cortex optimized code, while offering functions for symmetric, asymmetric, secure hash and HMAC functions.

To smooth cross-platform integration, DPA resistant software libraries should be pre-validated for a range of compilers and processors such as MIPS, ARM and x86. Interoperability with standard cipher modes is also an important prerequisite for DPA resistant software libraries. These include Electronic Code Book (ECB), Cipher Block Chaining (CBC), Counter Mode (CTR) and Galois Counter Mode (GCM) and Counter Mode with Cipher Block Chaining – Message Authentication Code (CCM). Similarly, implemented data structures and APIs should be capable of facilitating easy integration with industry standard software security protocol implementations. This can be achieved by swapping unprotected cryptographic primitives with protected versions.

In conclusion, all physical electronic systems routinely leak information about the internal process of computing via fluctuating levels of power consumption and electro-magnetic emissions. SCA can be effectively blocked by a layer of side-channel countermeasures that are implemented via hardware (DPA resistant cores), software (DPA resistant libraries) or both. If designing side-channel resistant hardware is not a realistic option, cryptographic implementations can still be effectively protected from side-channel attacks by deploying a DPA-protected software library.