Side-channels analysis and side-channel attacks have emerged as a powerful tool for data theft, particularly in the context of breaking encryption. Such side-channel attacks typically avoid traditional access controls and protections by exploiting physical or micro-architectural side-effects of computation. In other words, instead of exploiting the computation's overt (i.e., program- and ISA-specified) functionality, side-channel attacks exploit the fact that computation on physical devices transfer much more information than just the desired input-output information. And because computation involves a large variety of electronic and micro-architectural activity, there are numerous possible side channels that can be attacked. Side channel-attacks (or, simply “side channels”) can include attacks to infer secrets (e.g. cryptographic keys) by, for example, observing power consumption, sound, electromagnetic (EM) emanations (i.e., “signals”), behavior under faults, and performance of shared caches, instruction caches, and branch predictors. In general, side channel attacks are carried out by identifying some physical or micro-architectural “signal” that leaks desired information about system activity or the data it processes, and then monitoring and analyzing that “signal” as the system operates. These side-channel signals are unintentional and are created as a side effect of internal system activity. For example, when a CPU executes instructions from RAM, the CPU creates unintentional electromagnetic emanations that can be received by attackers from outside the CPU's system, irrespective of other signals emitted by the system.
FIG. 1 illustrates an exemplary side-channel attack. In the example, while at a coffee shop, investment banker Alice makes several stock trades and writes sensitive emails using an encrypted connection to her employer's server. Alice's back is against the wall of the coffee shop because she does not want others to observe what she is doing. But the coffee shop is known to be visited frequently by investment bankers, so at the next table, Eve is recording EM emanations from Alice's laptop using an antenna hidden in a briefcase, Evan has installed a microphone under Alice's table to try to collect sound emanations from her laptop, and Evita has attached a power meter, disguised as a battery charger, into the wall socket where Alice's laptop is plugged in.
The work on understanding and quantifying potential side channel exposure at the microarchitectural and architectural levels is still in its infancy. Side channels that exploit shared hardware resources are relatively well understood in the microarchitecture community, and both hardware and software solutions have been proposed to alleviate or even completely close these side channels. Side channels based on physical side-effects (power consumption, sound, or EM emanations), however, are more difficult for microarchitects and programmers to alleviate, in part because the relationship between computational behavior and the resulting side-channel signal is very complex and poorly understood. Among these, EM emanations are potentially the most complex: the emanated signals may theoretically be anywhere in the EM spectrum, and signals at different frequencies may provide attackers with insight into different aspects of computational activity. In essence, EM side channels have many sub-channels that the attacker can potentially exploit.
To make matters worse, the EM side channel is also among the least risky for attackers to exploit because EM emanations can be covertly recorded from a distance without requiring physical modifications, physical connections, or system access. Thus, it is the most attractive for hackers. In contrast, exploits based on shared-resource side channels require attackers to run their “snooper” code in the same system as the victim programs. Power analysis attacks require power measurement equipment to be attached to the system's power supply, preferably at a point close to the processor where the rapid changes in the signal are not filtered out.
For both attacks and mitigation efforts, the first step is to identify signals that have some dependence on the secret information of interest. For example, differential power analysis (DPA) attacks determine which time offsets during an encryption operation give the most information about a particular secret key bit. In EM attacks, one typically identifies a range of frequencies where the signal varies depending on a secret key bit, then demodulates the signal at those frequencies or filters out non-useful frequencies. Many descriptions of successful side-channel attacks only briefly or implicitly address the underlying causes and mechanisms resulting in information leakage. This is because finding an information carrying signal and determining its cause are separate processes, and determining causation is not vital to extracting secret information.
However, mitigation is difficult without causation. Without a systematic approach to identification and causation, causation is a time-consuming trial-and-error process where one makes an educated guess as to the likely sources of information leakage, fixes the hypothesized problem, and sees whether leakage has been reduced. Further, while certain solutions assess the “leakiness” of a particular system and application over a given side channel, such solutions provide limited insight for computer architects about which architectural and microarchitectural features are the strongest (i.e., most egregious leakers) and for software developers to help them reduce the “leakiness” of their code.