few damaging attacks of this kind have taken place to date is that data thieves have not had the necessary equipment or know-how. But that could change — which is why Siemens is now working to ensure that its products are as resistant to side channel attacks as possible.
what resources and knowledge a hacker must have to break a given code. At higher levels of certification, the criteria also mandate protec- tion from side channel attacks. Verifying that protection against such attacks actually exists requires considerable effort and is something that can only be done in the Side Channel Lab.
Insider Attacks. Attacks of this sort could in- crease because the number of potential targets is growing. While deciphering a cell phone’s PIN, for instance, is hardly worth the effort be- cause it involves stealing a phone whose card will probably have been blocked by the time the PIN is deciphered, a new, digital trip recorder is another story. Here, the owners of the devices themselves might be interested in getting hold of the code. If individual “bad ap- ples” among freight carriers attempted to lower excessive vehicle speeds or increase the
Of course, the new lab will also provide Siemens’ Groups with new ideas for making products resistant to side channel attacks at the outset. For instance: ➔ The most important rule is that hardware and software must be viewed together and as a whole in security-critical applications. Even the best cryptological algorithm is useless if it runs on a microprocessor that opens the door to side channel attacks; ➔ Instead of using “0s” and “1s,” special micro- processors could perform their calculations us-
PICTURES OF THE FUTURE
Side Channel Attacks
Code breakers at Siemens. Experts at the Side Channel Laboratory use small probe tips to measure a chip’s power consumption, which is displayed on an oscilloscope (right). From the height of the peaks and the bit se- quences that the chip has just processed, the researchers can ulti- mately identify the chip’s secret code.
Keepers of the Codes
Increasingly, microchips are being outfitted with secret codes to encrypt data. In principle, however, these codes can be broken if a chip’s power consumption or electromagnetic emissions are monitored. A new lab at Siemens plans to close these security loopholes.
cryptological chips could operate at asynchro- nous speeds or contain several processors that operate with different and randomly fluctuat- ing clock rates.
Packed in Film. These measures will make it very difficult for a hacker to access secret keys. The interiors of cryptological chips are already well protected against mechanical intrusions. For instance, circuits can be packed in film. If someone tries to destroy the film in order to di- rectly tap a chip’s circuit paths, the chip auto- matically deletes the key code from memory. Modern chips are also armed with temperature sensors to protect against tricks like freezing the chip in liquid nitrogen to prevent the code from being deleted.
The Siemens security team has also given thought to quantum cryptography. One secu- rity measure it developed uses quantum ef- fects to exchange keys through a fiber-optic connection. Given the nature of the laws of physics, a connection of this sort is impossible to bug without alerting the user. But optical signals are also initially generated in electronic devices and would therefore be an easy target for side channel attacks. Quantum cryptogra- phy also has a long way to go to meet produc- tion standards. In any case, it is not an appro- priate solution for practical, everyday products such as chip cards or tachographs. Says Lech- ner: “We don’t expect such an approach to have any practical use for some time.”
This is also true for classic side channel at- tacks such as filtering out texts and passwords from the electromagnetic emissions of PC monitors or keyboards. Using antennas, intelli-
H ow could someone break the codes in chip cards, pay TV decoders or electronic tachographs? This question has been on Stephan Lechner’s mind for a long time — not because he’s up to no good but because he’s a security expert who heads a research depart- ment at Siemens Corporate Technology. Whereas many of his colleagues work primarily on mathematical aspects of data encryption, Lechner’s team at the Security Center in Mu- nich is focusing on a different and particularly nasty form of code breaking: “side channel” at- tacks. In attacks of this kind, the code breaker tries to use physical phenomena such as power consumption, computing time or electromag- netic emissions from electronic circuits to un- ravel codes instead of mathematical tricks and concentrated computer power. Put simply, Lechner’s people observe the microprocessor in action in order to deduce what it is doing.
“Mathematical security used to be regarded as adequate, but that’s wrong,” Lechner warns.
At the Side Channel Lab, which opened in early 2005, Dr. Torsten Schütze, a mathemati- cian, demonstrates just how right his boss is. On a lab table, Schütze has dissected the cir- cuit board of an electronic trip recorder of the kind that will be mandatory equipment in all newly registered European trucks beginning in January 2006. The recorder contains a crypto- graphic controller with a secret digital code that encrypts and records the speed of the truck, the driver’s time at the wheel, and rest periods. Schütze has clamped the probe tips of an oscilloscope directly onto the chip. The in- strument measures the tiny fluctuations in power consumption when the data bits of a simulated tachometer signal stream through the chip and are encoded. As this happens, yel- low waves flash on the screen of the oscillo-
scope. The waves differ in line with the differ- ent bit sequences being processed. A half hour and 200 measurements later, Schütze feeds the measurements into a common statistics program, and after a few seconds a 64-bit number sequence appears on the screen. “This is the key,” says Schütze with satisfaction. That key gives him access to the stored data, which he could now manipulate.
What makes Schütze’s demonstration so ex- plosive is the fact that encryption is becoming increasingly important in our digital world. It is needed when money is transferred or mer- chandise is ordered via cell phone or on the In- ternet, for example, or in set-top boxes for TV, or in access control systems for buildings. Moreover, you don’t have to have a doctorate in mathematics to break these codes — they can be tackled with just a few sophisticated measuring instruments. The only reason so
rest times of their drivers, they would be able to gain an illegal competitive advantage. Lech- ner’s team therefore intends to close any exist- ing security gaps without delay. “Siemens can’t simply wait and see,” says Lechner. After all, Siemens VDO is the market leader worldwide when it comes to tachographs, and it is thus no surprise that it is an important customer for the Side Channel Lab. But not only tacho- graphs are tested here. The transmission of the data from the wheel to the tachograph, which is likewise encrypted, is also examined.
The work of the nine cryptological experts in Lechner’s department is expected to guaran- tee the security of Siemens products. After all, without proof of security, some products no longer stand a chance in the market. Norms for verifying security standards have been laid down by the “Common Criteria” international initiative. Aspects that are assessed include
Countermeasures: noise generators, random cycles and constant current flow
ing “01” and “10” as the smallest units of infor- mation. Although this “dual rail logic” doubles the amount of data, it ensures that each bit has a constant average current. It is thus im- possible to tell whether the processor is han- dling more ones or zeros. In addition, manu- facturers are planning new transistors that always show the same current profile regard- less of which bit they are processing. ➔ A noise generator on a chip operates at the same speed as the processor and draws power at irregular intervals, thereby masking the cur- rent fluctuations; ➔ Random wait cycles generate calculation pauses that are difficult to filter out. Future
awareness of security issues. gence agencies can collect and analyze emis- sions of this kind. Military computing centers, in particular, thus rely on special protection against such attacks. But for Lechner’s lab, side channel attacks against PCs are not an issue, because attacks of this sort are simply too much work to launch. Anyone wanting to crack passwords or read confidential e-mail doesn’t need expensive measuring instru- ments. A more promising route is “social engi- neering,” says Lechner. Examples include brib- ing staff members or digging through wastepaper baskets. The best defense against s u c h a t t a c k s , s a y s L e c h n e r , i s s i m p l y a h e a l t h y ■ B e r n d M ü l l e r
Pictures of the Future | Fall 2005