The hyperconnected world is somewhat of a double-edged sword: while greatly facilitating communications and operations, it fosters an environment where each system inside a network is vulnerable to an attack that can destroy not just that system, but also other systems inside the network.

One of the most harmful and least-effectively countered types of attacks that starts with just one device and metastasizes across the entire network, is a side-channel attack on hardware.

Most modern facilities are managed via sophisticated networks encompassing CCTV, heating, cooling, humidity, electricity, and other utilities. These networks are often located outside a secure perimeter and are controlled and programmed wirelessly across multiple buildings from a single centralized FM center.

The traditional key to enter the facilities is increasingly becoming a relic of a bygone era; today, most hotel rooms, car doors, businesses and government facilities are opened via contactless smart cards.

All modern FM and Access Control Management technologies have one thing in common – they are an entry point for bad actors into private and government buildings, enabling them to do everything from innocuous pranks to consequential theft of commercial and national secrets to wreaking havoc on the nation’s critical infrastructure.

Inside most of these smart cards, devices, and electronics is a hardware chip that often contains memory and a central processing unit (CPU).

While software intrusion and protection against vulnerabilities are continuously addressed by the high-tech community, there’s a major security gap. Unlike software security, protection against hardware vulnerabilities remains a relatively obscure field, rife with complex technical challenges.

In the world of hyperconnectivity, where an attack on one device or system can be an attack on all, it is imperative that the software-hardware security gap be closed.

Side-channel attacks are based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself.

Chipping away

Side-channel attacks on the microchip’s secure element involves collecting and analyzing traces of power consumption or electromagnetic emission of a device in order to acquire cryptographic keys or other sensitive data inside the device.

An accurate measurement of power that a device draws over time when analyzed using statistical analytical methods discloses the nature of operations and can reveal the global security key, thereby exposing the device’s identity (root of trust) and potentially allowing the hacker to gain full control over the device or impersonate that device on the network.

To protect microchips from hackers, manufacturers install cryptographic keys (often global security keys), which are generally considered to be algorithmically not feasible to break, protecting the code stored on the smart cards, locks, and other electronic devices.

However, the global security key does not protect the card, the lock or any other device from a takeover by perpetrators who use side-channel attacks on the secure element, such as Differential Power Analysis (DPA), Simple Power Analysis (SPA), Differential Electromagnetic Analysis (DEMA), and Fault Injection Analysis (FIA).

The real danger

Side-channel attacks are relatively easy and inexpensive to mount against cryptographically protected devices but are notoriously difficult and expensive to defend against.

All the attacker needs in order to break in is an oscilloscope, a computer with the statistical analysis software, and a few off-the-shelf electronic equipment parts.

While other types of attacks involve physical break-ins: a violent observable act of some kind that leaves visual or physical clues after the intrusion, or can potentially be detected using an anti-virus software, side-channel attacks on the secure element are a passive collection of power consumption traces that do not leave any evidence and are completely undetectable.

During the attack, no equipment is destroyed, the compromised device doesn’t have to be moved from its original location, and the successful attack will leave no clue that the card or device is now being controlled by rogue actors.

What if an access card is lost or stolen?

One of the more common facility security risks is also a prime opportunity for side channel attacks. In the event of a lost or stolen card that ends up in the wrong hands, hackers can extract information from the card or the card reader and create thousands of duplicate cards to help perpetrators access facilities that are otherwise restricted.

Alternately, they can manufacture a card with a maximum freedom of movement in all highly restricted zones by extracting the global security key from a limited access card issued to a low-level clearance employee or a temporary visitor.

What’s worse, the cards or devices manufactured by the same maker using the same global security key could fall under the control of perpetrators who can access all other facilities that use the same card model by the same manufacturer. Just one lost or stolen access card in the wrong hands could open all doors.

What if a FM system falls under hackers’ control?

FM systems located outside the building and outside the secure perimeter are accessible to third parties and are less protected than in-house infrastructure. This welcomes potential break-ins using side-channel attacks on utilities and critical infrastructure.

An attacker can take control of the gas supply to the heating system of a Minnesota-based facility and cut off heat during the weekend, freezing the pipes. He or she can shut down air conditioners in a data center in Florida and fry the server room or shut down electricity sources disabling life-supporting equipment in a medical facility.

Any of these potentially devastating scenarios can result from a successful side-channel perimeter penetration attack.

What if the CCTV network Is hijacked?

The CCTV Network’s biggest vulnerability comes from its biggest strength of being a network—a vulnerability demonstrated by a group of Israeli and Canadian cryptography researchers (Dr. Eyal Ronen, Dr. Colin O’Flynn, Dr. Adi Shamir, and Achi-Or Weingarten).

Using only readily available equipment costing a few hundred dollars, the team mounted a successful attack against a network[2] of cryptographically protected Philips smart lightbulbs by injecting a simple instruction code that would turn off the network and instruct other bulbs in proximity to turn off, resulting in a blackout wave.

Hackers who take complete control of an entire CCTV can turn off the cameras and manipulate them at the hardware level, undetectable by the software that normally controls the devices.

Documented access

There have been a number of articles dealing with facilities vulnerability to side-channel attacks (see, for example, Why It’s Time to Completely Rethink Physical Access Control System Architecture and the accompanying presentation). The recurring theme of side-channel attacks is the ease in which a device can be infiltrated. Even if an HID card is protected by means of a cryptographic key, it can still be broken into by means of DEMA, which is a close cousin of DPA.

Side-channel attack on a Protected RFID Card reinforces the threat, noting that: “Side-channel attack is a known security risk to smart cards, and there have been efforts by smart card manufacturers to incorporate side-channel attack countermeasures.”

An experiment conducted by a team of Chinese and American researchers in 2018 proved that after collecting 20,000 power traces (in approximately 200 seconds), only 268 key guesses and another 177 searches (about 300 seconds) were sufficient in recovering the 56-bit source keys of DES (Data Encryption Standard) successfully.

Based on tests conducted by researchers, it can take as little as eight hours of power consumption trace recordings to decode the global security key encrypting the secure element of the microchip.

This translates into a visit by a perpetrator to collect power consumption traces gaining access to the secure perimeter, reinforcing how quickly and relatively effortlessly a side-channel attack can be executed.

Solving vulnerabilities

Manufacturers and end-users are investing significant resources into protecting the software layer of facilities and sophisticated access control management. However effective against software intrusions and malware, these security measures do nothing to protect the hardware layer of the convenient access instruments against side-channel attacks on its hardware’s secure element.

The Biggest Security Threats Facing Embedded Designers argues: “Software security alone is not enough to protect today’s networked devices and fielded systems. What is needed is a combination of software and hardware security.”

Today, most manufacturers perform in-house hardware evaluations or outsource them while incurring significant costs and taking the risk of releasing devices that can be broken into with the side-channel attack.

The manufacturers who do not have the budget to conduct their own vulnerability detection and remediation, address the threat by purchasing readily available side-channel attack-resistant hardware designs of cryptographic algorithms from larger providers. These products are either certified by a recognized body or covered by some sort of a protection guarantee, but only up to a certain number of collected traces.

Until now, manufacturers had no way of validating whether the countermeasures are effective and whether the certification obtained from a certification authority reflects the lack of vulnerabilities. With more affordable tools they should be able to ascertain that the device is free of side-channel attack vulnerabilities.

For the most part, protecting devices against DPA and other attacks on the chip’s secure element has been cost-prohibitive for most manufacturers, requiring expert-level knowledge, experience, and effort that only the most sophisticated manufacturers possess.

Traditional protection involved extensive measurements of actual power consumption by a working device and leveling out power consumption over time to be more even.

Manufacturers would apply countermeasures to ensure power consumption evenness, and then the device would be produced and redesigned again and again through numerous iterations, until the power consumption traces yielded uniform waves.

This method was not economical or effective.

Yuri Kreimer, FortifyIQ CTO and co-founder calls this practice The Hardware Security Paradox.

The Hardware Security Paradox

  • All OEMs and microchip manufacturers face this dilemma:

  • Hardware design needs to be protected from side-channel attacks in order to make a product secure.

  • To test a product's security, it naturally needs to be manufactured first.

  • That progression from hardware design to a testable final product can take months and cost millions of dollars.

  • If design flaw is discovered upon testing, delays and rework on a massive scale result in material consequences for the timing and cost of the product launch.

When it comes to secure hardware implementation, what comes first: the product or its design?

The next-generation solution

One of the most important advantages the manufacturer has over the hacker is the detailed knowledge of the characteristics of the underlying platform, which theoretically, should enable manufacturers to develop more sophisticated defenses against hackers.

Devices that are resistant to power-based side-channel attacks on a secure element (e.g. DPA) are designed so that their power consumption is even over time, regardless of computations that are performed.

The best and the most fiscally sound solution to side-channel vulnerability would be to simulate a microchip’s secure element power consumption first, resolving the problems at the design stage, before moving on to the expensive fabrication stage.

This is where emerging new tools and methods can help manufacturers significantly reduce the costs of production and speed up the trial-and-error cycle by applying a fundamentally different technology that makes it possible to reveal side-channel vulnerabilities of the secure element of the microchip at the design stage.

When investing in access management systems and FM technology and upgrades, FMs should keep an eye on new threats, new solutions, and new ways of managing facilities while maintaining secure perimeters. A better understanding of side channel attacks and forthcoming solutions will help professionals ask their vendors the right questions about equipment protection against power-based side-channel attacks on a secure element.