Workshop on Side Channel Analysis Based Cyber Threats and Mitigation Techniques (WOSCA)


In the field of Cyber Security the term side-channel analysis attack is a form of cyber attack based on information gained from the physical implementation of a cryptosystem. Standard techniques to compromise a crypto system include brute-force attacks, or exploitation of theoretical weaknesses in the cryptographic algorithms, and protocols. As opposed to such standard techniques, Side Channel Analysis based attacks exploit latency of cryptographic computation, non-uniform power consumption, electromagnetic field variations during crypto computation, or even sound during a computation. Since these depend on the implementation, these provide a 'side-door' to the cryptographic secrets such as secret keys. It has been shown that one can successfully use these side doors or channels to break a crypto-system. Most side-channel attacks require in-depth and pretty extensive technical knowledge of the hardware, firmware, and software implementation of the system on which the cryptographic techniques are implemented. However, there are a few attacks that might require much less technical details, and called black-box side channel attacks -- such as differential power analysis.

Some of the well known examples of side-channel analysis based attacks are:

Timing attack — measuring the probability distribution of latency variations during cryptographic computation on different data and using statistical techniques

Power-monitoring attack — measuring the power drawn from the power supply and its variations during computation and using statistics techniques

Electromagnetic attacks — measuring leaked electromagnetic field variations during computation

Differential fault analysis -- injecting faults in computations and observing variations in the computation

Data remanence — exploiting data left behind by an cryptographic applications in registers, caches etc.

Row hammer — changing off-limits memory by accessing adjacent memory.

In most of these cases the underlying principle is that data dependent variations in the physical effects caused by the operation of a cryptosystem can provide useful extra information about secrets in the system, for example, the cryptographic key, partial state information, full or partial plaintexts etc

Most government agencies are concerned with these kinds of attacks, and have started investing in research on this topic. The main thrusts of such research programs are mainly (i) to discover various side-channels and effectiveness and ease with which such side-channels may be exploited by the attackers; and (ii) to find counter-measures by either shielding the side-channels, or by way of system design to remove the correlations of these physical signals from the data being used in the algorithms.

The article "On DARPA's cyber security Radar: Algorithmic and Side-Channel Attacks" mentions the the Defense Advanced Research Agency (DARPA) in the United States is running a program titled "Space/Time Analysis for Cyber Security (STAC)" on this topic. U.S universities such as Yale, Utah, UC Irvine, Maryland, and Wisconsin-Madison are involved in this research. The European framework 6 project SCARD (Side Channel Analysis Resistant Design Flow) works on developing design flows that would create crypto systems without open side channels to be exploited by attackers. In India also, a number of DST, DIT, CAIR, and DRDO projects are running on the topic of power signature based attacks, and design of attack resistant cryptographic primitives. Indian Institute of Technology at Kharagpur has been working on some of these projects among others. It is also known that various governments around the world have been carrying out research in this specific field of cyber attacks, and defense mechanisms.

This 4 day workshop has been organized to provide a pretty in-depth introduction to the various topics in side-channel analysis, attacks, and counter measures from four world experts (two from the United States, and two from Europe) who have made fundamental contributions to this field, and who have been teaching courses on this topic, carrying out research projects, and graduating multiple doctoral students on this topic.

For more Information: Click Here