日本語

Side-Channel and Fault-Injection Analysis Tools

Side-channel and fault-injection analysis services and equipment information.

+ Side channel attack countermeasures Fault injection countermeasures/SDR equipment sales
We handle side channel attack countermeasures (weak currents and electromagnetic waves), fault injection attack countermeasures, and SDR equipment.
Click here for BadUSB Keylogger Attack AP MITMClick here for password investigation/recovery tool

Ikeriri Network Service handles penetration testing equipment such as side channel attack analysis and countermeasure equipment, fault injection attack analysis and countermeasure equipment, and SDR (Software Defined Radio) equipment such as semiconductor spectrum analyzers and oscilloscopes.


Riscure (currently Keysight) founder Mark / PXI new module / iPhone USBC controller analysis

About side channel attacks
A side channel attack is an attack method that does not directly attack the internal information of a cryptographic system or other security system, but instead uses secondary information (side channel) leaked when the system executes processing to infer secret information.
Cryptographic algorithms and security systems are typically assumed to be mathematically secure. However, in real system operation, secret information may be leaked through side channels such as physical information (e.g., power consumption, electromagnetic radiation, processing time). Side-channel attacks analyze these physical characteristics and infer the keys and data being processed inside the system.

Typical types of side channel attacks
1. Power consumption analysis (Power Analysis)
- Summary: Observe fluctuations in power consumption of encryption devices and infer encryption keys and secret information.
- Method:
- Simple Power Analysis (SPA):
- Directly observe power consumption waveforms and identify key processing patterns.
- Differential Power Analysis (DPA):
- Infer the encryption key using statistical fluctuations in power consumption.
- Target: smart cards, IoT devices, cryptographic modules.
2. Electromagnetic Analysis (EMA)
- Overview: Measures electromagnetic waves emitted by devices during operation and restores processing details.
- Method:
- Infer cryptographic processing and key information from differences in radiation patterns.
- Target: Electromagnetic waves leaking from device casings and cables.
3. Time analysis (Timing Attack)
- Overview: Observe differences in processing time and infer internal processing content and key information.
- Example: The number of conditional branches and loops in a cryptographic algorithm affects processing time.
- Target: Encryption algorithms in general (e.g. RSA, ECDSA).
4. Cache Timing Attack
- Summary: Analyzes processor cache memory usage and deduces keys used for encryption.
- Example: Analyzing the cache access pattern of the AES cryptographic algorithm on the processor.
5. Acoustic Analysis
- Overview: Analyze the sound waves generated while the device is operating and deduce keys and data.
- Examples: keyboard typing sounds and hard disk drive sounds.
6. Optical Analysis
- Overview: Observe the blinking of the device's LED and changes in light intensity to infer the data processing content.
- Example: The blinking pattern of the router's LEDs indicates the content of the data communication.
7. Temperature/radiation attack
- Overview: Measure changes in device surface temperature and thermal radiation to estimate processing status.
- Target: High performance devices and large systems.

The following methods can be used to prevent side channel attacks.
1. Reducing physical leakage
- Apply shielding to the device housing (blocking electromagnetic waves and sound waves).
- Inject noise or random data to make measurements difficult.
2. Countermeasures at algorithm level
- Keep the processing time constant (preventing timing attacks).
- Randomize part of the encryption key to nullify fluctuations in power consumption and electromagnetic waves.
3. Improved hardware design
- Adopts a leak-resistant design (e.g. hardware cryptographic module).
- Circuit design that reduces power consumption and electromagnetic waves.
4. Monitoring and evaluation
- Deploy sensors and monitoring systems to detect side-channel attack attempts.
- Assess leaks with regular penetration tests.

Inspector series of side-channel attack pen test equipment provided by Riscure of the Netherlands
Inspector Side Channel Analysis, a side channel attack analysis tool from Riscure in the Netherlands

About fault injection attacks
A Fault Injection Attack is a method of intentionally disrupting the normal operation of a system or device, causing abnormal behavior, and using the resulting information to attack the system. This is done on hardware and software and is used to exploit vulnerabilities in cryptographic algorithms and security systems.

Fault injection attack overview
- Purpose: Deliberately cause faults in the system and analyze the resulting data and behavior to infer secret information (e.g. encryption keys).
- Applicable to: cryptographic chips, smart cards, embedded systems, IoT devices, etc.
Fault injection attacks are carried out using physical or electrical techniques such as:
Fault injection attack techniques
1. Electromagnetic (EM) Fault Injection
- Summary: Emits high-power electromagnetic waves towards the system, causing errors in the internal circuits.
- Example: Generating an error in a cryptographic chip that disrupts the encryption process and allows the key to be guessed.
2. Power Glitch Attack
- Summary: Temporarily reduces or oversupplies power to the system, causing malfunctions.
- Example: Momentarily changing the power supply voltage of a smart card to skip part of the cryptographic operation.
3. Clock Glitch Attack
- What it is: Temporarily alters the clock signal (high or low frequency) to cause the system to behave in unexpected ways.
- Example: Skip certain conditional branches of cryptographic algorithms.
4. Laser attack
- Summary: A high-precision laser is irradiated on a specific area of ​​the device to disrupt the operation of the circuit.
- Example: Shining a laser on a memory cell causes bit flipping of the data.
5. Attacks due to temperature changes
- Description: Exposes the system to extremely hot or cold environments, destabilizing its operation.
- Example: Change a chip's operating speed or timing to expose vulnerabilities.
6. Mechanical stress
- Summary: Disturbs the internal circuits of devices by applying physical vibrations and shocks.
- Example: Mechanical impact destroys data in memory.

Countermeasures against fault injection attacks include the following.
1. Hardware level measures
- Introducing electromagnetic shielding and physical protection layers.
- Implementation of circuitry to detect fluctuations in power supply and clock signals.
- Fault tolerant design (e.g. error detection and correction features).
2. Software level measures
- Multiple checks of input data and processing results.
- Randomization of processing timing.
- Added a security module to detect abnormal behavior.
3. Environmental management
- Operate in an environment that is not easily affected by temperature, vibration, and electromagnetic waves.
- Restrict device access and prevent unauthorized manipulation.
4. Improvement of cryptographic algorithm
- Adopts a fault-resistant cryptographic algorithm.
- Store key information in parts so that information cannot be guessed due to partial faults.
Inspector series of pen test equipment for fault injection attacks provided by Riscure of the Netherlands
Dutch company Riscure Fault injection attack analysis tool Inspector Fault Injection Analysis


Inspector measurement equipment/probes / Target module for testing / Mark, founder of Riscure

 

Click here for materials → RiscureInspector series catalog (PDF)
Please feel free to contact us →ConsultationPlease.
Seminar networkproduct educationsupport Ikeriri