Recently Fox-IT with input from Riscure conducted research that identified certain generic vulnerabilities of an unprotected embedded system when subjected to a side channel attack method. The highlight of this research is the cost of hardware being used (approximately 200 euro) and the distance between an attack system and the receiving antenna (1 meter). Using a Side Channel Analysis method a successful attack was performed against an implementation of the AES cryptographic algorithm.
You can download the full paper from the Fox-IT website. This research highlights the importance of proper hardware security, especially as the cost of a set up needed to perform an attack decreases significantly. At the same time, we would like to highlight that the target of the research were unprotected AES implementations, and not a DPA-protected hardware AES implementation like the one present in the Microsemi SmartFusion2 chip. In the research two FPGA devices from Microsemi and Xilinx were only used as a vessel/instrument to implement an unprotected cipher to test the potential threat and were not themselves the subject of an attack.
We advise developers to strengthen security of their embedded systems to reduce the chances of a successful Side Channel/Fault Injection attack. To learn more about Riscure’s security services that enable our customers to enhance protection of their embedded devices, click here. More details about Riscure’s tools and software to perform Side Channel Analysis and Fault Injection evaluation can also be found on our website.