UNIT-5 HARDWARE SECURITY

Introduction to hardware security, Hardware Trojans, Side – Channel Attacks – Physical

Attacks and Countermeasures – Design for Security. Introduction to Blockchain
Technology.

Introduction to hardware security

Explain the overview of Hardware Security? (May 2023)
 Hardware security elucidates the study of vulnerabilities and countermeasures in the architecture,
implementation, and validation of modern electronic systems.
 Compared to the study of software security, which has been analyzed and deployed in various
applications, hardware security is relatively new because the hardware has traditionally been
considered immune to attacks and hence formed the trust anchor or root-of-trust of a system.
 Hardware security contains a wide range of topics, as depicted in Figure.


 The overall concept of hardware security and trust can broadly be categorized into two classes: direct
attacks on hardware, including respective countermeasures and system-level security.
 The hardware attacks encompass both security issues and trust issues.
 Hardware security issues arise from its vulnerability to attacks (e.g., side-channel or hardware
Trojan attacks) at different levels of abstraction (chip or PCB) and the lack of adequate hardware
support for software and system security.
 On the other hand, hardware trust issues arise when the untrusted entities get associated with the
hardware’s lifecycle.

Class Notes (13 & 15 Marks QB) Page 1 of 18

  These entities include not only untrusted IP or computer-aided design (CAD) tool vendors but also
comprise untrusted design, fabrication, test, or distribution facilities.
 Another critical feature of hardware security is ensuring the security and reliability of the software
stack.
 It protects sensitive assets stored in hardware from mischievous software and network and isolates
secure data from insecure data and code.
ATTACKS, VULNERABILITIES, AND COUNTERMEASURES
ATTACKS
Attack vectors
 Attack vectors are means or paths for bad actors (attackers) to get access to hardware components for
malicious purposes, for example, to compromise it or extract secret assets stored in hardware.
Attack Surface
 Attack surface is the sum of all possible security risk exposures. It can also be explained as the
aggregate of all known, unknown, and potential vulnerabilities, and controls across all hardware,
software, and network components.

Figure : Possible attack surfaces in a computing system.

 With respect to hardware security, three main attack surfaces are as follows.
Chip Level Attacks:
 Chips can be targeted for reverse engineering, cloning, malicious insertion, side-channel attacks, and
piracy.
 Trojan-infected chips which can pose a threat of unauthorized access, or malfunction. Side-channel
attacks can be mounted on a chip with the goal to extract secret information stored inside it.

PCB-Level Attacks:
 PCBs are common targets for attackers.
 Primary goals for these attacks are to reverse engineer the PCB, and obtain the schematic of the
board to redesign it and create fake units.
 Attackers may also physically tamper a PCB to make them leak sensitive information.
System-Level Attacks:
Class Notes (13 & 15 Marks QB) Page 2 of 18
  Complex attacks involving the interaction of hardware-software components can be mounted on the
system.
 By directly focusing on the most vulnerable parts in a system, such as PCB level (for example,
JTAG) and memory modules, attackers may be able to compromise the system’s security by gaining
unauthorized control and access to sensitive data.
VULNERABILITIES
 Vulnerabilities refer to weakness in hardware architecture, implementation, or design/test process,
which can be exploited by an attacker to mount an attack.
 Following is a description of some typical vulnerabilities in hardware systems:
Functional Bug:
 Most vulnerabilities are caused by functional bugs and poor design/testing practices.
 They include weak cryptographic hardware implementation and inadequate protection of assets in an
SOC.
 Attackers may find these vulnerabilities by analyzing the functionality of a system for different input
conditions to look for any abnormal behaviors.
Side-Channel Bug:
 These bugs represent implementation-level issues that leak critical information stored inside a
hardware component (e.g. processors or cryptochips) through different forms of side-channels.
Test/Debug infrastructure:
 Test engineers provide the study internal operations and processes running in a hardware, which are
essential for debugging a hardware.
 These can be misused by attackers, where extraction of sensitive information or unwanted control of
a system can be possible using the test/debug features.
Access control or information-flow issues:
 A system may not distinguish between authorized and unauthorized users.
 It may give an attacker access to secret assets and functionality that can be misused.
 Moreover, an intelligent adversary can monitor the information flow during system operation to
decipher security-critical information.
COUNTERMEASURES
 Countermeasures can either be employed at design or test time.
 Figure shows the current state of the practice in the industry for SoCs in terms of:
 (a) incorporating security measures in a design (referred to as “security design”), and
 (b) verifying that these measures protect a system against known attacks (referred to as “security
validation”).
 Both pre- and post-silicon security validation come in various forms, which vary
in terms of coverage of security vulnerabilities, the resulting confidence, and the
scalability of the approach to large designs.

Class Notes (13 & 15 Marks QB) Page 3 of 18

  These techniques include code review and formal verification during pre-silicon
validation, fuzzing, and penetration testing during post-silicon validation

Fig. State of the practice in security design and validation along the life cycle of a system on chip.
Design solutions:
 Design-for-security (DfS) practices have emerged as powerful counter measures.
 DfS techniques, such as obfuscation, use of reliable security primitives, side-channel resistance and
hardening schemes for Trojan insertion, can protect against many major attack vectors.
********************************************************************************
HARDWARE TROJANS
Explain Hardware Trojans.
 A hardware Trojan (HT) is defined as a malicious, intentional modification of a circuit design that
results in undesired behavior when the circuit is deployed
 SoCs that are ‘infected’ by a hardware Trojan may experience changes in their functionality or may
leak sensitive information or may have unreliable performance.
Hardware Trojan Structure
 Figure shows the basic structure of the Trojan at gate level.
 The trigger inputs (T1, T2, ..., Tk) come from various nets in the circuit.
 The payload taps the original signal Neti from the original (Trojan-free) circuit and the output of the
Trigger.
 Since the trigger is expected to be activated under rare condition, the payload output stays at the
same value most of the time, Neti.
 However, when the trigger is active, that is, TriggerEnable is “0”, the payload output will be
different from Neti; this could result in injecting an erroneous value into the circuit and causing error
at the output.

Class Notes (13 & 15 Marks QB) Page 4 of 18

 Fig. Trojan structure

Trojan Modeling:
 Trojan will be activated by rare circuit node conditions and will have its payload as a critical node in
terms of functionality, but low observable node in terms of testing, to evade detection during normal
functional testing.
 If the Trojan includes sequential elements, such as rare-event triggered counters, then the Trojan may
be even harder to detect.
 The trigger condition is an n-bit value at internal nodes, which is assumed to be rare enough to evade
normal functional testing.
 The payload is defined as a node that is inverted when the Trojan is activated.
 To make it more difficult to detect, one might consider a sequential Trojan, which requires the rare
event to repeat 2m times before the Trojan gets activated and inverts the payload node.

Fig. Example of combinational and sequential Trojan models.

Hardware Trojans Taxonomy:
 Detection, mitigation, and protection techniques can then be developed for each Trojan class along
with benchmarks to serve as the basis for comparing countermeasures.
 Taxonomy is developed based on hardware Trojans’ physical, activation, and functional
characteristics.
 In this regard, hardware Trojans are classified based on five attributes: (1) insertion phase, (2)
abstraction level, (3) activation mechanism, (4) payload, and (5) location

Class Notes (13 & 15 Marks QB) Page 5 of 18

 Fig. Taxonomy of hardware Trojans.
***********************************************************************************

Side – Channel Attacks

Explain Side – Channel Attacks.
Explain the basic principles of channel attacks. (May 2023)
 Side-channel attacks (SCA) is a non-invasive attack, aims at side-channel inputs and outputs,
bypassing the theoretical strength of cryptographic algorithms which uses additional information
to break the cryptographic protection
 These attacks exploit physical information leaking from various indirect sources or channels, such
as, the target device’s power consumption, electromagnetic (EM) radiation, or the time taken for a
computation. These channels are referred to as “side channels”.
 Five commonly exploited side-channel emissions:
o Power Consumption
o Electro-Magnetic
o Optical
o Timing and Delay
o Acoustic

Class Notes (13 & 15 Marks QB) Page 6 of 18

 Fig. Side-channel leakages while a cryptographic hardware is in operation
 Taxonomy of Side Channel Attacks

 Passive attacks: observe the behavior of the device to infer information about the secret
 Active Attacks: physically operate on the device to gather information about secret (e.g.
fault injection or microprobing)
 Active vs. passive attacks: Active attacks exploit side-channel inputs Passive attacks exploit
side-channel outputs
What are the Side-Channels Used?
 Power analysis attacks is to reveal secret information from a device by analyzing its power
consumption .it is mainly used to extract the secret key of cryptographic systems and successfully
break the Advanced Encryption Standard (AES) in a few minutes.
Types of Power Analysis
 Three types of power side-channel analysis: simple power analysis (SPA), differential , power
analysis (DPA), and correlation power analysis (CPA).
 SPA is a technique that aims to observe power measurements obtained while the device
under attack is in operation mode.
 It can only apply a successful attack if the recorded power consumption can lead to critical
information about the device being revealed.
 DPA is widely used to reveal secret keys of cryptographic systems by obtaining power traces
while the system is encrypting or decrypting data blocks.
 Electromagnetic (EM) Side-Channel Attacks- An adversary usually aims to capture EM signals
that are produced by current flows of data processing stages, where most waves occur, due to the
switching activity of a device.
 It allows critical information to be leaked naturally during operation. When applying EM side-
channel analysis, switching activities can be easily captured and translated into a series of events and
instances that occur in each clock cycle.
 In a fault injection attack, or fault attack, a physical fault is deliberately injected in a device
during its operation with the objective of leaking critical information.
 Such a fault can be injected by disturbing the clock or voltage source, or by using a laser beam, in
order to modify memory or register locations, or to induce other fault effects.

Class Notes (13 & 15 Marks QB) Page 7 of 18

  Timing Attacks- Timing analysis is an SCA that is used to extract critical information about the
device under attack by analyzing the execution time of each operation under different setups and
input patterns.
 Every operation performed in a silicon-based device takes a certain amount of time to
complete.
 This time can vary due to the type of operation, the input data, the technology used to build
the device, and the properties of the environment, in which the device is operating.
 If the victim accesses the memory line during the wait phase, the reload operation
takes a shorter time. Otherwise, the requested line needs to be brought from the
memory, and the reload takes significantly longer time. This attack is called
Flush+Reload Attack.
 Figure shows the timing of the attack phases with and without the victim access.

 A covert channel is one that allows communication between software processes that are not
authorized to communicate within a system.
 These communication channels are often not monitored, as security policies may not be able to
recognize them.

***********************************************************************************
Physical Attacks and Countermeasures
Explain about Physical Attacks and Countermeasures. (May 2023)

Class Notes (13 & 15 Marks QB) Page 8 of 18

  Physical attacks are divided into three categories: noninvasive, semi-invasive, and invasive attacks.
 Invasive attacks require direct access to the internal components of the device, which normally
requires a well-equipped and knowledgeable attacker to succeed.
 A noninvasive attack does not require any initial preparations of the device under test, and will not
physically harm the device during the attack.
 Reverse engineering, microprobing attack, and invasive fault injection attack are the most common
invasive physical attacks
Reverse Engineering
 Reverse engineering (RE) is the process involving the thorough examination of an object to achieve
a full understanding of its construction and/or functionality; a method used by attackers as part of
mounting their attack.
 RE is now widely used to clone, duplicate, or reproduce systems and devices in various security-
critical applications, such as smartcards, smartphone, military, financial, and medical systems.
 Anti-RE techniques should have the ability to monitor, detect, resist, and react to invasive and
noninvasive attacks.
 It can be helpful for protecting confidential information from different types of RE attempts. Some
other methods for protecting these systems are as follows: bus encryption, secure key storage, side-
channel attack (SCA) protection, and tamper-responding technology.
 The various RE of electronic devices from chip to system levels are follows.

1) Chip-level RE:
 RE of chips can be nondestructive or destructive. X-ray tomography is a nondestructive method of
RE that can provide layer-by-layer images of chips, and is often used for the analysis of internal vias,
traces, wire bonding, capacitors, contacts, or resistors.
 Destructive analysis, on the other hand, might consist of etching and grinding every layer for
analysis.
 During the delayering process, pictures are taken by either a scanning electron microscope (SEM),
or a transmission electron microscope (TEM).
 At the chip level, the goal of the RE process is to find package materials, wire bonding, different
metal layers, contacts, vias and active layers, and interconnections between metal layers.
 The RE process has several different steps:
o Decapsulation: Decapsulation exposes the internal components of the chip, which allows for
the inspection of the die, interconnections, and other features.
o Delayering: The die is analyzed layer by layer, destructively, to see each metal, passivation,
poly, and active layer.
o Imaging: An image is taken of each layer in the delayering process by using SEM, TEM, or
SCM.

Class Notes (13 & 15 Marks QB) Page 9 of 18

 o Post-processing: In this process, the images from the previous step are analyzed, schematic
and high-level netlists are created for functional analyses, and the chip is identified. Each of
these steps is discussed in greater detail in the following sections.
2) PCB-level RE:
 RE of PCBs begins with the identification of the components mounted on the board, its traces on the
top and bottom (visible) layers, its ports, and so forth. After that, delayering or x-ray imaging could
be used to identify the connections, traces, and vias of the internal PCB layers.
3) System-level RE:
 RE is performed to tear down the product or system to identify the subsystems, packages, and other
components.
 The subsystems could be electrical or mechanical. In this chapter, only electrical subsystems are
focused.
 The electrical subsystems under analysis consist of hardware and firmware.
 A reverse engineer could analyze the FPGA, board, chip, memory, and software to extract all
information. This effort is concerned with RE when it is done with malicious intentions.
Probing Attack
 Physical attacks are capable of bypassing the confidentiality and integrity provided by modern
cryptography through observation of a chip’s silicon implementation.
 Such attacks are especially threatening to the integrated circuits (ICs) in smartcards, smartphones,
military systems, and financial systems, which process sensitive information.
 Focused ion beam (FIBs) use ions at high beam currents for site-specific milling and material
removal. The same ions can also be injected close to a surface for material deposition.
 These capabilities allow FIBs to cut or add traces to the substrate within a chip, thereby enabling
them to redirect signals, modify trace paths, and add/remove circuits.
 Though FIB was initially designed for failure analysis, a skilled attacker can use it to obtain on-chip
keys, establish privileged access to memory, obtain device configuration, and/or inject faults.
 This can be accomplished by rerouting them to an existing output pin, creating a new contact for
probing, or re-enabling IC test mode. Most of these techniques would not be possible without a FIB.
 While countermeasures against probing, such as active meshes, optical sensors, and analog sensors
have been proposed, they are clumsy, expensive, and ad-hoc.
Invasive Fault Injection Attack
 Non-(semi)invasive: apply combination of unaccounted environmental conditions
○ Vcc
○ Glitch
○ Clock
○ Temperature
○ UV
○ Light

Class Notes (13 & 15 Marks QB) Page 10 of 18

 ○ X-Rays
 The main anticipated difficulties are: focusing the ionizing radiation down to several micrometers
spot and choosing the proper intensity. The Microchip PIC16F84 microcontroller with 68 bytes of
on-chip SRAM memory was used.
 The light from a photo flash lamp was focused using the microscope optics. By shielding the light
from the flash with an aperture made from aluminum foil, the state of only one cell can be changed.
 Focusing the light spot from the lamp on the area shown by the white circle caused the cell to change
its state from “1” to “0”.
 By focusing the spot on the area shown by the black circle, the cell changed its state from “0” to “1”,
or remained in state “1”.
 EEPROM and Flash memory devices can be attacked by local heating technique , which use lasers to
achieve modification.
 This was implemented with inexpensive laser diode module mounted on a microscope. The contents
of the memory can be altered by locally heating up a memory cell inside a memory array, which can
compromise the security of a semiconductor chip.
***********************************************************************************

Design for Security

SECURITY ARCHITECTURE
 The typical approach for developing a baseline secure architecture depends on the following two
steps:
o Use threat modeling to identify potential threats to the current architecture definition.
o Refine the architecture with mitigation strategies covering the threats identified.
 The baseline architecture is typically derived from legacy architectures for previous products,
adapted to account for the policies defined for the system under exploration.
 In particular, for each asset, the architect must identify:
1) who can access the asset;
2) what kind of access is permitted by the policies; and
3) at what points in the system execution or product development lifecycle such access requests can
be granted or denied.
 Most of the relevant work has taken the form of developing a trusted execution environment
(TEE), viz., a mechanism for guaranteeing isolation between code and sensitive data at different
points of the system execution.
 One of the most common TEE architectures is the trusted platform module (TPM), which is an
international standard for a secure crypto-processor. It is designed to secure the hardware by
integrating cryptographic keys into devices.
 Below, three TEE frameworks specifically developed for SoC designs are presented: Samsung
KNOX , Intel Software Guard Extension (SGX), and ARM TrustZone.

Class Notes (13 & 15 Marks QB) Page 11 of 18

 Samsung KNOX
 This architecture is specifically targeted toward smartphones, and provides secure separation features
to enable information partition between business and personal content to coexist on the same system.
 It permits hot swap between these two content worlds, for example without requiring system restart.
 The key ingredient of this technology is a separation kernel that implements the information
isolation.
 This architecture permits several system-level services, including the following:
 Trusted boot, that is, preventing unauthorized OS and software from being loaded onto the
device at startup.
 Trust-zone-based integrity measurement architecture (TIMA), which continually monitors kernel
integrity.
 Security enhancement (SE) for Android, an enforcement mechanism providing protection of
system/user data based on confidentiality and integrity requirements through separation.
 KNOX container, which offers a secure environment in which protected business applications
can run with guaranteed information separation from the rest of the device.
ARM TrustZone
 TrustZone technology is a system-wide approach to provide security on high-performance
computing platforms.
 The TrustZone implementation relies on partitioning the SoC’s hardware and software resources, so
that they exist in two worlds: secure and nonsecure.
 The hardware supports access control and permissions for the handling of secure/nonsecure
applications, and the interaction and communication among them.
 The software supports secure system calls and interrupts for secure runtime execution in a
multitasking environment.
Intel SGX
 SGX is an architecture for providing a trusted execution environment provided by the underlying
hardware to protect sensitive application and user programs or data against potentially malicious, or
tampered operating systems.
 SGX permits applications to initiate secure enclaves or containers, which serve as so-called “islands
of trust”.
 It is implemented as a set of new CPU instructions that can be used by applications to set aside such
secure enclaves of code and data.
 This enables
o 1) applications to preserve the confidentiality and integrity of sensitive data without
disrupting the ability of legitimate system software to manage the platform resources;
o 2) end users to retain control of their platforms, applications, and services even in the
presence of malicious system software.

Class Notes (13 & 15 Marks QB) Page 12 of 18

  The TEEs provide a foundation (that is, a mechanism of isolation) for implementing security
policies. However, they are a far cry from a standardized approach for implementing policies
themselves.
 To provide such approaches, it is necessary to
o 1) develop a language for succinctly and formally expressing security policies;
o 2) generate a parameterized “skeleton” design that can be easily instantiated to diverse policy
implementations; and
o 3) develop techniques for synthesizing policy implementation from high-level descriptions.
***********************************************************************************

Introduction to Blockchain Technology

Explain about Blockchain Technology.
An Overview:
 Blockchain is a method of recording information that makes it impossible or difficult for the system
to be changed, hacked, or manipulated.
 A blockchain is a distributed ledger that duplicates and distributes transactions across the network of
computers participating in the blockchain.
 Blockchain technology is a structure that stores transactional records, also known as the block, of the
public in several databases, known as the “chain,” in a network connected through peer-to-peer
nodes. Typically, this storage is referred to as a ‘digital ledger.’
 Every transaction in this ledger is authorized by the digital signature of the owner, which
authenticates the transaction and safeguards it from tampering. Hence, the information the digital
ledger contains is highly secure.
 Blockchain is an emerging technology with many advantages in an increasingly digital world:
 Highly Secure- It uses a digital signature feature to conduct fraud-free transactions
 Decentralized System-Conventionally, you need the approval of regulatory authorities like a
government or bank for transactions.
 Automation Capability-It is programmable and can generate systematic actions, events, and
payments automatically.
Blockchain Technology
Blockchain is a combination of three leading technologies:
1. Cryptographic keys
2. A peer-to-peer network containing a shared ledger
3. A means of computing, to store the transactions and records of the network
 Cryptography keys consist of two keys – Private key and Public key. These keys help in performing
successful transactions between two parties.

Class Notes (13 & 15 Marks QB) Page 13 of 18

  Each individual has these two keys, which they use to produce a secure digital identity reference.
 This secured identity is the most important aspect of Blockchain technology.
 In the world of cryptocurrency, this identity is referred to as ‘digital signature’ and is used for
authorizing and controlling transactions.
 The digital signature is merged with the peer-to-peer network; a large number of individuals who act
as authorities use the digital signature in order to reach a consensus on transactions, among other
issues.
 When they authorize a deal, it is certified by a mathematical verification, which results in a
successful secured transaction between the two network-connected parties.
 So to sum it up, Blockchain users employ cryptography keys to perform different types of digital
interactions over the peer-to-peer network.
Types of Blockchain
There are four different types of blockchains. They are as follows:
Private Blockchain Networks
 Private blockchains operate on closed networks, and tend to work well for private businesses and
organizations.
Public Blockchain Networks
 Bitcoin and other cryptocurrencies originated from public blockchains, which also played a role in
popularizing distributed ledger technology (DLT). Public blockchains also help to eliminate certain
challenges and issues, such as security flaws and centralization.
Permissioned Blockchain Networks
 It is known as hybrid blockchains, permissioned blockchain networks are private blockchains that
allow special access for authorized individuals.
Consortium Blockchains
 Similar to permissioned blockchains, consortium blockchains have both public and private
components, except multiple organizations will manage a single consortium blockchain network.
The Process of Transaction
 It confirms and authorizes transactions if two individuals wish to perform a transaction with a private
and public key or conducting financial transactions, respectively, the first person party would attach
the transaction information to the public key of the second party. This total information is gathered
together into a block.
 The block contains a digital signature, a timestamp, and other important, relevant information.
 It should be noted that the block doesn’t include the identities of the individuals involved in the
transaction.
 This block is then transmitted across all of the network's nodes, and when the right individual uses
his private key and matches it with the block, the transaction gets completed successfully.
Proof of Work
In a Blockchain, each block consists of 4 main headers.

Class Notes (13 & 15 Marks QB) Page 14 of 18

  Previous Hash: This hash address locates the previous block.
 Transaction Details: Details of all the transactions that need to occur.
 Nonce: An arbitrary number given in cryptography to differentiate the block’s hash address.
 Hash Address of the Block: All of the above (i.e., preceding hash, transaction details, and
nonce) are transmitted through a hashing algorithm. This gives an output containing a 256-bit,
64 character length value, which is called the unique ‘hash address.’ Consequently, it is
referred to as the hash of the block.
 Numerous people around the world try to figure out the right hash value to meet a pre-
determined condition using computational algorithms.
 The transaction completes when the predetermined condition is met.
 To put it more plainly, Blockchain miners attempt to solve a mathematical puzzle, which is
referred to as a proof of work problem. Whoever solves it first gets a reward.

Mining
 The process of adding transactional details to the present digital/public ledger is called ‘mining.’
 Though the term is associated with Bitcoin, it is used to refer to other Blockchain technologies as
well.
 Mining involves generating the hash of a block transaction, which is tough to forge, thereby
ensuring the safety of the entire Blockchain without needing a central system.
Advantages
 Decentralized network, transparency, trusty chain, unalterable and indestructible technology.
Disadvantages
 High energy dependence, the difficult process of integration and the implementation's high costs.

***********************************************************************************

Class Notes (13 & 15 Marks QB) Page 15 of 18

 TWO MARKS

1. What is Hardware security?

Hardware security elucidates the study of vulnerabilities and countermeasures in the architecture,
implementation, and validation of modern electronic systems.
2. What is Attack vectors?
Attack vectors are means or paths for bad actors (attackers) to get access to hardware components for
malicious purposes, for example, to compromise it or extract secret assets stored in hardware.
3. What is Chip Level Attacks?
Chips can be targeted for reverse engineering, cloning, malicious insertion, side-channel attacks, and
piracy.
Trojan-infected chips which can pose a threat of unauthorized access, or malfunction. Side-channel
attacks can be mounted on a chip with the goal to extract secret information stored inside it.
4. What is PCB-Level Attacks?
PCBs are common targets for attackers. Primary goals for these attacks are to reverse engineer the
PCB, and obtain the schematic of the board to redesign it and create fake units. Attackers may also
physically tamper a PCB to make them leak sensitive information.

5. What is Vulnerabilities?
Vulnerabilities refer to weakness in hardware architecture, implementation, or design/test process,
which can be exploited by an attacker to mount an attack

6. What is Hardware Trojans?

A hardware Trojan (HT) is defined as a malicious, intentional modification of a circuit design that
results in undesired behavior when the circuit is deployed.

7. What is Side – Channel Attacks?

Side-channel attacks (SCA) is a non-invasive attack, aims at side-channel inputs and outputs,
bypassing the theoretical strength of cryptographic algorithms which uses additional information to
break the cryptographic protection.

8. Liist Five commonly exploited side-channel emissions.

o Power Consumption
o Electro-Magnetic
o Optical
o Timing and Delay

Class Notes (13 & 15 Marks QB) Page 16 of 18

 o Acoustic

9. What is covert channel?

A covert channel is one that allows communication between software processes that are not
authorized to communicate within a system.
10. What is Reverse Engineering?
Reverse engineering (RE) is the process involving the thorough examination of an object to achieve
a full understanding of its construction and/or functionality; a method used by attackers as part of
mounting their attack.

11. What is Probing Attack?

Physical attacks are capable of bypassing the confidentiality and integrity provided by modern
cryptography through observation of a chip’s silicon implementation.

12. What is Blockchain ?

Blockchain is a method of recording information that makes it impossible or difficult for the system to
be changed, hacked, or manipulated.

13. List the advantages of Blockchain?

 Highly Secure
 Decentralized System
 Automation Capability
14. List the Types of Blockchain.
Private Blockchain Networks
Public Blockchain Networks
Permissioned Blockchain Networks
Consortium Blockchains
15. Mention the Advantages and Disadvantages of Blockchain.
Advantages
 Decentralized network, transparency, trusty chain, unalterable and indestructible technology.
Disadvantages
 High energy dependence, the difficult process of integration and the implementation's high
costs.
16. What is Power analysis attacks?
Power analysis attacks is to reveal secret information from a device by analyzing its power
consumption.
17. What is Electromagnetic (EM) Side-Channel Attacks?
Electromagnetic (EM) Side-Channel Attacks- An adversary usually aims to capture EM signals that
are produced by current flows of data processing stages, where most waves occur, due to the
switching activity of a device.
Class Notes (13 & 15 Marks QB) Page 17 of 18
18. What is Timing Attacks?
Timing Attacks- Timing analysis is an SCA that is used to extract critical information about the
device under attack by analyzing the execution time of each operation under different setups and
input patterns.

19. What is fault injection attack, or fault attack?

In a fault injection attack, or fault attack, a physical fault is deliberately injected in a device during its
operation with the objective of leaking critical information.

20. Mention the three leading technologies of Blockchain.

Blockchain is a combination of three leading technologies:
1. Cryptographic keys
2. A peer-to-peer network containing a shared ledger
3. A means of computing, to store the transactions and records of the network
21. What are the types of Hardware Trojans? (May 2023)

a) Physical representation (i.e., how it behaves, how it looks like)

b) Its behavior (i.e., how it shows up and what are its effects)

22. What is KYC in blockchain? (May 2023)

KYC verification is the straightforward process of authenticating a client, employee, vendor, or

stakeholders identity using validating factors. These factors could include photo based IDs , facial
features, answers to randomized questions, etc which gets easier via blockcahin KYC.

Class Notes (13 & 15 Marks QB) Page 18 of 18