MID-059: Software Patterns for Side Channel Resistance

Mitigation Tier: Intermediate

Description

Adhering to certain software development patterns can increase the resistance of code to side channel data leakage and limit a threat actor’s ability to extract information via timing, power, or EM-based side channel analysis. Countermeasures can be organized into three categories: hiding (reducing the leakage and adding noise), masking (disassociating leakage from sensitive values, and by protocol (e.g., limiting the usage of sensitive values like cryptographic keys). Example techniques include designing computations to be independent of sensitive values from a time or power perspective, balancing the operations on either side of conditional statements, using unpredictable ordering for bit or byte test and comparison operations, adding randomness or noise, and limiting secret key reuse.

IEC 62443 4-2 Mappings

• none

References

[1] M. Witteman, “Secure Application Programming in the presence of Side Channel Attacks,” Riscure, The Netherlands. Accessed: Aug. 21, 2024. [Online.] Available: https://sidechannel.riscure.com/publications/secure-application-programming-in-the-presence-of-side-channel-attacks/.

[2] Intel. “Security Best Practices for Side Channel Resistance.” intel.com. Accessed: Aug 21, 2024. [Online.] Available: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/security-best-practices-side-channel-resistance.html

MID-059