TID-101: Power Consumption Analysis Side Channel
Threat Description
Devices will oftentimes consume variable amounts of power depending on the operations the device is performing. Power consumption analysis involves the reading and analyzing of power usage of a device.
If a device is vulnerable to a power consumption analysis attack, it may be possible to extract or deduce information about the operating state of the device. This can include extracting secrets/keys, discovering operations conducted on sections of memory, and device control flow. A threat actor can therefore physically monitor the power consumption of a device during an execution of a cryptographic operation to create a trace of its power usage over time. By leveraging the understanding of the operations of common cryptographic properties, the power usage traces can be used to infer various information, such as the cryptographic keys.
Threat Maturity and Evidence
Proof of Concept
Differential power analysis (DPA) and correlation power analysis (CPA) on Arduino Uno
Researchers “demonstrate that both DPA and CPA techniques are viable in deducing the full 16-byte key of AES-128 by monitoring the power consumption of an Arduino Uno which implements the AddRoundKey and SubBytes steps in round 1 of AES.”
CWE
CWE-1300: Improper Protection of Physical Side Channels (Base)
“The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.”
CWE-1255: Comparison Logic is Vulnerable to Power Side-Channel Attacks (Variant)
“A device’s real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.”