How does a side channel attack work with enclaves?

A side-channel attack is an attack that gains information using the implementation of a computer system instead of leveraging weaknesses in the software itself. It may not come as a surprise that the physicist’s role is again crucial here. Common attacks are things like cache attacks, power monitoring, timing attacks, acoustic cryptoanalysis and more.

One of the most fascinating examples of this I’ve come across is that theoretically, it’s possible to get into a secure enclave if you have the physical chip and try to read the memory with an electron microscope, but this approach would require serious effort and potentially spoil the data. Of course, the attacker must have the physical device. Ideally, when the chip is manufactured, it creates its own key and uses that for all of its encryption going forward.

We don’t think about this much on the software side, but when it comes to the physical device itself you may wonder how an enclave is secured. From the outset, when data is stored in an enclave it’s encrypted in memory. It is only this enclave that contains the key to read anything at the outset. What a lot of the hardware manufacturers do is design the chip such that it wipes any data on it once it’s physically tampered with. The idea is to store critical information in battery-backed static RAM so it spoils when tampered with or powered off.

You can see more information on this kind of hardware security on page 5 of this Microsemi design document. While I’m no expert, I’d imagine the approach of other semiconductor manufacturers is similar. If you’re curious to learn more about side channel attacks, I’d recommend reading the Conclave docs.

1 Like