Side-channel attack

[1] Attempts to break a cryptosystem by deceiving or coercing people with legitimate access are not typically considered side-channel attacks: see social engineering and rubber-hose cryptanalysis.

General classes of side-channel attack include: In all cases, the underlying principle is that physical effects caused by the operation of a cryptosystem (on the side) can provide useful extra information about secrets in the system, for example, the cryptographic key, partial state information, full or partial plaintexts and so forth.

A cache side-channel attack works by monitoring security critical operations such as AES T-table entry[2][3][4] or modular exponentiation or multiplication or memory accesses.

Also, unlike some of the other side-channel attacks, this method does not create a fault in the ongoing cryptographic operation and is invisible to the victim.

In 2017, two CPU vulnerabilities (dubbed Meltdown and Spectre) were discovered, which can use a cache-based side channel to allow an attacker to leak memory contents of other processes and the operating system itself.

A timing attack watches data movement into and out of the CPU or memory on the hardware running the cryptosystem or algorithm.

Simply by observing variations in how long it takes to perform cryptographic operations, it might be possible to determine the entire secret key.

Such attacks involve statistical analysis of timing measurements and have been demonstrated across networks.

[6] A power-analysis attack can provide even more detailed information by observing the power consumption of a hardware device such as CPU or cryptographic circuit.

[10] Fluctuations in current also generate radio waves, enabling attacks that analyze measurements of electromagnetic (EM) emanations.

A deep-learning-based side-channel attack,[11][12][13] using the power and EM information across multiple devices has been demonstrated with the potential to break the secret key of a different but identical device in as low as a single trace.

A recently declassified NSA document reveals that as far back as 1943, an engineer with Bell telephone observed decipherable spikes on an oscilloscope associated with the decrypted output of a certain encrypting teletype.

[14] According to former MI5 officer Peter Wright, the British Security Service analyzed emissions from French cipher equipment in the 1960s.

[15] In the 1980s, Soviet eavesdroppers were suspected of having planted bugs inside IBM Selectric typewriters to monitor the electrical noise generated as the type ball rotated and pitched to strike the paper; the characteristics of those signals could determine which key was pressed.

[16] Power consumption of devices causes heating, which is offset by cooling effects.

This stress can create low level acoustic emissions from operating CPUs (about 10 kHz in some cases).

Recent research by Shamir et al. has suggested that information about the operation of cryptosystems and algorithms can be obtained in this way as well.

[citation needed] An optical side-channel attack examples include gleaning information from the hard disk activity indicator[17] to reading a small number of photons emitted by transistors as they change state.

[19] Because side-channel attacks rely on the relationship between information emitted (leaked) through a side channel and the secret data, countermeasures fall into two main categories: (1) eliminate or reduce the release of such information and (2) eliminate the relationship between the leaked information and the secret data, that is, make the leaked information unrelated, or rather uncorrelated, to the secret data, typically through some form of randomization of the ciphertext that transforms the data in a way that can be undone after the cryptographic operation (e.g., decryption) is completed.

Under the first category, displays with special shielding to lessen electromagnetic emissions, reducing susceptibility to TEMPEST attacks, are now commercially available.

Power line conditioning and filtering can help deter power-monitoring attacks, although such measures must be used cautiously, since even very small correlations can remain and compromise security.

When the amount of noise in the side channel increases, the adversary needs to collect more measurements.

The most comprehensive method to employ this countermeasure is to create a Secure Development Lifecycle for hardware, which includes utilizing all available security analysis platforms at their respective stages of the hardware development lifecycle.

[21] Such countermeasures can be difficult to implement in practice, since even individual instructions can have variable timing on some CPUs.

Cryptographic code designed to resist cache attacks attempts to use memory in only a predictable fashion (like accessing only the input, outputs and program data, and doing so according to a fixed pattern).

Other partial countermeasures attempt to reduce the amount of information leaked from data-dependent power differences.

Using a constant-weight code (such as using Fredkin gates or dual-rail encoding) can reduce the leakage of information about the Hamming weight of the secret value, although exploitable correlations are likely to remain unless the balancing is perfect.

, the technique applies as follows (for simplicity, the modular reduction by m is omitted in the formulas): before decrypting, that is, before computing the result of

[25] Recently, white-box modeling was utilized to develop a low-overhead generic circuit-level countermeasure[26] against both EM as well as power side-channel attacks.

To minimize the effects of the higher-level metal layers in an IC acting as more efficient antennas,[27] the idea is to embed the crypto core with a signature suppression circuit,[28][29] routed locally within the lower-level metal layers, leading towards both power and EM side-channel attack immunity.