Thursday, June 25, 2020

Side-channel attack


  • Side-channel attack

In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs). Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited.
General classes of side channel attack include:

    Cache attack — attacks based on attacker's ability to monitor cache accesses made by the victim in a shared physical system as in virtualized environment or a type of cloud service.
    Timing attack — attacks based on measuring how much time various computations (such as, say, comparing an attacker's given password with the victim's unknown one) take to perform.
    Power-monitoring attack — attacks that make use of varying power consumption by the hardware during computation.
    Electromagnetic attack — attacks based on leaked electromagnetic radiation, which can directly provide plaintexts and other information. Such measurements can be used to infer cryptographic keys using techniques equivalent to those in power analysis or can be used in non-cryptographic attacks, e.g. TEMPEST (aka van Eck phreaking or radiation monitoring) attacks.
    Acoustic cryptanalysis — attacks that exploit sound produced during a computation (rather like power analysis).
    Differential fault analysis — in which secrets are discovered by introducing faults in a computation.
    Data remanence — in which sensitive data are read after supposedly having been deleted. (i.e. Cold boot attack)
    Software-initiated fault attacks — Currently a rare class of side-channels, Row hammer is an example in which off-limits memory can be changed by accessing adjacent memory too often (causing state retention loss).
    Optical - in which visual recording can read secrets and sensitive data using a high resolution camera, or other devices that have such capabilities (see examples below)
https://en.wikipedia.org/wiki/Side-channel_attack

No comments:

Post a Comment