Side Channel Attack Definition

A Side Channel attack is an indirect attack on an IT system by exploiting physical and logical side effects. Side Channel attacks are complex and are difficult to prevent.

The attack method uses physical or logical side effects and tries to extract protected information or and also, algorithms through observation and analysis.

There are uses of electromagnetic radiation, energy consumption, the time required for specific functions, memory usage, and others.

And also, The power consumption allows conclusions drawn about the current computing power and the operations performed by a processor.

What are the different methods of Side Channel Attacks?

An essential distinction is made between active and passive side channel attacks.

Passive Methods

Firstly, Passive methods try to gain access to information or objects worth protecting by merely observing the side effects.

An example of a passive method is the analysis of a keyboard with a thermal imager to determine passwords or PINs entered by the heat radiated by the fingers on the keyboard.

Active Methods

Active attack methods interfere with the process or the function of a device.

An example of an active method is to make an incorrect entry or by asking the system to perform a specific function.

  • Timing attack: measurement of the computing time when executing certain functions
  • Detection and analysis of heat radiation
  • Acquisition and analysis of sound radiation
  • And also, Measurement and analysis of processor energy consumption
  • Measurement and analysis of electromagnetic radiation
  • Observation and analysis of the response to incorrect entries
  • And also, Evaluation of memory usage

What are the Protective measures against side channel attacks?

Firstly, The protection against side channel attacks is complex and difficult. The typical measures against side channel attacks are:

  1. electromagnetic shielding of the devices
  2. physical measures against sound and heat radiation
  3. Alignment of run times of different processes by inserting redundancies
  4. And also, Generation of runtimes that depend on random functions
  5. Insertion of physical and logical noise functions
  6. Execution of code independent of the input
  7. And also, identical reactions to incorrect entries