A side-channel attack does not directly attack algorithms or data. The attack method uses physical or logical side effects and tries to extract protected information or algorithms by observation and analysis. Electromagnetic emissions, energy consumption, the time required for certain functions, memory usage, and others are used. Side-channel attacks are costly and difficult to prevent.
What is a side channel attack?
The term side-channel attack refers to an attack or hacking method that indirectly attacks the algorithm or data being protected. The attack method uses physical or logical side effects of the systems and tries to obtain information about the actual attack target by observing and analyzing them.
Side-channel attacks can be passive or active. Typical methods of attack are measurements of physical quantities such as power consumption, electromagnetic radiation or heat. For example, power consumption allows conclusions to be drawn about the current computing power and the operations performed by a processor.
Other methods measure the time a system needs to perform a certain action or analyze the memory usage of individual processes. Side-channel attacks are often complex and costly. They usually require many individual runs to extract actionable information.
The two microprocessor hardware vulnerabilities published in 2018, Meltdown and Spectre, are based on side-channel attacks and use timing methods to gain unauthorized access to the memory of third-party processes. Side-channel attacks are difficult to prevent and countermeasures can be costly.
The different methods of side-channel attacks
Basically, a distinction can be made between active and passive side-channel attacks. Passive methods attempt to gain access to information or objects worth protecting by simply observing the side effects. An example of a passive method is the analysis of a keyboard with a thermal imaging camera in order to determine entered passwords or PINs through the heat radiated by the fingers on the keyboard.
Active attack methods interfere with the operation or function of a device by, for example, making an incorrect entry or prompting the system to perform a specific function. By observing and analyzing the response of the device or system, such as measuring the time it takes to issue a message, it is possible to draw conclusions about how it works and the algorithm used.
Typical active and passive methods for side-channel attacks include:
- Timing attack: measuring the computation time when certain functions are executed.
- Detection and analysis of heat radiation
- Detection and analysis of sound radiation
- Measurement and analysis of processor energy consumption
- Measurement and analysis of electromagnetic radiation
- Observation and analysis of the reaction to incorrect inputs
- Evaluation of memory usage
Protective measures against side channel attacks
Protection against side-channel attacks is costly and difficult. Countermeasures are usually only effective against one method of attack. However, the attacks are often based on the observation and analysis of multiple channels. Typical measures against side channel attacks are:
- Electromagnetic shielding of the devices
- Physical measures against sound and heat radiation
- Equalization of runtimes of different processes by inserting redundancies
- Creation of runtimes depending on random functions
- Insertion of physical and logical noise functions
- Input-independent execution of code
- Identical reactions to faulty inputs