Side Channels

A side-channel attack is an attack based on information gained from knowledge of the physical implementation of a system (process), rather than theoretical weaknesses in the algorithms.

Similar to covert channels, information is leaked unintentionally.

• For example, access to a shared resource.

A covert channel is a mechanism used to transmit info using methods not originally intended for data transmission (unauthorized and hidden).

System and Network channels (unintentional or provoked by):

• Heat, Cold, Low Power, Microwaves, …

Examples:

• Fault Attacks;

• Timing Attacks;

• Cache Attacks;

• Power Analysis;

• Electromagnetic Emissions;

• Acoustic Emissions;

• Information Disclosure.

Side channels allow an attacker to infer information about a secret by observing nonfunctional characteristics of a program, such as execution time or memory consumed.

Recall that a program can be viewed as a communication channel where information is transmitted from a source H to a sink O. For side-channel analysis, the sink O is not necessarily an output variable but rather a nonfunctional characteristic of program execution, such as running time, power consumption, number of memory accesses or packets transmitted over a network.