This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know' to do Cryptography: a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. In this post (spoiler alert!) we enumerate various flavours of side-channel attacks.
Right, shall we keep this one simple? Side-Channel Attacks (SCA) utilise information acquired in the context of physical implementations of cryptographic algorithms, as opposed to classical cryptanalytic attacks which target theoretical weaknesses. Power analysis is perhaps the most popular flavour of SCA, but it is certainly not the only one.
It would be beyond the scope of this blog to provide a comprehensive list of all side-channels and attack methodologies. Instead, here are some of the most common SCA targets, together with references to simple but clever attacks:
- Power consumption. The instantaneous power consumption of a device can leak information about the processed value, e.g. its Hamming weight. I recommend Mangard's attack on the AES key schedule as a starting point for those interested in Simple Power Analysis (SPA).
- Execution time. Such attacks exploit data-dependent differences in running time of algorithms. A famous target is the square-and-multiply algorithm used in modular exponentiation, for example Kocher's attack. Fun fact: even a constant-time implementation is vulnerable to power attacks.
- Electromagnetic radiation. Apparently, it's rather tricky to get the measurements right for this one, but once that's done -- the attack methodology is similar to Power Attacks. Here's the most cited paper dealing with EMR.
- Other. There is no limit to what can constitute a target for SCA, and that's in part why they are so interesting. Here's some more ideas:
- an acoustic attack on RSA,
- an attack that uses visible light emitted from computer LED (light-emitting diodes),
- a smudge attack on smart phone touch screens,
- an attack exploiting error messages, also known as padding oracle attack
Writing the above, I realise how it could be unsettling to know or to find out that there are so many loopholes. SCA is very much a cat-and-mouse game, and researchers usually recommend ways to avoid the signaled vulnerabilities.