In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing information, power consumption, electromagnetic emanations or even sound can provide an extra source of information which can be exploited to break the system. The German Lorenz cipher machine Cryptography or cryptology is a field of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication. ... Information as a concept bears a diversity of meanings, from everyday usage to technical settings. ... A cryptosystem (or cryptographic system) is the package of all procedures, protocols, cryptographic algorithms and instructions used for encoding and decoding messages using cryptography. ... Flowcharts are often used to represent algorithms. ... Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ... Electric power is the amount of work done by an electric current in a unit time. ... A schematic representation of hearing. ...

Attacks on people using cryptography, which are often the weakest security element, are not typically called side-channel attacks; see social engineering and rubber-hose cryptanalysis. For attacks on computer systems themselves (which are often used to perform cryptography and so contain cryptographic keys, or plaintexts), see computer security. Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. ... In cryptography, rubber-hose cryptanalysis is the extraction of cryptographic secrets from a person by torture, in contrast to a mathematical or technical cryptanalytic attack. ... A key is a piece of information that controls the operation of a cryptography algorithm. ... The plain text term has a different meaning. ... Computer security is a field of computer science concerned with the control of risks related to computer use. ...

Many side-channel attacks require considerable technical knowledge of the internal operation of the system on which the cryptography is implemented.

General

General classes of side channel attack include:

• Timing attack — attacks based on measuring how much time various computations take to perform.
• Architectural side-effect attacks — attacks which take advantage of side-effects of performing a computation on a particular machine architecture (e.g., evicting cache lines).
• Power monitoring attack — attacks which make use of varying power consumption by the hardware during computation.
• TEMPEST (aka van Eck or radiation monitoring) attack — attacks based on leaked electromagnetic radiation which can directly provide plaintexts and other information.
• Acoustic cryptanalysis — attacks which exploit sound produced during a computation (rather like power analysis).

In all cases, the underlying principle is that physical effects caused by the operation of a cryptosystem (on the side) can provide useful extra information about secrets in the system, for example, the cryptographic key, partial state information, full or partial plaintexts and so forth. The term cryptophthora (secret degradation) is sometimes used to express the degradation of secret key material resulting from side channel leakage. In cryptography, a timing attack is a form of side channel attack where the attacker tries to break a cryptosystem by analyzing the time taken to execute cryptographic algorithms. ... In cryptography, power analysis is a form of side channel attack in which the attacker studies the power consumption of a cryptographic hardware device (such as a smart card, tamperproof black box, microchip, etc). ... A tempest is a violent storm. ... Acoustic cryptanalysis is a side channel attack which exploits sounds, audible or not, produced during a computation or input-output operation. ... A key is a piece of information that controls the operation of a cryptography algorithm. ... The plain text term has a different meaning. ...

Examples

A timing attack watches data movement into and out of the CPU, or memory, on the hardware running the cryptosystem or algorithm. Simply by observing how long it takes to transfer key information, it is sometimes possible to determine how long the key is in this instance (or to rule out certain lengths which can also be cryptanalytically useful). Internal operational stages in many cypher implementations provide information (typically partial) about the plaintext, key values and so on, and some of this information can be inferred from observed timings. Alternatively, a timing attack may simply watch for the length of time a cryptographic algorithm requires -- this alone is sometimes enough information to be cryptanalytically useful. CPU redirects here. ... Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ...

A power monitoring attack can provide similar information by observing the power lines to the hardware, especially the CPU. As with a timing attack, considerable information is inferrable for some algorithm implementations under some circumstances.

As a fundamental and inevitable fact of electrical life, fluctuations in current generate radio waves, making whatever is producing the currents subject -- at least in principle -- to a van Eck (aka, TEMPEST) attack. If the currents concerned are patterned in distinguishable ways (typically the case), the radiation can be recorded and used to infer information about the operation of the associated hardware. According to former MI5 officer Peter Wright, the British Security Service analysed emissions from French cipher equipment in the 1960s[1]. In the 1980s, Soviet evesdroppers were known to plant bugs inside IBM Selectric typewriters to monitor the electrical noise generated as the type ball rotated and pitched to strike the paper; the characteristics of those signals could determine which key was pressed^{[citation needed]}. Electromagnetic radiation can be conceptualized as a self propagating transverse oscillating wave of electric and magnetic fields. ... A tempest is a violent storm. ... Current MI5 headquarters in Thames House, London The Security Service, usually called MI5, is the British counter-intelligence and security agency. ... See also Peter Wright (rugby player) and Pete Wright (musician) Peter Wright (born on August 9, 1916 in Chesterfield, Derbyshire, United Kingdom - died April 27, 1995 in Tasmania, Australia) was a former MI5 counterintelligence officer noted for writing the controversial book Spycatcher (ISBN 0670820555), which was part memoir, part expos... The KGB emblem and motto: The sword and the shield KGB (transliteration of КГБ) is the Russian-language abbreviation for State Security Committee, (Russian: ; Komitet Gosudarstvennoy Bezopasnosti). ... A bug is the common name for a covert listening device, usually a combination of a miniature radio transmitter with a microphone. ... The IBM Selectric typewriter (occasionally known as the IBM Golfball typewriter) is the electric typewriter design that brought the typewriter into the electronic age starting in 1961. ...

If the relevant currents are those associated with a display device (ie, highly patterned and intended to produce human readable images), the task is greatly eased. CRT displays use substantial currents to steer their electron beams and they have been 'snooped' in real time with minimum cost hardware from considerable distances (hundreds of meters have been demonstrated). LCDs require, and use, smaller currents and are less vulnerable -- which is not to say they are invulnerable.

Also as an inescapable fact of electrical life in actual circuits, flowing currents heat the materials through which they flow. Those materials also continually lose heat to the environment due to other equally fundamental facts of thermodynamic existence, so there is a continually changing thermally induced mechanical stress as a result of these heating and cooling effects. That stress appears to be the most significant contributor to low level acoustic (ie, noise) emissions from operating CPUs (circa 10 kHz in some cases). Recent research by Shamir et al has demonstrated that information about the operation of cryptosystems and algorithms can be obtained in this way as well. This is an acoustic attack; if the surface of the CPU chip, or in some cases the CPU package, can be observed, infrared images can also provide information about the code being executed on the CPU, known as a thermal imaging attack. Thermodynamics (Greek: thermos = heat and dynamic = change) is the physics of energy, heat, work, entropy and the spontaneity of processes. ... Acoustics is a branch of physics and is the study of sound, mechanical waves in gases, liquids, and solids. ... Adi Shamir at the CRYPTO 2003 conference. ... Image of a small dog taken in mid-infrared (thermal) light (false color) Infrared (IR) radiation is electromagnetic radiation of a wavelength longer than that of visible light, but shorter than that of radio waves. ...

Countermeasures

Because side channel attacks rely on emitted information (for example, electromagnetic emanations) or on relationship information (as in timing and power attacks), the most reasonable methods of countering such attacks is to limit the release of such information or access to those relationships. Displays are now commercially available which have been specially shielded to lessen electromagnetic emissions, defeating or reducing susceptibility to TEMPEST attacks. Power line conditioning and filtering can help with power monitoring attacks, as can some continuous duty UPSes. Physical security of hardware can reduce the risk of surreptitious installation of microphones (to counter acoustic attacks) and other micro-monitoring devices (against CPU power draw or thermal imaging attacks). An uninterruptible power supply, or UPS, is a device or system that maintains a continuous supply of electric power to certain essential equipment that must not be shut down unexpectedly. ...

See also

• Computer surveillance
• Covert channel

Computer surveillance is the act of surveiling peoples computer activity without their knowledge, by accessing the computer itself. ... In information theory, a covert channel is a communications channel that does a writing-between-the-lines form of communication. ...

Additional reading

• An executive summary of side channel attacks, and references (http://www.hbarel.com/Misc/side_channel_attacks.html)
• Introduction to differential Power Analysis and Related attacks, 1998, P Kocker, J Jaffe, D Jun (http://www.cryptography.com/dpa/technical/)
• A cautionary Note Regarding Evaluation fo AES Candidates on Smart Cards, 1999, S Chari, C Jutla, J R Rao, P Rohatgi (http://csrc.nist.gov/encryption/aes/round1/conf2/papers/chari.pdf)
• DES and Differential Power Analysis, L Goubin and J Patarin, in Proceedings of CHES'99, Lecture Notes in Computer Science Nr 1717, Springer-Verlag

External links

• Introduction to Side Channel Attacks, an industrial 'White Paper' report (PDF file)