Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.
To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.
Background Note: This paper presents the theoretical background and the state of the art in the area of non-invasive passive side-channel attacks. The authors map the history of this ﬁeld and provide both a theoretical and practical overview. They also present a systematic classiﬁcation of both side-channel attacks and side-channel countermeasures and describe these. Therefore, the publication can serve as a good starting point for new side-channel researchers, as well as a universal reference. Based on this comprehensive survey, the information and descriptions in this research may be beneficial for cybersecurity, information governance, and legal discovery professionals seeking to better understand and address cryptographic security threats
A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis
By Petr Socha, Vojtech Miskovsky, and Martin Novotny
Side-channel analysis has become a widely recognized threat to the security of cryptographic implementations. Different side-channel attacks, as well as countermeasures, have been proposed in the literature. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. In this paper, we provide a comprehensive survey regarding the non-invasive passive side-channel analysis. We describe both non-profiled and profiled attacks, related security metrics, countermeasures against such attacks, and leakage-assessment methodologies, as available in the literature of more than twenty years of research.
In the past few decades, computer systems and communication networks have become an essential part of our everyday lives. Various computing devices are used not only as tools for many professionals but also for entertainment. These devices include embedded devices, such as payment cards, biometric passports, smart cars, trains, or whole cities, and even medical devices like pacemakers. Being surrounded by devices connected to the Internet, our private lives are endangered more than ever.
Special attention must therefore be given to ensure security of computer systems and their users. Various measures are employed to achieve conﬁdentiality, integrity, availability, and non-repudiation of data with efﬁciency, ease of use, and cost in mind. Nowadays, widely used algorithms, such as Rijndael/AES or RSA are considered secure from the cryptoanalytic point of view. However, their implementations may leak sensitive information through the cryptographic device’s side channels, potentially compromising the entire system.
Side-channel attacks exploit the data-dependent side channels, such as power consumption of the cryptographic device or its electromagnetic radiation, in order to extract secret information such as cipher keys. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. Various countermeasures have been proposed to prevent such attacks. Masking is a widely used technique based on randomization of the processed data making it difﬁcult to exploit the leakage. Hiding is another common approach, which aims to conceal the exploitable leakage in either side-channel signal amplitude or time. Recent real-world attack examples show that uncompromising protection and testing of embedded cryptographic implementations is necessary.
This paper presents the theoretical background and the state of the art in the area of non-invasive passive side-channel attacks. We map the history of this ﬁeld and provide both a theoretical and practical overview. We present a systematic classiﬁcation of both side-channel attacks and side-channel countermeasures and describe these. Therefore, our publication can serve as a good starting point for new side-channel researchers, as well as a universal reference.
Reference: Socha, Petr & Miskovsky, Vojtech & Novotný, Martin. (2022). A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis. Sensors. 22. 10.3390/s22218096.
The post Cryptographically Secure? The Threat of Side-Channel Analysis appeared first on ComplexDiscovery.