E Point Perfect
Law \ Legal

Cryptographically Secure? The Threat of Side-Channel Analysis


Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.


Background Note: This paper presents the theoretical background and the state of the art in the area of non-invasive passive side-channel attacks. The authors map the history of this field and provide both a theoretical and practical overview. They also present a systematic classification of both side-channel attacks and side-channel countermeasures and describe these. Therefore, the publication can serve as a good starting point for new side-channel researchers, as well as a universal reference. Based on this comprehensive survey, the information and descriptions in this research may be beneficial for cybersecurity, information governance, and legal discovery professionals seeking to better understand and address cryptographic security threats


Research Paper*

A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis

By Petr Socha, Vojtech Miskovsky, and Martin Novotny

Abstract

Side-channel analysis has become a widely recognized threat to the security of cryptographic implementations. Different side-channel attacks, as well as countermeasures, have been proposed in the literature. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. In this paper, we provide a comprehensive survey regarding the non-invasive passive side-channel analysis. We describe both non-profiled and profiled attacks, related security metrics, countermeasures against such attacks, and leakage-assessment methodologies, as available in the literature of more than twenty years of research.

Introduction

In the past few decades, computer systems and communication networks have become an essential part of our everyday lives. Various computing devices are used not only as tools for many professionals but also for entertainment. These devices include embedded devices, such as payment cards, biometric passports, smart cars, trains, or whole cities, and even medical devices like pacemakers. Being surrounded by devices connected to the Internet, our private lives are endangered more than ever.

Special attention must therefore be given to ensure security of computer systems and their users. Various measures are employed to achieve confidentiality, integrity, availability, and non-repudiation of data with efficiency, ease of use, and cost in mind. Nowadays, widely used algorithms, such as Rijndael/AES or RSA are considered secure from the cryptoanalytic point of view. However, their implementations may leak sensitive information through the cryptographic device’s side channels, potentially compromising the entire system.

Side-channel attacks exploit the data-dependent side channels, such as power consumption of the cryptographic device or its electromagnetic radiation, in order to extract secret information such as cipher keys. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. Various countermeasures have been proposed to prevent such attacks. Masking is a widely used technique based on randomization of the processed data making it difficult to exploit the leakage. Hiding is another common approach, which aims to conceal the exploitable leakage in either side-channel signal amplitude or time. Recent real-world attack examples show that uncompromising protection and testing of embedded cryptographic implementations is necessary.

This paper presents the theoretical background and the state of the art in the area of non-invasive passive side-channel attacks. We map the history of this field and provide both a theoretical and practical overview. We present a systematic classification of both side-channel attacks and side-channel countermeasures and describe these. Therefore, our publication can serve as a good starting point for new side-channel researchers, as well as a universal reference.

Read the original article.


Read the Complete Report: A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis (PDF) – Mouseover to Scroll

A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis


* Published with permission under Creative Commons Attribution 4.0 International license rights.

Reference: Socha, Petr & Miskovsky, Vojtech & Novotný, Martin. (2022). A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis. Sensors. 22. 10.3390/s22218096. 

Additional Reading

Source: ComplexDiscovery

The post Cryptographically Secure? The Threat of Side-Channel Analysis appeared first on ComplexDiscovery.



Source link

Related posts

Litigation at the Forefront of Future Climate Activism

French E. coli outbreak linked to dairy

Government Proposes Federal Contractors and Their Suppliers Disclose GHG Emissions 

SEC Shifts Focus on Employees’ Off-Channel Business Communications to Investment Advisers

Pennsylvania Supreme Court Agrees to Review the Validity of the Regular Use Exclusion

OECD Accepting Comment on Draft Study Report on Applicability of the Key Event Based TG 442D for In Vitro Skin Sensitisation Testing of Nanomaterials