An Overview Of Side-Channel Attacks In Cybersecurity
By Tom Seest
Side-channel attacks in cybersecurity leverage extra information that is leaked from computer protocols and algorithms due to their implementation. This includes timing data, power consumption, electromagnetic leaks, and sound recordings – you name it!
Timing-based attacks are one of the most widespread. They take advantage of differences in algorithm execution due to certain values being passed between buses and registers at different times.
This photo was taken by Gül Işık and is available on Pexels at https://www.pexels.com/photo/modern-city-with-river-on-cloudy-day-4402271/.
Table Of Contents
Side-channel attacks are a type of cybersecurity incident that takes advantage of vulnerabilities in hardware and software. These assaults can be used to circumvent various encryption mechanisms, granting attackers access to private information.
Timing attacks are the most basic type of side-channel attacks. First published at CRYPTO’96 by Paul Kocher, they provide an effective means to break a cryptographic algorithm if it relies on how long it takes to process a secret value. This technique has been applied to numerous applications such as RSA and ElGamal but can also be utilized against more general ones like web servers.
Timing attacks involve monitoring the execution time of an encryption function and statistically analyzing this timing data. Many attacks have been developed that utilize this technique in order to recover secret values from algorithms.
An attacker can quickly calculate the number of bits in an RSA key by timing how long it takes to execute a square-and-multiply algorithm used for modular exponentiation. Since this length depends linearly on the number of ‘1’ bits present, timing different RSA keys could provide valuable information about their composition.
Timing isn’t the only method attackers have for extracting secret information from an application. Power monitoring attacks also exist, which take advantage of variations in device power consumption during computation to access sensitive information.
Another technique is a cache monitoring attack. These attacks take advantage of the fact that web servers store data in their computer’s memory and can access multiple locations simultaneously. A malicious actor could then analyze this cache data by observing how often it is read from and written to certain locations.
These attacks are especially effective against servers that don’t implement isochronous operations or tasks that run at a constant speed regardless of a secret value. To protect against this, encryption and decryption functions can be “blinded” so they have identical performance regardless of which secret value is being used; however, this step comes at the cost of blinding yourself from valuable secrets.
This photo was taken by Ahmet Polat and is available on Pexels at https://www.pexels.com/photo/modern-ships-sailing-on-canal-in-old-city-4463878/.
The power grid is a vast, intricate system that needs special protection from cyber attacks. Unfortunately, it’s difficult to make these devices and systems secure simply by following current best-practices; many crucial parts weren’t designed with security in mind, creating an expansive attack surface for cybercriminals who could potentially gain access to devices and their networks.
These devices are highly vulnerable to cyber attacks that could disrupt power grid operations and harm consumers. Some of these attacks may be initiated by human behavior or other security vulnerabilities, such as spear-phishing, manipulated downloads, and unauthorized access to local network infrastructure.
For instance, a determined attacker could break into a substation and steal engineering drawings and power flow models. This would enable cybercriminals to launch denial-of-service attacks against PCN networks by overloading them with malicious traffic. Not only would this have an adverse impact on grid operations, but it could potentially cause physical damage depending on how well-guarded the substation is physically.
To prevent side-channel attacks, physical defenses like Faraday cages are often recommended. These block electromagnetic emissions that could penetrate into a device’s internals, decreasing its ability to resist side-channel attacks.
Another way to prevent side-channel attacks is by using special shielding on displays and other sensitive electronics. This can reduce the risk of TEMPEST attacks, which could damage displays or other electronic devices by exposing them to EMF radiation (a type of radiation detectable by humans).
Some side-channel attacks are relatively straightforward, while others require a more sophisticated skillset. Differential power analysis, for example, is one such side-channel that can be employed to obtain secret keys by measuring power consumption measurements from cryptographic operations performed on vulnerable smart cards or other hardware.
These attacks take advantage of biases in microprocessor power consumption while performing cryptographic operations. By analyzing these measurements, an attacker can correlate the power consumption to the key being used for these operations and extract both the secret key and other crucial information from them. This technique is difficult to defend against since it even works on measurements with very little noise.
This photo was taken by Ahmet Polat and is available on Pexels at https://www.pexels.com/photo/modern-cruise-ship-sailing-on-river-4463883/.
Cache monitoring attacks are a type of side-channel attack that utilizes measurements about the CPU cache to extract secret information. These measurements could include how often a computer accesses a certain memory address or how long it takes to read data from that address.
Cache monitoring attacks differ from other side-channel attacks in that they target cryptographic algorithms themselves. Cache monitoring attacks target the implementation of algorithms and software which leak sensitive information, making it easier for malicious actors to access private information without alerting their victims.
For instance, an attacker who can identify the memory addresses used by a cryptographic algorithm to retrieve its keys can monitor that data in order to uncover those keys. This allows them to obtain a cryptographic key with just one access and without any user interaction required.
These techniques are powerful and effective yet difficult to execute. To protect against them, additional software and hardware countermeasures must be employed.
Another challenge is that side-channel attacks can be conducted on a variety of platforms, including cloud infrastructures. This is because many platforms employ shared hardware which could be exploited for such attacks.
Therefore, companies must comprehend these attacks and take steps to prevent them from occurring in their environments. Furthermore, companies can implement detection techniques that enable real-time protection against such attacks.
In order to execute a side-channel attack on an environment, the attacker must ensure that both the target program and its victim share the same hardware device. This can be accomplished through various techniques, such as resource interference or network information gathering.
In a cloud computing environment, it’s especially crucial that both attacker and victim programs reside on the same machine. Doing so makes side-channel attacks possible since attackers can utilize similar hardware devices as the victim program.
This photo was taken by Ahmet Polat and is available on Pexels at https://www.pexels.com/photo/cityscape-with-illuminated-bridge-over-river-and-old-district-in-evening-4463900/.
A side-channel attack in cybersecurity involves observing indirect measurements of computation to attempt to recover its secret value (like a cryptographic key). Popular indirect measurements include the power used during computation, time taken for it, and electromagnetic emissions produced.
The earliest side-channel attacks were electromagnetic, such as the van Eck phreaking attack that could reconstruct information from computer screen radiation. Nowadays, attackers attempt to measure the cryptographic operations of a system in an effort to derive secret keys.
In 2004, Adi Shamir and Eran Tromer presented their research on acoustic cryptanalysis at Eurocrypt, demonstrating that it was possible to distinguish memory access patterns and CPU operations by analyzing the sound emitted by certain computers during RSA decryption and signature processes. Subsequently, Shamir and Tromer demonstrated how these same acoustic emissions could be utilized for timing attacks against CPUs performing cryptographic operations.
They then went on to demonstrate that they could extract full 4096-bit RSA keys from GnuPG using only sound produced during the decryption of selected ciphertexts. They did this using either a mobile phone placed next to their laptop or by placing a more sensitive microphone at a distance of four meters away.
These experiments were performed on several laptops and revealed that the acoustic emissions from each machine could distinguish memory access patterns and CPU operations. This made it simpler to locate specific cryptographic functions, with most cases leading to the discovery of secret keys through acoustic cryptanalysis.
Acoustic cryptanalysis is an emerging type of side-channel attack in cybersecurity. This involves listening to sounds generated by computer keyboards and internal computer components, as well as printers and electromechanical cipher machines.
Acoustic attacks were designed to circumvent encryption and are now used by many nation-state intelligence agencies and police forces such as the FBI. To use them effectively, sophisticated machine learning models must be utilized along with enough training data to differentiate between key press sounds and others, making them difficult for most people to defeat. They have also been employed creatively in systems where the output of computations cannot be seen – such as blind SQL injection attacks.
This photo was taken by Ahmet Polat and is available on Pexels at https://www.pexels.com/photo/cityscape-with-residential-buildings-and-bridge-over-river-4463903/.