In this article, we are going to talk about the side-channel attack. We will discuss how this attack works and how it could be dangerous. First of all, in a cryptography side-channel attack is based on a physical system that means a physical system is attacked by an attacker by implementing a computer system near that physical system. The system could be any system that works on electronic signals. After that, he monitors the different behaviors of the system, monitor different things, and uses the information that he gains from the monitoring system to exploit that system and compromise that system.
After the attacker gets access to the system then he can do anything with it. He can get all of the sensitive data.
Different aspects for Side-Channel Attack
There are different aspects to perform a successful side-channel attack.
Any attacker implements his computer system near the physical system on which he wants to perform a side-channel attack then he monitors the power consumption of that physical system, which method the physical system is using to consume the power, how it emits the power, how it emits the radiations and how it works. He monitors all of its details then he tries to exploit it and get access to it.
Timing monitoring means an attacker monitors the different times of the physical system that he wants to exploit. He wants to know how much time it takes to perform specific tasks like brute-forcing etc. How much time it takes to process it and also monitor how it processes it. He collects the information that he gains from the timing monitoring.
Any machine that conducts electric current emits electromagnetic signals. In this type, you can get a lot of information like credentials in plain text. If the physical system emits electromagnetic radiation then the attacker gets information from that system. It is possible that he gets a lot of information in plain text. He collects that information and tries to compromise the system. Even the sound obtained from the physical system can also give important information.
I mean to say that sound, power consumption, electromagnetic waves, and electromagnetic radiations are the terms, and the information obtained from these terms is collected and an attacker performs a side-channel attack with the help of the information obtained from these terms.
How Side-channel attack is possible?
A side-channel attack is not only possible for ATM machines or for telephones. It can be performed on machines that emit electromagnetic signals or terms that we discussed above. It cloud be an ATM machine, telephone exchange, any server, or a system. There are two reasons for a side-channel attack to be possible.
- Information that emits from the machine and the relation of side-channel is the possible reason for the side-channel attack to be successfully performed. This means the information is emitting from the side-channel.
- The second thing is depending on the type of information emitting from the side-channel. It could be sensitive information, login credentials, and passwords. An attacker can use this information to damage a system.
These are the two main reasons for a side-channel attack.
Classes of Side-channel attack
There are different types or classes of side-channel attacks.
It is the first class of side-channel attacks. Cache attack is based on the monitoring of the cache memory of the system. An attacker monitors the cache memory of the physical system and collects the information that he gets and uses this information to exploit that system.
As we discussed previously that timing information can be very useful for a side-channel attack. In a timing attack, the attacker monitors the various computations of the target system that how much time it takes to perform specific tasks like a password that is wrong for the target system and collect that information for later use.
In a power-monitoring attack, an attacker monitors the power consumption hardware of the target and collects some information to perform that attack.
In an electromagnetic attack, an attacker monitors the electromagnetic radiations, he can get some plain text information by monitoring the electromagnetic radiations. He can also use this information in non-cryptographic attacks.
Countermeasures for Side-channel attack
The reasons for side-channel can also be used as countermeasures for this attack. We discuss the relation of side-channel and the information that emits from the system.
- If we decrease the size of the information that emits from the system then this attack will not be possible.
- If we break the relation of side-channel and the leakage of information then this attack will not be possible.
Basically, it’s a cryptographic attack that means it is used to exploit the cryptographic system of the target machine. It is used in ATM hacking or for other physical systems to get the sensitive details.