Side-Channel Attack Threat Analysis
Version: 1.0
Last Updated: 2025-01-02
Security Classification: PUBLIC
Overview
Side-channel attacks extract information through physical implementation characteristics rather than breaking the mathematical algorithm. These attacks monitor power consumption, electromagnetic emissions, acoustic emanations, or other observable phenomena.
Attack Categories
Power Analysis
- Simple Power Analysis (SPA): Direct observation of power traces
- Differential Power Analysis (DPA): Statistical analysis of power consumption
- Correlation Power Analysis (CPA): Template-based attacks
- High-Order DPA: Combining multiple leakage points
Electromagnetic Analysis
- Near-field EM: Direct emanations from circuits
- Far-field EM: Radiated emissions (TEMPEST)
- EM Injection: Active fault injection
Acoustic Cryptanalysis
- CPU/Coil whine: Frequency-dependent operations
- Keyboard acoustics: Keystroke recognition
- Printer acoustics: Document reconstruction
Optical Emissions
- Photonic emissions: From transistor switching
- LED indicators: Status information leakage
- Screen reflections: Visual information capture
Vulnerability Assessment
| Attack Type | Equipment Cost | Expertise Required | Detection Difficulty | Impact |
|---|---|---|---|---|
| Timing | Low | Low | Hard | High |
| Simple Power | Medium | Medium | Hard | High |
| Differential Power | High | High | Very Hard | Critical |
| EM Emissions | Medium | Medium | Hard | High |
| Acoustic | Low | Low | Medium | Medium |
| Fault Injection | High | High | Easy | Critical |
Countermeasures
Hardware Level
- Power line filtering: Reduce signal leakage
- Shielding: Faraday cages, EM shielding
- Noise generation: Mask real operations
- Dual-rail logic: Balanced power consumption
Algorithm Level
- Masking: Boolean, arithmetic, or multiplicative
- Shuffling: Randomize operation order
- Blinding: Randomize intermediate values
- Dummy operations: Hide real operations
Protocol Level
- Fresh randomness: Per-operation randomization
- Key refresh: Limit key usage
- Threshold implementations: Split computations
Implementation Guidelines
class SideChannelProtection:
"""Side-channel countermeasures"""
def implement_masking(self, sensitive_value, mask):
"""Boolean masking example"""
masked_value = sensitive_value ^ mask
# Process masked_value
result_masked = process(masked_value)
# Unmask result
result = result_masked ^ output_mask
return result
def implement_shuffling(self, operations):
"""Random execution order"""
import random
indices = list(range(len(operations)))
random.shuffle(indices)
for i in indices:
execute(operations[i])
Testing and Validation
Test Methodologies
- TVLA (Test Vector Leakage Assessment): Statistical testing
- CRI (Correlation Radio Immunity): EM resistance testing
- Chi-squared tests: Distribution analysis
- Information theoretic metrics: Mutual information analysis
Tools and Frameworks
- ChipWhisperer: Hardware security research platform
- ELMO: Power simulator
- ASCOLD: Leakage detection
- NICV: Normalized Inter-Class Variance
Real-World Attacks
- RSA-CRT (Bellcore): Fault attack on RSA
- DES Challenge: DPA on smartcards
- ECDSA PlayStation 3: Poor randomness exploitation
- AES Cache Timing: Various implementations
Standards and Compliance
- Common Criteria: EAL4+ requires side-channel resistance
- FIPS 140-3: Level 3+ requires DPA countermeasures
- EMVCo: Payment card side-channel requirements
- BSI AIS 31: Random number generator requirements