Chip Security Testing 
Binary Security Analysis 
Contact us
Back to all articles
Chip Security

The history of Side-channel

3 min read
Edit by Pierre-Yvan Liardet • Jan 15, 2024

If you think that the resistance of a cryptographic algorithm relies only on the underlying recognized hard problem, you are wrong! Because we cannot make the necessary computation by ourselves, we need to get it done by an electronic device. This is here that a hacker can break the security!

Against all expectations, the resistance of cryptographic algorithms is not only related to the underlying hard problem evaluated by classical cryptanalysis to establish the difficulty to break the cryptosystem. Indeed, side-channel attacks have emerged as a prominent threat to information security, encompassing a wide range of techniques that exploit unintended information leakage from computing systems.


A bit of history

The history of side-channel attacks can be traced back to the late 20th century when researchers discovered that the physical implementation of cryptographic algorithms could unintentionally reveal valuable information. Rather than targeting the theoretical strength of algorithms, side-channel attacks make use of the “side information” exposed during the cryptographic operation, such as power consumption, electromagnetic radiation, execution timing, or sound emanations.

For example, variations in power consumption patterns during cryptographic operations or electromagnetic radiation emitted by the hardware can provide valuable insights into the computations being performed. Particularly, these side-channels are mostly related with the Hamming Weight (HW) or Hamming Distance (HD) of the intermediate data processed by the algorithm! In side-channel analysis literature, such side information collected during the cryptographic operation (encryption, decryption, signature generation, etc.) is referred to as traces.

Side-channel attacks have proven to be particularly effective against a variety of devices, including smart cards, embedded systems, and even modern CPUs. An unprotected Advanced Encryption Standard (AES) implementation can be broken in minutes by statistical analysis of a few hundred power traces, while there is no known practical attack to AES better than the brute force. Similarly, it is a well-known fact that a careless implementation of RSA reveals the secret exponent just by observing a single power trace.

As side-channel attacks gained attention, researchers and practitioners recognized the need to develop robust countermeasures to mitigate their impact and ensure the confidentiality of sensitive information. Cryptographers and hardware designers have been working to develop techniques that protect against side-channel attacks without compromising performance or usability.

Countermeasures often involve techniques like randomizing the inner computations at the heart of cryptographic algorithm breaking the link between the observable side-channel and the sensible information targeted by the attacker. Implementing cryptographic algorithms must be done with side-channel resistance in mind. It remains an ongoing challenge to address all possible side-channel leakage sources comprehensively. As technology evolves and adversaries refine their techniques, continual research, collaboration, and vigilance are crucial to stay ahead in the ever-evolving landscape of side-channel attacks.



Efficient Tooling for the Side-Channel Analyst

You may have heard about exploits by people equipped with an oscilloscope listening to a target device activity to retrieve some secrets. Depending on the standpoint, these people are called side-channel analysts or hackers.

The following post series explains the setup, data acquisition, signal processing, and attack focusing/variation for applying power/EM side-channel analysis to the attack surface of the target system. Stay tuned!



All articles
Case Studies
Chip Security
Corporate News
Expert Review
Mobile App & Software
Vulnerability Research

you might also be interested in

Vulnerability Research
Corporate News

Introducing esReverse 2024.01 — for Binary Security Analysis

4 min read
Edit by Hugues Thiebeauld • Mar 13, 2024
CopyRights eShard 2024.
All rights reserved
Privacy policy | Legal Notice