Side-channel attack | EPFL Graph Search

Are you an EPFL student looking for a semester project?

Work with us on data science and visualisation projects, and deploy your project as an app on top of GraphSearch.

In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorithm itself (e.g. flaws found in a cryptanalysis of a cryptographic algorithm) or minor, but potentially devastating, mistakes or oversights in the implementation. (Cryptanalysis also includes searching for side-channel attacks.) Timing information, power consumption, electromagnetic leaks, and sound are examples of extra information which could be exploited to facilitate side-channel attacks. Some side-channel attacks require technical knowledge of the internal operation of the system, although others such as differential power analysis are effective as black-box attacks. The rise of Web 2.0 applications and software-as-a-service has also significantly raised the possibility of side-channel attacks on the web, even when transmissions between a web browser and server are encrypted (e.g. through HTTPS or WiFi encryption), according to researchers from Microsoft Research and Indiana University. Attempts to break a cryptosystem by deceiving or coercing people with legitimate access are not typically considered side-channel attacks: see social engineering and rubber-hose cryptanalysis. General classes of side-channel attack include: Cache attack — attacks based on attacker's ability to monitor cache accesses made by the victim in a shared physical system as in virtualized environment or a type of cloud service. Timing attack — attacks based on measuring how much time various computations (such as, say, comparing an attacker's given password with the victim's unknown one) take to perform. Power-monitoring attack — attacks that make use of varying power consumption by the hardware during computation. Electromagnetic attack — attacks based on leaked electromagnetic radiation, which can directly provide plaintexts and other information.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (25)

Related people (7)

Related units (1)

Related concepts (19)

Related courses (2)

Related lectures (27)

COM-501: Advanced cryptography

This course reviews some failure cases in public-key cryptography. It introduces some cryptanalysis techniques. It also presents fundamentals in cryptography such as interactive proofs. Finally, it pr

COM-401: Cryptography and security

This course introduces the basics of cryptography. We review several types of cryptographic primitives, when it is safe to use them and how to select the appropriate security parameters. We detail how

Attacks on some post-quantum cryptographic protocols: The case of the Legendre PRF and SIKE

Novak Kaluderovic

Post-quantum cryptography is a branch of cryptography which deals with cryptographic algorithms whose hardness assumptions are not based on problems known to be solvable by a quantum computer, such as

EPFL2022

Horizontal side-channel full key recovery on ephemeral SIKE

Aymeric Genet, Novak Kaluderovic, Natacha Yolande Emmanuel Marie Linard de Guertechin

This paper describes the first practical single-trace side-channel power analysis of SIKE. The attack exploits the nature of elliptic curve point addition formulas which require the same function to b

2021

Side-channel attacks on SIKE

Natacha Yolande Emmanuel Marie Linard de Guertechin

This thesis presents, firstly, an introduction to the current state of the art in isogeny-based cryptography, and secondly, a side-channel differential power analysis of SIKE—an isogeny-based key exch

2020

Cryptography

Cryptography, or cryptology (from κρυπτός "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others.

Side-channel attack

Timing attack

In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input. Finding secrets through timing information may be significantly easier than using cryptanalysis of known plaintext, ciphertext pairs.

Cryptanalysis: Public-Key COM-501: Advanced cryptography

Explores cryptanalysis in public-key cryptography, covering attacks, algorithms, and security models.

Raccoon Attack on TLS 1.2 COM-506: Student seminar: security protocols and applications

Explores the Raccoon Attack, a timing attack on TLS-DH(E) that exploits most significant bit oracles.

Trusted Computing: Confidentiality, Integrity, and Side-Channel Attacks COM-402: Information security and privacy

Explores trusted computing, confidentiality, integrity, and side-channel attacks, emphasizing real-world examples and the challenges of ensuring security.