Thu. Mar 28th, 2024

Content Assessment: Cryptographically Secure? The Threat of Side-Channel Analysis

Information - 91%
Insight - 93%
Relevance - 90%
Objectivity - 92%
Authority - 91%

91%

Excellent

A short percentage-based assessment of the qualitative benefit of the recently published research paper on non-invasive side-channel analysis threats to cryptographic security.

Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.


Background Note: This paper presents the theoretical background and the state of the art in the area of non-invasive passive side-channel attacks. The authors map the history of this field and provide both a theoretical and practical overview. They also present a systematic classification of both side-channel attacks and side-channel countermeasures and describe these. Therefore, the publication can serve as a good starting point for new side-channel researchers, as well as a universal reference. Based on this comprehensive survey, the information and descriptions in this research may be beneficial for cybersecurity, information governance, and legal discovery professionals seeking to better understand and address cryptographic security threats


Research Paper*

A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis

By Petr Socha, Vojtech Miskovsky, and Martin Novotny

Abstract

Side-channel analysis has become a widely recognized threat to the security of cryptographic implementations. Different side-channel attacks, as well as countermeasures, have been proposed in the literature. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. In this paper, we provide a comprehensive survey regarding the non-invasive passive side-channel analysis. We describe both non-profiled and profiled attacks, related security metrics, countermeasures against such attacks, and leakage-assessment methodologies, as available in the literature of more than twenty years of research.

Introduction

In the past few decades, computer systems and communication networks have become an essential part of our everyday lives. Various computing devices are used not only as tools for many professionals but also for entertainment. These devices include embedded devices, such as payment cards, biometric passports, smart cars, trains, or whole cities, and even medical devices like pacemakers. Being surrounded by devices connected to the Internet, our private lives are endangered more than ever.

Special attention must therefore be given to ensure security of computer systems and their users. Various measures are employed to achieve confidentiality, integrity, availability, and non-repudiation of data with efficiency, ease of use, and cost in mind. Nowadays, widely used algorithms, such as Rijndael/AES or RSA are considered secure from the cryptoanalytic point of view. However, their implementations may leak sensitive information through the cryptographic device’s side channels, potentially compromising the entire system.

Side-channel attacks exploit the data-dependent side channels, such as power consumption of the cryptographic device or its electromagnetic radiation, in order to extract secret information such as cipher keys. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. Various countermeasures have been proposed to prevent such attacks. Masking is a widely used technique based on randomization of the processed data making it difficult to exploit the leakage. Hiding is another common approach, which aims to conceal the exploitable leakage in either side-channel signal amplitude or time. Recent real-world attack examples show that uncompromising protection and testing of embedded cryptographic implementations is necessary.

This paper presents the theoretical background and the state of the art in the area of non-invasive passive side-channel attacks. We map the history of this field and provide both a theoretical and practical overview. We present a systematic classification of both side-channel attacks and side-channel countermeasures and describe these. Therefore, our publication can serve as a good starting point for new side-channel researchers, as well as a universal reference.

Read the original article.


Read the Complete Report: A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis (PDF) – Mouseover to Scroll

A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis

* Published with permission under Creative Commons Attribution 4.0 International license rights.

Reference: Socha, Petr & Miskovsky, Vojtech & Novotný, Martin. (2022). A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis. Sensors. 22. 10.3390/s22218096. 

Additional Reading

Source: ComplexDiscovery

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.