side-channel-attack
Table of Contents
1. Overview
Side-channel attacks exploit information leakage from a system's physical implementation, rather than directly exploiting vulnerabilities in algorithms or code.
1.1. Examples:
- Timing Attacks: Measuring how long a system takes to perform cryptographic operations to deduce secret keys (e.g., OpenSSL Heartbleed vulnerability).
- Power Monitoring: Analyzing the power consumption patterns of a device during cryptographic operations to reveal key information.
- Electromagnetic Emanations: Capturing electromagnetic signals emitted by a device to recover sensitive data (e.g., TEMPEST attacks).
1.2. Caveats:
- Physical Proximity: Often require close proximity to the target system.
- Specialized Equipment: May necessitate expensive and sophisticated equipment.
1.3. Mitigation
- deliberate bottlenecks to mask internal differences can be useful (eg: bcrypt's deliberately slow hashing function)