Exploiting side-channels in cybersecurity
DOI:
https://doi.org/10.31449/upinf.234Keywords:
cybersecurity, cryptography, cryptanalysisAbstract
When implementing cryptographic primitives in software, we often resort to optimizing the software code in order to reduce additional computation time. Such decisions can have negative consequences on data leakage outside the implementation. Attackers can exploit the additional information generated by the execution of the software solution in a way that gives them additional insights into the operation of the program, the values calculated and access to the data itself. Insights can be gained in the form of execution time, memory access patterns, power consumption, and other seemingly unrelated system parameters. Such attacks are referred to as ``side-channel attacks''.
This paper presents several examples of such attacks and the magnitude of information leakage and how to protect against them. Time-based cryptanalysis, power-based cryptanalysis and its special variant -- video-based cryptanalysis -- and memory-based cryptanalysis are described. A simple timing cryptanalysis attack is used as an example to present the analysis process and the results before and after the implementation of the proposed mitigation.
