Category
Category
Stay Connected
Receive the latest articles and
content straight to your mailbox
Subscribe Here!
What Is a Side-Channel Attack & What Countermeasures Exist?
| Categories: Radio Frequency (RF) Shielding
In 1943, engineers at Bell Labs discovered that typing on a teletype machine would change the readings on a nearby oscilloscope. They recognized that electromagnetic emissions could enable smart attackers to extract sensitive information from a system by some means other than the intended input and output channels — a so-called “side-channel attack.”
What Is a Side-Channel Attack?
In a side-channel attack, a hacker attempts to assess the state of a system and its data through the physical properties of the device. By analyzing electromagnetic emissions, hackers can intercept data before it’s encrypted or potentially decipher a cryptographic algorithm.
Such attacks are a very real threat to modern computer equipment. In 2016, a team at Tel Aviv University published a paper describing an attack in which a decryption key could be extracted from an offline laptop in another room. The attack could be carried out in seconds by intercepting the electromagnetic emissions produced by the decryption process.
What Are Common Side-Channel Attack Vulnerabilities & Techniques?
Side-channel attacks exploit vulnerabilities in computer systems. They leverage the fact that systems use more power when executing complex commands, and hard drives and monitors emit different electric signals depending on the information being read, stored, or displayed. Here are five of the most common side-channel attacks.
Electromagnetic Side-Channel Attack
Hackers can eavesdrop on systems by measuring and analyzing their electromagnetic emissions. In 1985, computer researcher Wim Van Eck documented a side-channel attack involving electromagnetic emissions, which became known as “Van Eck phreaking.”
Simple Power Analysis (SPA)
In a SPA attack, a hacker observes the power consumption of a chip to determine the type of function that is being performed. In 2020, researchers demonstrated an attack that exploits an interface that monitors the energy consumption of CPUs. It would allow remote access to sensitive data on systems with Intel and AMD chips with unprecedented accuracy.
Differential Power Analysis (DPA)
DPA attacks look for variations in power consumption or electromagnetic emissions by comparing multiple traces and applying signal processing and error correction to overcome “noise.” Given enough datasets, hackers can gather very precise information about the functioning of the target system.
Timing Attack
In a timing attack, the hacker analyzes the time required to execute cryptographic algorithms to aid in cryptanalysis. The success of a timing attack depends upon the system design, CPU, implementation, and other variables.
Template Attack
Template attacks are a type of profile attack in which the hacker creates a “template” of the target system by analyzing a similar device. These types of attacks require a lot of preparation but can be highly successful with only a small number of traces from the target system.
Side-Channel Attack Countermeasures & Protection
Any organization that stores or processes highly sensitive data should take measures to address side-channel attack vulnerabilities and protect itself from potentially catastrophic damage. There are three main types of countermeasures.
Block Electromagnetic Emissions
Electromagnetic emissions can be blocked using signal-attenuating materials such as copper, aluminum, or steel. Power line conditioning and filtering are often used in conjunction with this technique.
“Jam” Signals with “Noise”
Artificially generated noise forces the hacker to collect more traces in order to analyze the emissions. However, this technique isn’t always effective against DPA attacks.
Use Blinding Techniques
Altering the system’s output or introducing random delays in the timing of algorithms can prevent hackers from obtaining information.
The DefenseShield™ RF-Shielded Rack from Enconnex
The Enconnex DefenseShield RF Shielded Rack is constructed from aerospace-grade shielded aluminum to effectively block electromagnetic and RF interference. All the seams and penetrations of the cabinet are shielded using copper-nickel gaskets for maximum protection. DefenseShield provides 85dB of attenuation at frequencies ranging from 1MHz to 10GHz. It also features a robust power line filter to mitigate the risk of power analysis side-channel attacks.
DefenseShield provides granular, sectionalized signal and physical security for up to 400 devices, and can be scaled to meet growing requirements by simply adding more racks. Its standard footprint, 42U height (customizable), and lightweight build make it easy to integrate into any data center environment. Ten powerful, long-life fans provide 235 CFM of airflow each to quickly dissipate heat in dense configurations.
Side-channel attacks exploit the natural electromagnetic emissions of IT equipment to intercept highly sensitive data. The DefenseShield RF-Shielded Rack delivers military-grade protection against side-channel attacks for high-security environments.
Posted by Alex Zhang on March 31, 2022
Alex has 10+ years of experience working in the data center and material science industries. He currently serves as product manager at Enconnex for our real device testing and RF shielded product lines. Previously, he managed our sheet metal products. He has his MSEE degree from Northwest Polytechnic University and holds numerous professional certifications.