Editing Side-channel attack (section)

{{short description|Any attack based on information gained from the implementation of a computer system}}
{{redirect|Side channels|the yoga concept|Nadi (yoga)#Side channels|interactive television services|Red Button (digital television)}}
[[File:Power attack.png|thumb|An attempt to decode [[RSA (algorithm)|RSA]] key bits using [[power analysis]]. The left pulse represents the CPU power variations during the step of the [[Exponentiation by squaring|algorithm]] without multiplication, the broader right pulse – step with multiplication, allowing an attacker to read bits 0, 1.]]

In [[computer security]], a '''side-channel attack''' is any attack based on extra information that can be gathered because of the fundamental way a [[computer protocol]] or [[algorithm]] is [[Implementation#Computer science|implemented]], rather than flaws in the design of the protocol or algorithm itself (e.g. flaws found in a [[cryptanalysis]] of a [[cryptography|cryptographic algorithm]]) or minor, but potentially devastating, [[software bug|mistakes or oversights in the implementation]]. (Cryptanalysis also includes searching for side-channel attacks.) Timing information, power consumption, [[electromagnetic radiation|electromagnetic]] leaks, and [[acoustic cryptanalysis|sound]] are examples of extra information which could be exploited to facilitate side-channel attacks.

Some side-channel attacks require technical knowledge of the internal operation of the system, although others such as [[differential power analysis]] are effective as [[Black-box testing|black-box]] attacks. The rise of [[Web 2.0]] applications and [[software-as-a-service]] has also significantly raised the possibility of side-channel attacks on the web, even when transmissions between a web browser and server are encrypted (e.g. through [[HTTPS]] or [[WiFi]] encryption), according to researchers from [[Microsoft Research]] and [[Indiana University]].<ref>{{cite journal|url=http://research.microsoft.com/pubs/119060/WebAppSideChannel-final.pdf|title=Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow|journal=Microsoft Research|publisher=IEEE Symposium on Security & Privacy 2010|date=May 2010|author1=Shuo Chen|author2=Rui Wang|author3=XiaoFeng Wang|author4=Kehuan Zhang|name-list-style=amp|access-date=2011-12-16|archive-date=2016-06-17|archive-url=https://web.archive.org/web/20160617004603/http://research.microsoft.com/pubs/119060/WebAppSideChannel-final.pdf|url-status=live}}</ref> 

Attempts to break a cryptosystem by deceiving or coercing people with legitimate access are not typically considered side-channel attacks: see [[social engineering (security)|social engineering]] and [[rubber-hose cryptanalysis]].
 
General classes of side-channel attack include:

* [[Cache timing attack|Cache attack]] &mdash; attacks based on attacker's ability to monitor [[Cache (computing)|cache]] accesses made by the victim in a shared physical system as in virtualized environment or a type of cloud service.
* [[Timing attack]] &mdash; attacks based on measuring how much time various computations (such as, say, comparing an attacker's given password with the victim's unknown one) take to perform.
* [[Power analysis|Power-monitoring attack]] &mdash; attacks that make use of varying power consumption by the hardware during computation.
* [[Electromagnetic attack]] &mdash; attacks based on leaked electromagnetic radiation, which can directly provide plaintexts and other information.  Such measurements can be used to infer cryptographic keys using techniques equivalent to those in power analysis or can be used in non-cryptographic attacks, e.g. [[Tempest (codename)|TEMPEST]] (aka [[van Eck phreaking]] or radiation monitoring) attacks.
* [[Acoustic cryptanalysis]] &mdash; attacks that exploit sound produced during a computation (rather like power analysis).
* [[Differential fault analysis]] &mdash; in which secrets are discovered by introducing faults in a computation.
* [[Data remanence]] &mdash; in which sensitive data are read after supposedly having been deleted. (e.g. [[Cold boot attack]])
* Software-initiated fault attacks &mdash; Currently a rare class of side channels, [[Row hammer]] is an example in which off-limits memory can be changed by accessing adjacent memory too often (causing state retention loss).
* [[Whitelist]] &mdash; attacks based on the fact that the whitelisting devices will behave differently when communicating with whitelisted (sending back the responses) and non-whitelisted (not responding to the devices at all) devices. Whitelist-based side channel may be used to track Bluetooth MAC addresses.
* Optical - in which secrets and sensitive data can be read by visual recording using a high resolution camera, or other devices that have such capabilities (see examples below).

In all cases, the underlying principle is that physical effects caused by the operation of a [[cryptosystem]] (''on the side'') can provide useful extra information about secrets in the system, for example, the [[cryptographic key]], partial state information, full or partial [[plaintext]]s and so forth. The term cryptophthora (secret degradation) is sometimes used to express the degradation of secret key material resulting from side-channel leakage.