Differential Power Analysis
Differential Power Analysis takes multiple traces of two sets of data, and then computes the difference of the average of these traces.
If the difference is close to zero, then the two sets are not correlated, and if the power-value (typically ≥ 0.05) is higher, correlation can be assumed to be possible. By leveraging faster hardware and common sense, the difficult-to-solve 128-bit AES key can be broken into 16 bytes, where each byte can be solved individually.
Testing each byte requires only 28, or 256 attempts, which means it would only take 16 x 256 or 4,096 attempts to be able to decipher the entire encryption key. This is another attack that was once the preserve of state-backed intelligence operations.
Optical Attacks
Like other side channel attacks, these range from the relatively simple (eavesdropping on a monitor via reflections) through to complex (communicating with an infected device via LED blinks). In a more hi-tech optical attack, lasers can be used to both read key strokes and inject faults that are later read to deduce the cryptographic key being sought.
Side Channel Attacks in General
Many of these attacks can be used to leverage other attacks, thus gaining more information about the target. If you are working in a high security environment, you will already know many of the ways to mitigate against these types of attacks. This is way many secure facility employ TEMPEST surveys. Regardless if you are working in a secure facility or not, there is chance someone is after your data and you need to look into ways to protect yourself.
The only way to fully protect against side channel attacks is to use your digital devices in a room buried deep underground, accessed by a long tunnel with shielded doors, lined with a Faraday cage, and running off of your own portable power supply. Luckily, very few people are in a position where the data they are working with is quite this sensitive. We are far more likely to fall victim to the “soft” end of side-channel access — BLE beacon powered advertising and the like, so rest easy.
Sources: medium.com
Edited by Mario Vulcano
10 July 2021 at 20:47
Very much like HF dual-diversity reception.
LikeLike
13 July 2021 at 16:28
Here’s an interesting horror story from the pages of Tempest/TSCM history. Although it took place roughly 40 years ago, it highlights a key part of information security – the importance of maintaining secure custody of everything used to process sensitive information, not just cryptographic items.
In this case, the weak link was the IBM Selectric typewriters used in the U.S.
Embassy in Moscow in the 1970s and 80s. Unlike the security provided for cryptographic items, the typewriters were shipped to the embassy as office furniture. That gave Soviet inspectors access when the shipment cleared customs, giving KGB operatives just enough time to install a cleverly designed bug in some of the typewriters.
The bug functioned as a key logger, recording electrical impulses associated with keystrokes for later broadcast on command to a KGB listening post. It is estimated that these devices installed on 16 IBM Selectrics in the Moscow embassy and Leningrad consulate broadcast everything typed on them from 1976 until their discovery in 1984 [1].
Once discovered, NSA mounted a major effort to remove the devices and analyze their workings. You can find a declassified story of that effort, known as Project GUNMAN, in pdf form on the web. [2] For a good technical description of the bug, see the Crypto Museum website [3]
——————————–
1. Excerpt from “Learning from the Enemy: The GUNMAN Project”
National Cryptologic Foundation website
https://cryptologicfoundation.org/event/2020/07/23/1595480400/1984-gunman-project-found-typewriter-implants-in-u-s-embassy-in-moscow-
2. Maneki, Sharon “Learning from the Enemy: The Gunman Project”
Declassified report in pdf form
Click to access nsa-gunman.pdf
3. Crypto Museum “IBM Selectric Bug
Operation GUNMAN – how the Soviets bugged IBM typewriters”
https://www.cryptomuseum.com/covert/bugs/selectric/
LikeLike