Side-Channel Attacks (SCA) Explained: Timing, Power, and Electromagnetic Eavesdropping

Introduction

Side-Channel Attacks (SCAs) are a type of attack that exploits unintended information leakage from the physical execution of a cryptographic algorithm, rather than attacking the mathematical strength of the algorithm itself. In this blog post, we will delve into the world of SCAs, exploring the concepts of timing, power, and electromagnetic eavesdropping attacks, and discussing their implications for cryptographic security.

Timing Attacks

Timing attacks are a type of SCA that monitor the time taken for a cryptographic operation to complete. This can be achieved by measuring the time taken for a device to perform a specific operation, such as encrypting or decrypting data. By analyzing these timing measurements, an attacker can infer information about the secret key being used.

For example, consider an attacker who is trying to guess the value of a 128-bit secret key. The attacker can measure the time taken for the device to encrypt a message using the key, and then use this information to narrow down the possible key values.

Example: Timing Attack on AES

Here is an example of a timing attack on AES:

def aes_encrypt(plaintext, key):
    # Encrypt the plaintext using AES
    cipher = AES.new(key, AES.MODE_ECB)
    ciphertext = cipher.encrypt(plaintext)
    return ciphertext

def measure_time(key):
    # Measure the time taken to encrypt a message
    start_time = time.time()
    aes_encrypt("Hello, World!", key)
    end_time = time.time()
    return end_time - start_time

key = os.urandom(16)  # Generate a random key
time_taken = measure_time(key)
print("Time taken:", time_taken)

In this example, the measure_time function measures the time taken to encrypt a message using a given key. By analyzing the time taken, an attacker can infer information about the key being used.

Power Analysis

Power analysis is another type of SCA that monitors the power consumption of a device during a cryptographic operation. This can be achieved by measuring the power consumption of a device using a power meter or a oscilloscope. By analyzing the power consumption patterns, an attacker can infer information about the secret key being used.

For example, consider an attacker who is trying to guess the value of a 128-bit secret key. The attacker can measure the power consumption of the device during the encryption process, and then use this information to narrow down the possible key values.

Example: Power Analysis on RSA

Here is an example of a power analysis attack on RSA:

import numpy as np

def rsa_encrypt(plaintext, key):
    # Encrypt the plaintext using RSA
    n = key[0]
    e = key[1]
    ciphertext = pow(plaintext, e, n)
    return ciphertext

def measure_power(plaintext, key):
    # Measure the power consumption during encryption
    power_consumption = []
    for i in range(256):
        ciphertext = rsa_encrypt(plaintext, key)
        power_consumption.append(measure_power_meter())
    return power_consumption

key = (os.urandom(16), os.urandom(16))  # Generate a random key
power_consumption = measure_power("Hello, World!", key)
print("Power consumption:", power_consumption)

In this example, the measure_power function measures the power consumption of the device during the encryption process. By analyzing the power consumption patterns, an attacker can infer information about the key being used.

Electromagnetic Eavesdropping

Electromagnetic eavesdropping is a type of SCA that monitors the electromagnetic radiation emitted by a device during a cryptographic operation. This can be achieved by using an oscilloscope or a magnetic field sensor to measure the electromagnetic radiation emitted by the device. By analyzing the electromagnetic radiation patterns, an attacker can infer information about the secret key being used.

For example, consider an attacker who is trying to guess the value of a 128-bit secret key. The attacker can measure the electromagnetic radiation emitted by the device during the encryption process, and then use this information to narrow down the possible key values.

Example: Electromagnetic Eavesdropping on ECDSA

Here is an example of an electromagnetic eavesdropping attack on ECDSA:

import numpy as np

def ecdsa_sign(message, key):
    # Sign the message using ECDSA
    x = key[0]
    y = key[1]
    r = pow(message, x, y)
    s = pow(r, y, x)
    return r, s

def measure_emf(message, key):
    # Measure the electromagnetic radiation during signing
    emf = []
    for i in range(256):
        r, s = ecdsa_sign(message, key)
        emf.append(measure_emf_meter())
    return emf

key = (os.urandom(16), os.urandom(16))  # Generate a random key
emf = measure_emf("Hello, World!", key)
print("EMF:", emf)

In this example, the measure_emf function measures the electromagnetic radiation emitted by the device during the signing process. By analyzing the electromagnetic radiation patterns, an attacker can infer information about the key being used.

Conclusion

Side-Channel Attacks (SCAs) are a type of attack that exploits unintended information leakage from the physical execution of a cryptographic algorithm. Timing, power, and electromagnetic eavesdropping attacks are all types of SCAs that can be used to infer information about the secret key being used. By understanding these types of attacks, cryptographic developers can take steps to prevent them, such as using countermeasures like randomization and masking.