In 1943, engineers at Bell Labs discovered that typing on a teletype machine would change the readings on a nearby oscilloscope. They recognized that electromagnetic emissions could enable smart attackers to extract sensitive information from a system by some means other than the intended input and output channels — a so-called “side-channel attack.”
What Is a Side-Channel Attack?
In a side-channel attack, a hacker attempts to assess the state of a system and its data through the physical properties of the device. By analyzing electromagnetic emissions, hackers can intercept data before it’s encrypted or potentially decipher a cryptographic algorithm.
Such attacks are a very real threat to modern computer equipment. In 2016, a team at Tel Aviv University published a paper describing an attack in which a decryption key could be extracted from an offline laptop in another room. The attack could be carried out in seconds by intercepting the electromagnetic emissions produced by the decryption process.
What Are Common Side-Channel Attack Vulnerabilities and Techniques?
Side-channel attacks exploit vulnerabilities in computer systems. They leverage the fact that systems use more power when executing complex commands, and hard drives and monitors emit different electric signals depending on the information being read, stored, or displayed. Here are five of the most common side-channel attacks.
Electromagnetic Side-Channel Attack
Hackers can eavesdrop on systems by measuring and analyzing their electromagnetic emissions. In 1985, computer researcher Wim Van Eck documented a side-channel attack involving electromagnetic emissions, which became known as “Van Eck phreaking.”
Simple Power Analysis (SPA)
In a SPA attack, a hacker observes the power consumption of a chip to determine the type of function that is being performed. In 2020, researchers demonstrated an attack that exploits an interface that monitors the energy consumption of CPUs. It would allow remote access to sensitive data on systems with Intel and AMD chips with unprecedented accuracy.
Differential Power Analysis (DPA)
DPA attacks look for variations in power consumption or electromagnetic emissions by comparing multiple traces and applying signal processing and error correction to overcome “noise.” Given enough datasets, hackers can gather very precise information about the functioning of the target system.
Timing Attack
In a timing attack, the hacker analyzes the time required to execute cryptographic algorithms to aid in cryptanalysis. The success of a timing attack depends upon the system design, CPU, implementation, and other variables.
Template Attack
Template attacks are a type of profile attack in which the hacker creates a “template” of the target system by analyzing a similar device. These types of attacks require a lot of preparation but can be highly successful with only a small number of traces from the target system.
Side-Channel Attack Countermeasures and Protection
Any organization that stores or processes highly sensitive data should take measures to address side-channel attack vulnerabilities and protect itself from potentially catastrophic damage. There are three main types of countermeasures.
Block Electromagnetic Emissions
Electromagnetic emissions can be blocked using signal-attenuating materials such as copper, aluminum, or steel. Power line conditioning and filtering are often used in conjunction with this technique.
“Jam” Signals with “Noise”
Artificially generated noise forces the hacker to collect more traces in order to analyze the emissions. However, this technique isn’t always effective against DPA attacks.
Use Blinding Techniques
Altering the system’s output or introducing random delays in the timing of algorithms can prevent hackers from obtaining information.
Enconnex Shielded Cabinets
Enconnex partners with best-in-class, government-approved manufacturers to deliver high-performance RF/EMI-shielded enclosure solutions. Designed to achieve significant signal attenuation across wide frequency ranges, these enclosures are available in both standard cabinet and wall-mounted configurations. They combine a compact, lightweight footprint with UL-listed construction, integrated thermal management, and flexible customization to meet the unique demands of each deployment. Connect with our team to explore how we can support your RF/EMI shielding requirements with proven, scalable solutions.
Contact Enconnex today to learn more.