Side channel attacks utilize implementation-specific characteristics such as time delays, power consumptions or electromagnetic radiation. Since these attacks are implementation specific, physical implementation of the cipher is very critical, even tiny changes may result in big differences in security.
Timing attacks and power analysis are important types of side channel attacks. In timing attacks, the time taken to execute various steps in algorithms is analyzed. In power analysis, the attacker uses the varying power consumption of a cryptographic hardware device during computation and tries to find information about the state of the device. Other types of side channel attacks; fault, electromagnetic, acoustic, visible light, error message, cache based, frequency based, scan based attacks are summarized in the paper "Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing" by Zhou and Feng.
To avoid side channel attacks in stream ciphers, apart from implementation issues, it is advised not to use building blocks such as stuttering phase in Sober-t32 and repeated manipulations of same bytes as in key schedule of RC4.
Timing attacks and power analysis are important types of side channel attacks. In timing attacks, the time taken to execute various steps in algorithms is analyzed. In power analysis, the attacker uses the varying power consumption of a cryptographic hardware device during computation and tries to find information about the state of the device. Other types of side channel attacks; fault, electromagnetic, acoustic, visible light, error message, cache based, frequency based, scan based attacks are summarized in the paper "Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing" by Zhou and Feng.
To avoid side channel attacks in stream ciphers, apart from implementation issues, it is advised not to use building blocks such as stuttering phase in Sober-t32 and repeated manipulations of same bytes as in key schedule of RC4.
No comments:
Post a Comment