display | more...

A class of cryptanalytic attacks that involves the use of side-channel information, i.e. information obtainable from the physical implementation of the cryptosystem as opposed to the mathematical properties of the cryptosystem, which is what traditional cryptanalysis has focused on. Real-world implementations of cryptosystems are messy things. They take extra time with different keys, emit incriminating electromagnetic radiation, use extra power for different values of cryptographic state, and are used by people who can be bribed, tricked, or tortured. These can all be exploited to reveal the key or plaintext that might otherwise be unrecoverable. Examples of side-channel attacks include Van Eck phreaking, timing analysis, differential power analysis, and differential fault analysis. It may be correct to lump social engineering, rubber-hose cryptanalysis and purchase-key attacks among these as well. These techniques used to be considered cheating by more traditional-minded cryptanalysts, but is now considered to be very important, as it is now recognized that cryptosystems are really more than just mathematical objects and should be treated as such.

These attacks are typically much more powerful than traditional mathematical attacks, but require that certain conditions be present in the implementation of the system, and in most cases, physical access to the system as well.

A very large example of a side-channel attack in deployment today by the US Government is TEMPEST. Van Eck Phreaking on a truly massive scale.

Log in or register to write something here or to contact authors.