Skip to main content

Home Side-channel attack

Side-channel attack

(also format string vulnerability, FS attack)

Side-channel attack definition

A side-channel attack (SCA) is a type of cybersecurity attack that can cause information leaks and theft. A side-channel attack is conducted by analyzing or measuring different physical parameters such as execution time, supply currents, power consumption, and electromagnetic emissions.

Side-channel attacks are focused on attacking hardware instead of software. They steal data indirectly, which is the opposite of what most cyberattacks do – stealing data directly. Side-channel attacks are passive attacks and don’t require a lot of expensive equipment to work.

With a side-channel attack, an attacker waits until they spot leakage from a hardware device. Then, the attacker targets the leakage with a side-channel attack and extracts sensitive information from it.

See also: active attack, data leakage

Format string attack examples

  • Timing attacks. These attacks analyze and measure the time it takes a system to execute cryptographic algorithms.
  • Simple power analysis (SPA). This analysis monitors the power and electromagnetic variations that a system shows while it is operating.
  • Electromagnetic (EM) attack. This attack measures and analyzes the electromagnetic radiation that a certain device emits.
  • Template attack. This attack exploits identical template devices and compares side-channel data to get access to cryptographic keys that can be used to decrypt connections.
  • Differential power analysis (DPA). This is an analysis that attackers conduct to observe the statistical measurements of several operations.