Traditional cryptanalysis has focused predominantly on exploiting underlying algorithms and/or protocols used to encrypt data. Even though an encryption scheme may be theoretically secure, it still may be possible to decrypt data using information obtained regarding the execution of a cryptographic algorithm. Information obtained from the operation of a cryptographic device, such as a computer or smart card, that may be used to identify and/or deduce secret information is called side-channel leakage.
Many different techniques have been developed to obtain and exploit side-channel leakage including timing attacks, power attacks, and fault generation; however, side-channel information may also be obtained through more direct means. For example, probe attacks may be used to read secret information on the bus of a processor by attaching conductors to circuits of the processor. When a cryptographic algorithm is using a secret key to perform an operation, that secret key (e.g., a personal identification number (PIN)) may be loaded into a data cache. An attacker could use probes to either passively or actively determine the secret key as the data is loaded into the cache. Using knowledge about the underlying cryptographic algorithm, a probe attack may be used to identify secret information by identifying instructions and/or data loaded into a cache.
A smart card may contain confidential information (e.g., social security number, credit card numbers, account numbers, date of birth) and may even contain stored value that resembles cash. The data stored on the smart card can be protected by a PIN using standard cryptographic methods. An attacker, using knowledge of the underlying cryptographic algorithms, may be able to exploit that knowledge and view the confidential information by watching data cross the bus as the data is loaded from memory into the cache. Additionally, data obtained using a probe attack may be combined with timing and power analysis data to effectively defeat the security of the smart card.
By exploiting side-channel leakage, an attacker may be able to compromise the security of cryptographic devices even though the underlying algorithms and protocols used by these devices are theoretically secure.