What is a side channel attack? How these end-runs around encryption put everyone at risk

Oh, look! A van across the street.

Side channel attack definition

So, you want to break cryptography.

Brute force attacks on cryptography could take billions of years, which no one has to spare. Maybe you live in a country where rubber hose cryptography is, shall we say, frowned upon. Hacking a target's endpoint is an option, but what if you get caught? Better to use an attack that leaves no forensic traces behind.

Enter side channel attacks. A side channel attack breaks cryptography by using information leaked by cryptography, such as monitoring the electromagnetic field (EMF) radiation emitted by a computer screen to view information before it's encrypted in a van Eck phreaking attack, aka Transient Electromagnetic Pulse Emanation STandard (TEMPEST). Other well-known side channel attacks include spying on the power consumption of an electronic device to steal an encryption key, or acoustic attacks that record the sound of a user's key strokes to steal their passphrase.

These side channel attacks are not theoretical and have been known about for decades. The oldest, and most common, and used by intelligence agencies and police around the world, is the park your van across the street from the victim and spy on their computer screens using a TEMPEST attack.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!