Side-channel Attacks

This post will give you an introduction to Side-channel Attacks by looking at some common vulnerabilities and concrete attacks that try to exploit those.
But first: What actually is a Side-channel attack in general?

A Side-channel Attack is an attack on a system, most probably a “secure” system, that does extract secret data by using special properties of the implementation rather that direct access by brute-force or theoretical weaknesses.
You often try to derive the information by looking at properties that are maybe only indirectly coupled to the data. Most of the time those properties are of a physical nature, like time, magentic fields or accoustic waves but sometimes more abstract events like interrupts or traps of a CPU or MMU can be used.

Continue reading