Skip to main content
SpringerLink
Log in

Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks are well established within the cybersecurity domain, and thus their cyber-physical systems are actively defended with countermeasures. Non-cyber systems are equally as vulnerable to side-channel attacks; however, this is largely unrecognised and therefore countermeasures to defend them are limited. This paper surveys side-channel attacks against non-cyber systems and investigates the consequent security and privacy ramifications. Side-channel attack techniques rely on respective side-channel properties in order to succeed; therefore, countermeasures that disrupt each side-channel property are identified, effectively thwarting the side-channel attack. This principle is captured within a countermeasure algorithm: a systematic and extensible approach to identifying candidate countermeasures for non-cyber systems. We validate the output of this process by showing how the candidate countermeasures could be applied in the context of each non-cyber system and in the real world. This work provides an extensible platform for translating cybersecurity-derived side-channel attack research into defending systems from non-cyber domains.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. In this paper, the acronym CYB refers to cybersecurity and side-channel attacks on computing systems. The term non-CYB still focuses on security and side-channel attacks but where the systems are non-computational (or non-cyber) in nature.

References

  1. Standaert, F.-X., Malkin, T. G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Advances in Cryptology - EUROCRYPT 2009. pp. 443–461. Springer, Berlin Heidelberg, (2009)

  2. Spreitzer, R., Moonsamy, V., Korak, T., Mangard, S.: Systematic classification of side-channel attacks: A case study for mobile devices. IEEE Commun. Surv. Tutorials 20(1), 465–488 (2018)

    Article  Google Scholar 

  3. Giechaskiel, I., Rasmussen, K.: Taxonomy and challenges of out-of-band signal injection attacks and defenses. IEEE Commun. Surv. Tutorials 22(1), 645–670 (2020)

    Article  Google Scholar 

  4. Spence, A., Bangay, S.: Side-channel sensing: Exploiting side-channels to extract information for medical diagnostics and monitoring. IEEE J. Transl. Eng. Health Med. 8, 1–13 (2020)

    Article  Google Scholar 

  5. Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. Springer, Berlin (1999)

    Book  Google Scholar 

  6. Martinovic, I., Davies, D., Frank, M., Perito, D., Ros, T., Song, D.: On the feasibility of side-channel attacks with brain-computer interfaces. In: USENIX Security Symposium, pp. 143–158 (2012)

  7. Lange, J., Massart, C., Mouraux, A., Standaert, F.-X.: Side-channel attacks against the human brain: The pin code case study. In: Guilley, S. (ed.) Constructive Side-Channel Analysis and Secure Design, pp. 171–189. Springer International Publishing, Cham (2017)

    Chapter  Google Scholar 

  8. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards, vol. 31. Springer Science & Business Media, Berlin (2008)

    MATH  Google Scholar 

  9. Standaert, F.-X.: Introduction to Side-Channel Attacks. I. M. R. Verbauwhede, (Ed.) Springer-Verlag GmbH, Boston, MA (2010)

  10. Genkin, D., Pachmanov, L., Pipman, I., Tromer, E.: ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs. In: Cryptographers’ Track at the RSA Conference, pp. 219–235. Springer, (2016)

  11. Yang, B., Wu, K., Karri, R.: Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: 2004 International Test Conference, pp. 339–344. IEEE Computer Society, Washington, DC, USA (Oct 2004)

  12. Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)

    Article  Google Scholar 

  13. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Cryptographic Hardware and Embedded Systems - CHES 2002, Springer. Springer, Berlin Heidelberg, pp. 13–28, (2003)

  14. Le, T.-H., Canovas, C., Clédiere, J.: An overview of side channel analysis attacks. In: Proceedings of the 2008 ACM symposium on Information, computer and communications security. pp. 33–43, ACM, (2008)

  15. Timon, B.: Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Trans Cryptogr. Hardware Embedded Syst., pp. 107–131, (2019)

  16. Greveler, U., Justus, B., Loehr, D.: Multimedia content identification through smart meter power usage profiles. In: Proceedings of the International Conference on Information and Knowledge Engineering (IKE), p. 1. (2012)

  17. Chhetri, S.R., Faruque, M.A.A.: Side-channels of cyber-physical systems: case study in additive manufacturing. IEEE Design Test 34(4), 18–25 (2017)

    Article  Google Scholar 

  18. Benadjila, R., Prouff, E., Strullu, R., Cagli, E., Dumas, C.: Study of deep learning techniques for side-channel analysis and introduction to ascad database. ANSSI, France & CEA, LETI, MINATEC Campus, France, vol. 22, p. 2018, (2018)

  19. Fan, J., Guo, X., Mulder, E.D., Schaumont, P., Preneel,B., Verbauwhede, I.: State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 76–87. IEEE, (2010)

  20. Genkin, D., Shamir, A., Tromer, E.: Rsa key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) Advances in Cryptology - CRYPTO 2014, pp. 444–461. Berlin, Heidelberg, Springer Berlin Heidelberg (2014)

    Chapter  Google Scholar 

  21. Biswas, A.K., Ghosal, D., Nagaraja, S.: A survey of timing channels and countermeasures. ACM Comput. Surv. 50(1), 1–39 (2017)

    Article  Google Scholar 

  22. Wang, C., Wang, X., Long, Z., Yuan, J., Qian, Y., Li, J.: Estimation of temporal gait parameters using a wearable microphone-sensor-based system. Sensors 16(12), 2167 (2016)

    Article  Google Scholar 

  23. Hettwer, B., Gehrer, S., Güneysu, T.: Applications of machine learning techniques in side-channel attacks: a survey. J. Cryptogr. Eng., pp. 1–28, (2019)

  24. Ding, X., Nassehi, D., Larson, E.C.: Measuring oxygen saturation with smartphone cameras using convolutional neural networks. IEEE J. Biomed. Health Inform. 23(6), 2603–2610 (2019)

    Article  Google Scholar 

  25. Giallanza, T., Siems, T., Smith, E., Gabrielsen, E., Johnson, I., Thornton, M.A., Larson, E.C.: Keyboard snooping from mobile phone arrays with mixed convolutional and recurrent neural networks. Proc. ACM Interact. Mobile Wearable Ubiquitous Technol. 3(2), 1–22 (2019)

    Article  Google Scholar 

  26. Garg, R., Hajj-Ahmad, A., Wu, M.: Geo-location estimation from electrical network frequency signals. In: 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 2862–2866, (2013)

  27. Eriksson, J., Girod, L., Hull, B., Newton, R., Madden, S., Balakrishnan, H.: The pothole patrol: using a mobile sensor network for road surface monitoring. In: Proceedings of the 6th international conference on Mobile systems, applications, and services. pp. 29–39, ACM, (2008)

  28. Sanyal, S., Nundy, K.K.: Algorithms for monitoring heart rate and respiratory rate from the video of a user’s face. IEEE J. Transl. Eng. Health Med. 6, 1–11 (2018)

  29. Adib, F., Mao, H., Kabelac, Z., Katabi, D., Miller, R.C.: Smart homes that monitor breathing and heart rate. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems - CHI ’15. Seoul, pp. 837–846. ACM Press, Republic of Korea (2015)

  30. Wangwiwattana, C., Ding, X., Larson, E.C.: PupilNet, measuring task evoked pupillary response using commodity RGB tablet cameras. Proc. ACM Interact. Mobile Wearable Ubiquitous Technol. 1(4), 1–26 (2018)

    Article  Google Scholar 

  31. Adib, F., Katabi, D.: See through walls with WiFi! ACM SIGCOMM Comput. Commun. Rev. 43(4), 75–86 (2013)

    Article  Google Scholar 

  32. Davis, A., Rubinstein, M., Wadhwa, N., Mysore, G.J., Durand, F., Freeman, W.T.: The visual microphone: Passive recovery of sound from video. ACM Trans. Graph. 33(4), 79:1–79:10, (2014). [Online]. Available: http://doi.acm.org/10.1145/2601097.2601119

  33. Lindell, D.B., Wetzstein, G., O’Toole, M.: Wave-based non-line-of-sight imaging using fast fk migration. ACM Trans. Graph. (TOG) 38(4), 1–13 (2019)

  34. Ming-Zher, P., McDuff, D.J., Picard, R.W.: Advancements in noncontact, multiparameter physiological measurements using a Webcam. Biomed. Eng. IEEE Trans. on 58(1), 7–11 (2011)

    Article  Google Scholar 

  35. Kim, H.-G., Cheon, E.-J., Bai, D.-S., Lee, Y.H., Koo, B.-H.: Stress and heart rate variability: a meta-analysis and review of the literature. Psychiatry Investig. 15(3), 235 (2018)

  36. Duran, G., Tapiero, I., Michael, G.A.: Resting heart rate: A physiological predicator of lie detection ability. Physiol Behav, 186, 10–15, (2018). [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0031938418300027

  37. Zhu, Y., Xiao, Z., Chen, Y., Li, Z., Liu, M., Zhao, B. Y., Zheng, H.: Adversarial wifi sensing. CoRR, 2018. [Online]. Available: arXiv:1810.10109

  38. Yang, J., Zou, H., Jiang, H., Xie, L.: Device-free occupant activity sensing using wifi-enabled iot devices for smart homes. IEEE Internet Things J. 5(5), 3991–4002 (2018)

    Article  Google Scholar 

  39. Eldib, H., Wang, C.: Synthesis of masking countermeasures against side channel attacks. In: Biere, A., Bloem, R. (eds.) Computer Aided Verification, pp. 114–130. Springer International Publishing, Cham (2014)

    Chapter  Google Scholar 

  40. Guri, M., Solewicz, Y., Daidakulov, A., Elovici, Y.: Acoustic data exfiltration from speakerless air-gapped computers via covert hard-drive noise (’diskfiltration’). In: European Symposium on Research in Computer Security, pp. 98–115. Springer, (2017)

  41. Tuyls, P., Schrijen, G.-J., Škorić, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2006, pp. 369–383. Berlin, Heidelberg, Springer Berlin Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Acknowledgements

The authors thank the anonymous reviewers for their invaluable feedback on this work.

Author information

Authors and Affiliations

  1. Deakin University, Geelong, 3216, Australia

    Aaron Spence & Shaun Bangay

Authors
  1. Aaron Spence
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shaun Bangay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aaron Spence.

Ethics declarations

Conflicts of interest

All authors declare that they have no conflict of interest

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Spence, A., Bangay, S. Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures. Int. J. Inf. Secur. 21, 437–453 (2022). https://doi.org/10.1007/s10207-021-00563-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-021-00563-6

Keywords

Search

Navigation