Side-Channel Attack
SecurityAn attack exploiting physical information leakage (power, timing, electromagnetic emissions) rather than cryptographic weaknesses.
Side-Channel Attack
A side-channel attackside-channel attackSecurityAttack via physical information leakage.Click to view → is a class of security exploit that extracts secret information from a cryptographic device by observing its physical behavior rather than attacking the mathematical properties of the algorithm. In the context of smart cards, side channels include power consumption, electromagnetic emissions, timing variations, and even acoustic emanations. These attacks are a primary concern in smart card security design and a central focus of Common Criteria evaluations.
Types of Side-Channel Attacks
| Attack Type | Observable | Target |
|---|---|---|
| SPA/DPA | Power consumption | Cryptographic key extraction |
| Electromagnetic Analysis (EMA) | EM field emissions | Same as SPA/DPASPA/DPASecurityPower analysis side-channel attacks.Click to view → but at distance |
| Timing Analysis | Execution time variations | Key bits, PIN values |
| Fault Injection | Induced computation errors | Bypass security checks, extract keys |
| Cache Timing | Memory access patterns | Keys in shared-cache environments |
| Photonic Emission | Infrared light from transistors | Gate-level observation (lab attack) |
Why Smart Cards Are Vulnerable
Smart cards are particularly susceptible to side-channel attacks because the attacker has direct physical access to the device. Unlike a remote server where only network traffic is observable, a smart card can be:
- Connected to an oscilloscope measuring power draw at nanosecond resolution
- Placed near an EM probe capturing electromagnetic emissions
- Subjected to voltage glitches or laser pulses (fault injection)
- Operated at controlled temperatures to amplify signal-to-noise ratios
The constrained processing environment of a smart card (8-32 bit CPU, limited memory) also means fewer resources are available for implementing countermeasures compared to a general-purpose processor.
Defense-in-Depth Countermeasures
Modern Secure Element chips employ a layered defense strategy:
- Algorithmic countermeasures: Masking, blinding, shuffling to randomize intermediate values
- Hardware countermeasures: Dual-rail logic, glitch detectors, voltage/frequency monitors, active shield mesh
- Protocol countermeasures: Limited retry counters, session key rotation, mutual authentication
- Environmental sensors: Temperature, light, and voltage monitors that trigger zeroization on anomaly detection
The JIL (Joint Interpretation Library) provides a standardized methodology for evaluating a chip's resistance to side-channel attacks during Common Criteria certification. Smart card chips intended for payment (EMV) or identity (ePassport) applications must demonstrate resistance to attackers with "high attack potential" (AVA_VAN.5).
Related Content
자주 묻는 질문
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.