According to ISO/IEC 29192-1:2012, a side-channel attack is an “attack based on information gained from the physical implementation of a cryptosystem.” Which of the following is not one of the information sources exploited to initiate side-channel attacks?
A. Timing information
B. Power consumption
C. Electromagnetic and acoustic emissions
D. Theoretical weaknesses of ciphers
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Theoretical weaknesses of ciphers.
Side-channel attacks are attacks to physical cryptosystems by collecting and exploiting physical-level information, such as:
- Power consumption
- Timing information
- Electromagnetic emissions
- Acoustic (sound) emissions
However, attacks based on brute force or theoretical weaknesses in the underlying algorithms don’t belong to side-channel attacks.

Source: Side-channel attacks
Timing Information
In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms.
Source: Wikipedia
Electromagnetic Emissions
Electromagnetic noise emitted from running computer displays modulates information about the picture frames being displayed on screen. Attacks have been demonstrated on eavesdropping computer displays by utilising these emissions as a side-channel vector.
Source: Accuracy Enhancement of Electromagnetic Side-Channel Attacks on Computer Monitors
Fault Injection

Source: A Versatile Framework for Implementation Attacks on Cryptographic RFIDs and Embedded Devices
The following video, made by the Center for Information Technology Policy (CITP) at Princeton University, “describes the attacks that result from the remanence of encryption keys in DRAM after power loss.”
TEMPEST and EMSEC
TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions) is a U.S. National Security Agency specification and a NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers both methods to spy upon others and how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).
While much of TEMPEST is about leaking electromagnetic emanations, it also encompasses sounds and mechanical vibrations. For example, it is possible to log a user’s keystrokes using the motion sensor inside smartphones.
Compromising emissions are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed (side-channel attack), may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment.
Source: Wikipedia
Reference
- Side-Channel Attack
- Crypto Can Be Cracked … Through Walls
- CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds
- Accuracy Enhancement of Electromagnetic Side-Channel Attacks on Computer Monitors
- Side-channel attacks
- Application System Design Group
- Power analysis
- Breaking Korea Tansit Card with SideChannel Analysis Attack – Unauthorized recharging
- Side-Channel Attacks on Smart Cards
- STELLAR: A Generic EM Side-Channel Attack Protection through Ground-Up Root-cause Analysis
- Understanding Timing diagrams of digital systems
- Embedded system timing analysis basics: Part 1 – Timing is essential
- QUARTUS II Timing Analysis
- A Versatile Framework for Implementation Attacks on Cryptographic RFIDs and Embedded Devices
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
根據ISO/IEC 29192-1:2012的定義,側通道(side-channel)攻擊是“從實體加密系統的實作中獲取信息所發起的攻擊”。 以下哪個不是被用來發起側通道攻擊的信息來源之一?
A.時序(timing)信息
B.耗電量
C.電磁和聲波的訊號溢出
D.密碼學的理論弱點
Pingback: Side-Channel Attack by Wentz Wu, CISSP-ISSMP,ISSAP,ISSEP/CCSP/CSSLP/CISM/CISA/CEH/PMP/CBAPWentz Wu