Skip to main content

2019 | OriginalPaper | Buchkapitel

A Taxonomy of Side Channel Attacks on Critical Infrastructures and Relevant Systems

verfasst von : Nick Tsalis, Efstratios Vasilellis, Despina Mentzelioti, Theodore Apostolopoulos

Erschienen in: Critical Infrastructure Security and Resilience

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Information disclosure leads to serious exploits, disruption or damage of critical operations and privacy breaches, both in Critical Infrastructures (CIs) and Industrial Control Systems (ICS) and in traditional IT systems. Side channel attacks in computer security refer to attacks on data confidentiality through information gained from the physical implementation of a system, rather an attack on the algorithm or software itself. Depending on the source and the type of information leakage, certain general types of side channel attacks have been established: power, electromagnetic, cache, timing, sensor-based, acoustic and memory analysis attacks. Given the sensitive nature of ICS and the vast amount of information stored on IT systems, consequences of side channel attacks can be quite significant. In this paper, we present an extensive survey on side channel attacks that can be implemented either on ICS or traditional systems often used in Critical Infrastructure environments. Presented taxonomies try to take into consideration all major publications of the last decade and present them using three different classification systems to provide an objective form of multi-level taxonomy and a potentially profitable statistical approach. We conclude by discussing open issues and challenges in this context and outline possible future research directions.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
2.
Zurück zum Zitat Zhou Y, Feng D (2005) Side-channel attacks: ten years after its publication and the impacts on cryptographic module security testing. IACR Cryptol ePrint Arch 2005:388 Zhou Y, Feng D (2005) Side-channel attacks: ten years after its publication and the impacts on cryptographic module security testing. IACR Cryptol ePrint Arch 2005:388
3.
Zurück zum Zitat Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015). Last-level cache side-channel attacks are practical. In: Security and privacy (SP), 2015 IEEE Symposium on. IEEE, pp 605–622 Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015). Last-level cache side-channel attacks are practical. In: Security and privacy (SP), 2015 IEEE Symposium on. IEEE, pp 605–622
4.
Zurück zum Zitat Gullasch D, Bangerter E, Krenn S (2011) Cache games–bringing access-based cache attacks on AES to practice. In: Security and Privacy (SP), 2011 IEEE Symposium on. IEEE, pp 490–505 Gullasch D, Bangerter E, Krenn S (2011) Cache games–bringing access-based cache attacks on AES to practice. In: Security and Privacy (SP), 2011 IEEE Symposium on. IEEE, pp 490–505
5.
Zurück zum Zitat Guanciale R, Nemati H, Baumann C, Dam M (2016) Cache storage channels: Alias-driven attacks and verified countermeasures. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE, pp 38–55 Guanciale R, Nemati H, Baumann C, Dam M (2016) Cache storage channels: Alias-driven attacks and verified countermeasures. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE, pp 38–55
6.
Zurück zum Zitat Moghimi A, Irazoqui G, Eisenbarth T (2017) CacheZoom: how SGX amplifies the power of cache attacks. In: International conference on cryptographic hardware and embedded systems. Springer, Cham, pp 69–90 Moghimi A, Irazoqui G, Eisenbarth T (2017) CacheZoom: how SGX amplifies the power of cache attacks. In: International conference on cryptographic hardware and embedded systems. Springer, Cham, pp 69–90
7.
Zurück zum Zitat Benger N, Van de Pol J, Smart NP, Yarom Y (2014) “Ooh Aah… Just a Little Bit”: a small amount of side channel can go a long way. In: International workshop on cryptographic hardware and embedded systems. Springer, Berlin/Heidelberg, pp 75–92 Benger N, Van de Pol J, Smart NP, Yarom Y (2014) “Ooh Aah… Just a Little Bit”: a small amount of side channel can go a long way. In: International workshop on cryptographic hardware and embedded systems. Springer, Berlin/Heidelberg, pp 75–92
8.
Zurück zum Zitat Genkin D, Valenta L, Yarom Y (2017) May the fourth be with you: a microarchitectural side channel attack on several real-world applications of Curve25519. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 845–858 Genkin D, Valenta L, Yarom Y (2017) May the fourth be with you: a microarchitectural side channel attack on several real-world applications of Curve25519. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 845–858
9.
Zurück zum Zitat Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM, New York, pp 305–316 Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM, New York, pp 305–316
10.
Zurück zum Zitat Zhang Y, Juels A, Reiter MK, Ristenpart T (2014) Cross-tenant side-channel attacks in PaaS clouds. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 990–1003 Zhang Y, Juels A, Reiter MK, Ristenpart T (2014) Cross-tenant side-channel attacks in PaaS clouds. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 990–1003
11.
Zurück zum Zitat Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, …, Hamburg M (2018) Meltdown. arXiv preprint arXiv:1801.01207 Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, …, Hamburg M (2018) Meltdown. arXiv preprint arXiv:1801.01207
12.
Zurück zum Zitat Zhang Y, Juels A, Oprea A, Reiter MK (2011) Homealone: co-residency detection in the cloud via side-channel analysis. In: 2011 IEEE symposium on security and privacy. IEEE, Piscataway, pp 313–328CrossRef Zhang Y, Juels A, Oprea A, Reiter MK (2011) Homealone: co-residency detection in the cloud via side-channel analysis. In: 2011 IEEE symposium on security and privacy. IEEE, Piscataway, pp 313–328CrossRef
13.
Zurück zum Zitat Irazoqui G, Eisenbarth T, Sunar B (2015) S $ A: a shared cache attack that works across cores and defies VM sandboxing–and its application to AES. In: Security and privacy (SP), 2015 IEEE symposium on. IEEE, Piscataway, pp 591–604CrossRef Irazoqui G, Eisenbarth T, Sunar B (2015) S $ A: a shared cache attack that works across cores and defies VM sandboxing–and its application to AES. In: Security and privacy (SP), 2015 IEEE symposium on. IEEE, Piscataway, pp 591–604CrossRef
14.
Zurück zum Zitat Hund R, Willems C, Holz T (2013) Practical timing side channel attacks against kernel space ASLR. In: 2013 IEEE symposium on security and privacy. IEEE, Piscataway, pp 191–205CrossRef Hund R, Willems C, Holz T (2013) Practical timing side channel attacks against kernel space ASLR. In: 2013 IEEE symposium on security and privacy. IEEE, Piscataway, pp 191–205CrossRef
15.
Zurück zum Zitat Diao W, Liu X, Li Z, Zhang K (2016) No pardon for the interruption: new inference attacks on android through interrupt timing analysis. In: Security and privacy (SP), 2016 IEEE symposium on. IEEE, Piscataway, pp 414–432CrossRef Diao W, Liu X, Li Z, Zhang K (2016) No pardon for the interruption: new inference attacks on android through interrupt timing analysis. In: Security and privacy (SP), 2016 IEEE symposium on. IEEE, Piscataway, pp 414–432CrossRef
16.
Zurück zum Zitat Wang L, Grubbs P, Lu J, Bindschaedler V, Cash D, Ristenpart T (2017) Side-channel attacks on shared search indexes. In: 2017 38th IEEE Symposium on Security and Privacy (SP). IEEE, pp 673–692 Wang L, Grubbs P, Lu J, Bindschaedler V, Cash D, Ristenpart T (2017) Side-channel attacks on shared search indexes. In: 2017 38th IEEE Symposium on Security and Privacy (SP). IEEE, pp 673–692
17.
Zurück zum Zitat Vila P, Köpf B (2017) Loophole: timing attacks on shared event loops in chrome. In USENIX security symposium Vila P, Köpf B (2017) Loophole: timing attacks on shared event loops in chrome. In USENIX security symposium
18.
Zurück zum Zitat Van Goethem T, Joosen W, Nikiforakis N (2015) The clock is still ticking: timing attacks in the modern web. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1382–1393 Van Goethem T, Joosen W, Nikiforakis N (2015) The clock is still ticking: timing attacks in the modern web. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1382–1393
19.
Zurück zum Zitat Meyer C, Somorovsky J, Weiss E, Schwenk J, Schinzel S, Tews E (2014) Revisiting SSL/TLS implementations: new Bleichenbacher side channels and attacks. In: USENIX security symposium, pp 733–748 Meyer C, Somorovsky J, Weiss E, Schwenk J, Schinzel S, Tews E (2014) Revisiting SSL/TLS implementations: new Bleichenbacher side channels and attacks. In: USENIX security symposium, pp 733–748
20.
Zurück zum Zitat Kim TW, Kim TH, Hong S (2017) Breaking Korea transit card with side-channel analysis attack unauthorized recharging. In Black Hat Asia Kim TW, Kim TH, Hong S (2017) Breaking Korea transit card with side-channel analysis attack unauthorized recharging. In Black Hat Asia
21.
Zurück zum Zitat Genkin D, Pipman I, Tromer E (2015) Get your hands off my laptop: physical side-channel key-extraction attacks on PCs. J Cryptogr Eng 5(2):95–112CrossRef Genkin D, Pipman I, Tromer E (2015) Get your hands off my laptop: physical side-channel key-extraction attacks on PCs. J Cryptogr Eng 5(2):95–112CrossRef
22.
Zurück zum Zitat Clavier C, Marion D, Wurcker A (2014) Simple power analysis on AES key expansion revisited. In: International workshop on cryptographic hardware and embedded systems. Springer, Berlin/Heidelberg, pp 279–297MATH Clavier C, Marion D, Wurcker A (2014) Simple power analysis on AES key expansion revisited. In: International workshop on cryptographic hardware and embedded systems. Springer, Berlin/Heidelberg, pp 279–297MATH
23.
Zurück zum Zitat Genkin D, Pachmanov L, Pipman I, Tromer E (2015) Stealing keys from PCs using a radio: cheap electromagnetic attacks on windowed exponentiation. In: International workshop on cryptographic hardware and embedded systems. Springer, Berlin/Heidelberg, pp 207–228MATH Genkin D, Pachmanov L, Pipman I, Tromer E (2015) Stealing keys from PCs using a radio: cheap electromagnetic attacks on windowed exponentiation. In: International workshop on cryptographic hardware and embedded systems. Springer, Berlin/Heidelberg, pp 207–228MATH
24.
Zurück zum Zitat Genkin D, Pachmanov L, Pipman I, Tromer E (2016) ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs. In: Cryptographers’ track at the RSA conference. Springer, Cham, pp 219–235 Genkin D, Pachmanov L, Pipman I, Tromer E (2016) ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs. In: Cryptographers’ track at the RSA conference. Springer, Cham, pp 219–235
25.
Zurück zum Zitat Belgarric P, Fouque PA, Macario-Rat G, Tibouchi M (2016) Side-channel analysis of Weierstrass and Koblitz curve ECDSA on Android smartphones. In: Cryptographers’ track at the RSA conference. Springer, pp 236–252, ChamCrossRef Belgarric P, Fouque PA, Macario-Rat G, Tibouchi M (2016) Side-channel analysis of Weierstrass and Koblitz curve ECDSA on Android smartphones. In: Cryptographers’ track at the RSA conference. Springer, pp 236–252, ChamCrossRef
26.
Zurück zum Zitat Espitau T, Fouque PA, Gérard B, Tibouchi M (2017) Side-channel attacks on BLISS lattice-based signatures: exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1857–1874 Espitau T, Fouque PA, Gérard B, Tibouchi M (2017) Side-channel attacks on BLISS lattice-based signatures: exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1857–1874
27.
Zurück zum Zitat Genkin D, Pachmanov L, Pipman I, Tromer E, Yarom Y (2016) ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1626–1638 Genkin D, Pachmanov L, Pipman I, Tromer E, Yarom Y (2016) ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1626–1638
28.
Zurück zum Zitat Bauer A, Jaulmes E, Lomné V, Prouff E, Roche T (2014) Side-channel attack against RSA key generation algorithms. In: International workshop on cryptographic hardware and embedded systems. Springer, Berlin/Heidelberg, pp 223–241 Bauer A, Jaulmes E, Lomné V, Prouff E, Roche T (2014) Side-channel attack against RSA key generation algorithms. In: International workshop on cryptographic hardware and embedded systems. Springer, Berlin/Heidelberg, pp 223–241
29.
Zurück zum Zitat Genkin D, Shamir A, Tromer E (2014) RSA key extraction via low-bandwidth acoustic cryptanalysis. In: International cryptology conference. Springer, Berlin/Heidelberg, pp 444–461 Genkin D, Shamir A, Tromer E (2014) RSA key extraction via low-bandwidth acoustic cryptanalysis. In: International cryptology conference. Springer, Berlin/Heidelberg, pp 444–461
30.
Zurück zum Zitat Hojjati A, Adhikari A, Struckmann K, Chou E, Tho Nguyen TN, Madan K et al (2016) Leave your phone at the door: side channels that reveal factory floor secrets. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 883–894 Hojjati A, Adhikari A, Struckmann K, Chou E, Tho Nguyen TN, Madan K et al (2016) Leave your phone at the door: side channels that reveal factory floor secrets. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 883–894
31.
Zurück zum Zitat Faruque A, Abdullah M, Chhetri SR, Canedo A, Wan J (2016) Acoustic side-channel attacks on additive manufacturing systems. In: Proceedings of the 7th international conference on cyber-physical systems. IEEE Press, New York, p 19 Faruque A, Abdullah M, Chhetri SR, Canedo A, Wan J (2016) Acoustic side-channel attacks on additive manufacturing systems. In: Proceedings of the 7th international conference on cyber-physical systems. IEEE Press, New York, p 19
32.
Zurück zum Zitat Bosman E, Razavi K, Bos H, Giuffrida C (2016) Dedup est machina: memory deduplication as an advanced exploitation vector. In: 2016 IEEE symposium on security and privacy (SP). IEEE, Los Alamitos, pp 987–1004CrossRef Bosman E, Razavi K, Bos H, Giuffrida C (2016) Dedup est machina: memory deduplication as an advanced exploitation vector. In: 2016 IEEE symposium on security and privacy (SP). IEEE, Los Alamitos, pp 987–1004CrossRef
33.
Zurück zum Zitat Wang W, Chen G, Pan X, Zhang Y, Wang X, Bindschaedler V et al (2017) Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 2421–2434 Wang W, Chen G, Pan X, Zhang Y, Wang X, Bindschaedler V et al (2017) Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 2421–2434
34.
Zurück zum Zitat Xu Z, Bai K, Zhu S (2012) Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the fifth ACM conference on security and privacy in wireless and mobile network. ACM, New York, pp 113–124 Xu Z, Bai K, Zhu S (2012) Taplogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the fifth ACM conference on security and privacy in wireless and mobile network. ACM, New York, pp 113–124
35.
Zurück zum Zitat Cai L, Chen H (2011) TouchLogger: inferring keystrokes on touch screen from smartphone motion. HotSec 11:9–9 Cai L, Chen H (2011) TouchLogger: inferring keystrokes on touch screen from smartphone motion. HotSec 11:9–9
36.
Zurück zum Zitat Song C, Lin F, Ba Z, Ren K, Zhou C, Xu W (2016) My smartphone knows what you print: exploring smartphone-based side-channel attacks against 3d printers. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 895–907 Song C, Lin F, Ba Z, Ren K, Zhou C, Xu W (2016) My smartphone knows what you print: exploring smartphone-based side-channel attacks against 3d printers. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 895–907
37.
Zurück zum Zitat Maiti A, Armbruster O, Jadliwala M, He J (2016) Smartwatch-based keystroke inference attacks and context-aware protection mechanisms. In: Proceedings of the 11th ACM on Asia conference on computer and communications security. ACM, New York, pp 795–806 Maiti A, Armbruster O, Jadliwala M, He J (2016) Smartwatch-based keystroke inference attacks and context-aware protection mechanisms. In: Proceedings of the 11th ACM on Asia conference on computer and communications security. ACM, New York, pp 795–806
38.
Zurück zum Zitat Liu X, Zhou Z, Diao W, Li Z, Zhang K (2015) When good becomes evil: keystroke inference with smartwatch. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1273–1285 Liu X, Zhou Z, Diao W, Li Z, Zhang K (2015) When good becomes evil: keystroke inference with smartwatch. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1273–1285
39.
Zurück zum Zitat Simon L, Anderson R (2013) Pin skimmer: inferring pins through the camera and microphone. In: Proceedings of the third ACM workshop on security and privacy in smartphones & mobile devices. ACM, New York, pp 67–78CrossRef Simon L, Anderson R (2013) Pin skimmer: inferring pins through the camera and microphone. In: Proceedings of the third ACM workshop on security and privacy in smartphones & mobile devices. ACM, New York, pp 67–78CrossRef
40.
Zurück zum Zitat Maiti A, Jadliwala M, He J, Bilogrevic I (2015) (Smart) watch your taps: side-channel keystroke inference attacks using smartwatches. In: Proceedings of the 2015 ACM International Symposium on Wearable Computers. ACM, New York, pp 27–30CrossRef Maiti A, Jadliwala M, He J, Bilogrevic I (2015) (Smart) watch your taps: side-channel keystroke inference attacks using smartwatches. In: Proceedings of the 2015 ACM International Symposium on Wearable Computers. ACM, New York, pp 27–30CrossRef
41.
Zurück zum Zitat Spreitzer R, Moonsamy V, Korak T, Mangard S (2018) Systematic classification of side-channel attacks: a case study for mobile devices Spreitzer R, Moonsamy V, Korak T, Mangard S (2018) Systematic classification of side-channel attacks: a case study for mobile devices
43.
Zurück zum Zitat Trippel T, Weisse O, Xu W, Honeyman P, Fu K (2017) WALNUT: waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In: Security and privacy (EuroS&P), 2017 IEEE European symposium on. IEEE, pp 3–18 Trippel T, Weisse O, Xu W, Honeyman P, Fu K (2017) WALNUT: waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In: Security and privacy (EuroS&P), 2017 IEEE European symposium on. IEEE, pp 3–18
44.
Zurück zum Zitat Asonov D, Agrawal R (2004) Keyboard acoustic emanations. In: Null. IEEE, p 3 Asonov D, Agrawal R (2004) Keyboard acoustic emanations. In: Null. IEEE, p 3
45.
Zurück zum Zitat Zhuang L, Zhou F, Tygar JD (2009) Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security (TISSEC) 13(1):3CrossRef Zhuang L, Zhou F, Tygar JD (2009) Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security (TISSEC) 13(1):3CrossRef
46.
Zurück zum Zitat Backes M, Dürmuth M, Gerling S, Pinkal M, Sporleder C (2010). Acoustic side-channel attacks on printers. In: USENIX Security symposium, pp 307–322 Backes M, Dürmuth M, Gerling S, Pinkal M, Sporleder C (2010). Acoustic side-channel attacks on printers. In: USENIX Security symposium, pp 307–322
47.
Zurück zum Zitat Chhetri SR, Canedo A, Faruque MAA (2018) Confidentiality breach through acoustic side-channel in cyber-physical additive manufacturing systems. ACM Trans Cyber-Phys Sys 2(1):3 Chhetri SR, Canedo A, Faruque MAA (2018) Confidentiality breach through acoustic side-channel in cyber-physical additive manufacturing systems. ACM Trans Cyber-Phys Sys 2(1):3
48.
Zurück zum Zitat Chhetri SR, Canedo A, Faruque MAA (2016) Kcad: kinetic cyber-attack detection method for cyber-physical additive manufacturing systems. In: Proceedings of the 35th international conference on computer-aided design. ACM, New York, p 74 Chhetri SR, Canedo A, Faruque MAA (2016) Kcad: kinetic cyber-attack detection method for cyber-physical additive manufacturing systems. In: Proceedings of the 35th international conference on computer-aided design. ACM, New York, p 74
49.
Zurück zum Zitat Krishnamurthy P, Khorrami F, Karri R, Paul-Pena D, Salehghaffari H (2018) Process-aware covert channels using physical instrumentation in cyber-physical systems. IEEE Trans Inf Forensics Secur 13(11):2761–2771CrossRef Krishnamurthy P, Khorrami F, Karri R, Paul-Pena D, Salehghaffari H (2018) Process-aware covert channels using physical instrumentation in cyber-physical systems. IEEE Trans Inf Forensics Secur 13(11):2761–2771CrossRef
50.
Zurück zum Zitat Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security. ACM, New York, pp 199–212 Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security. ACM, New York, pp 199–212
51.
Zurück zum Zitat Vincent H, Wells L, Tarazaga P, Camelio J (2015) Trojan detection and side-channel analyses for cyber-security in cyber-physical manufacturing systems. Proced Manuf 1:77–85CrossRef Vincent H, Wells L, Tarazaga P, Camelio J (2015) Trojan detection and side-channel analyses for cyber-security in cyber-physical manufacturing systems. Proced Manuf 1:77–85CrossRef
52.
Zurück zum Zitat Grzesiak K, Przybysz A (2010) Emission security of laser printers. In: Military communications and information systems conference, Wrocław, pp 353–363 Grzesiak K, Przybysz A (2010) Emission security of laser printers. In: Military communications and information systems conference, Wrocław, pp 353–363
53.
Zurück zum Zitat Lee HS, Sim K, Yook JG (2015) Measurement and analysis of the electromagnetic emanations from video display interface. In: Electrical design of advanced packaging and systems symposium (EDAPS), 2015 IEEE. IEEE, pp 71–73 Lee HS, Sim K, Yook JG (2015) Measurement and analysis of the electromagnetic emanations from video display interface. In: Electrical design of advanced packaging and systems symposium (EDAPS), 2015 IEEE. IEEE, pp 71–73
54.
Zurück zum Zitat Islam MA, Ren S, Wierman A (2017) Exploiting a thermal side channel for power attacks in multi-tenant data centers. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, pp 1079–1094 Islam MA, Ren S, Wierman A (2017) Exploiting a thermal side channel for power attacks in multi-tenant data centers. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, pp 1079–1094
55.
Zurück zum Zitat Mowery K, Meiklejohn S, Savage S (2011) Heat of the moment: characterizing the efficacy of thermal camera-based attacks. In: Proceedings of the 5th USENIX conference on offensive technologies. USENIX Association, pp 6–6 Mowery K, Meiklejohn S, Savage S (2011) Heat of the moment: characterizing the efficacy of thermal camera-based attacks. In: Proceedings of the 5th USENIX conference on offensive technologies. USENIX Association, pp 6–6
56.
Zurück zum Zitat Wodo W, Hanzlik L (2016) Thermal imaging attacks on keypad security systems. In: SECRYPT, pp 458–464 Wodo W, Hanzlik L (2016) Thermal imaging attacks on keypad security systems. In: SECRYPT, pp 458–464
57.
Zurück zum Zitat Andriotis P, Tryfonas T, Oikonomou G, Yildiz C (2013) A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks. ACM, New York, pp 1–6 Andriotis P, Tryfonas T, Oikonomou G, Yildiz C (2013) A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks. ACM, New York, pp 1–6
58.
Zurück zum Zitat Abdelrahman Y, Khamis M, Schneegass S, Alt F (2017) Stay cool! understanding thermal attacks on mobile-based user authentication. In: Proceedings of the 2017 CHI conference on human factors in computing systems. ACM, New York, pp 3751–3763CrossRef Abdelrahman Y, Khamis M, Schneegass S, Alt F (2017) Stay cool! understanding thermal attacks on mobile-based user authentication. In: Proceedings of the 2017 CHI conference on human factors in computing systems. ACM, New York, pp 3751–3763CrossRef
59.
Zurück zum Zitat Al Faruque MA, Chhetri SR, Canedo A, Wan J (2016) Forensics of thermal side-channel in additive manufacturing systems. In: CECS technical report# 16–01. University of California, Irvine Al Faruque MA, Chhetri SR, Canedo A, Wan J (2016) Forensics of thermal side-channel in additive manufacturing systems. In: CECS technical report# 16–01. University of California, Irvine
60.
Zurück zum Zitat Stone S, Temple M (2012) Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure. Int J Crit Infrastruct Prot 5(2):66–73CrossRef Stone S, Temple M (2012) Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure. Int J Crit Infrastruct Prot 5(2):66–73CrossRef
61.
Zurück zum Zitat Stone SJ, Temple MA, Baldwin RO (2015) Detecting anomalous programmable logic controller behavior using RF-based Hilbert transform features and a correlation-based verification process. Int J Crit Infrastruct Prot 9:41–51CrossRef Stone SJ, Temple MA, Baldwin RO (2015) Detecting anomalous programmable logic controller behavior using RF-based Hilbert transform features and a correlation-based verification process. Int J Crit Infrastruct Prot 9:41–51CrossRef
62.
Zurück zum Zitat Van Aubel P, Papagiannopoulos K, Chmielewski Ł, Doerr C (2017) Side-channel based intrusion detection for industrial control systems. arXiv preprint arXiv:1712.05745 Van Aubel P, Papagiannopoulos K, Chmielewski Ł, Doerr C (2017) Side-channel based intrusion detection for industrial control systems. arXiv preprint arXiv:1712.05745
63.
Zurück zum Zitat Han Y, Etigowni S, Liu H, Zonouz S, Petropulu A (2017) Watch me, but don’t touch me! contactless control flow monitoring via electromagnetic emanations. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1095–1108 Han Y, Etigowni S, Liu H, Zonouz S, Petropulu A (2017) Watch me, but don’t touch me! contactless control flow monitoring via electromagnetic emanations. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, New York, pp 1095–1108
64.
Zurück zum Zitat Boggs N, Chau JC, Cui A (2018) Utilizing electromagnetic emanations for out-of-band detection of unknown attack code in a programmable logic controller. In: Cyber sensing 2018, vol 10630, p 106300D. International Society for Optics and Photonics Boggs N, Chau JC, Cui A (2018) Utilizing electromagnetic emanations for out-of-band detection of unknown attack code in a programmable logic controller. In: Cyber sensing 2018, vol 10630, p 106300D. International Society for Optics and Photonics
65.
Zurück zum Zitat Classen J, Chen J, Steinmetzer D, Hollick M, Knightly E (2015) The spy next door: eavesdropping on high throughput visible light communications. In: Proceedings of the 2nd international workshop on visible light communications systems. ACM, New York, pp 9–14CrossRef Classen J, Chen J, Steinmetzer D, Hollick M, Knightly E (2015) The spy next door: eavesdropping on high throughput visible light communications. In: Proceedings of the 2nd international workshop on visible light communications systems. ACM, New York, pp 9–14CrossRef
66.
Zurück zum Zitat Loughry J, Umphress DA (2002) Information leakage from optical emanations. ACM Trans Inf Sys Secur (TISSEC) 5(3):262–289CrossRef Loughry J, Umphress DA (2002) Information leakage from optical emanations. ACM Trans Inf Sys Secur (TISSEC) 5(3):262–289CrossRef
67.
Zurück zum Zitat Backes M, Dürmuth M, Unruh D (2008) Compromising reflections-or-how to read LCD monitors around the corner. In: Security and privacy, 2008. SP 2008. IEEE symposium on. IEEE, Piscataway, pp 158–169 Backes M, Dürmuth M, Unruh D (2008) Compromising reflections-or-how to read LCD monitors around the corner. In: Security and privacy, 2008. SP 2008. IEEE symposium on. IEEE, Piscataway, pp 158–169
68.
Zurück zum Zitat Chakraborty S, Ouyang W, Srivastava M (2017) LightSpy: optical eavesdropping on displays using light sensors on mobile devices. In: Big Data (Big Data), 2017 IEEE international conference on. IEEE, pp 2980–2989 Chakraborty S, Ouyang W, Srivastava M (2017) LightSpy: optical eavesdropping on displays using light sensors on mobile devices. In: Big Data (Big Data), 2017 IEEE international conference on. IEEE, pp 2980–2989
69.
Zurück zum Zitat Wei L, Liu Y, Luo B, Li Y, Xu Q (2018) I know what you see: power side-channel attack on convolutional neural network accelerators. arXiv preprint arXiv:1803.05847 Wei L, Liu Y, Luo B, Li Y, Xu Q (2018) I know what you see: power side-channel attack on convolutional neural network accelerators. arXiv preprint arXiv:1803.05847
70.
Zurück zum Zitat Jeon Y, Kim M, Kim H, Kim H, Huh JH, Yoon JW (2018) I’m listening to your location! Inferring user location with acoustic side channels. In: Proceedings of the 2018 World Wide web conference on world wide web. International World Wide Web Conferences Steering Committee, pp 339–348 Jeon Y, Kim M, Kim H, Kim H, Huh JH, Yoon JW (2018) I’m listening to your location! Inferring user location with acoustic side channels. In: Proceedings of the 2018 World Wide web conference on world wide web. International World Wide Web Conferences Steering Committee, pp 339–348
71.
Zurück zum Zitat Cao F, Malik S (2006) Vulnerability analysis and best practices for adopting IP telephony in critical infrastructure sectors. IEEE Commun Mag 44(4):138–145CrossRef Cao F, Malik S (2006) Vulnerability analysis and best practices for adopting IP telephony in critical infrastructure sectors. IEEE Commun Mag 44(4):138–145CrossRef
72.
Zurück zum Zitat De Meulenaer G, Standaert FX (2010) Stealthy compromise of wireless sensor nodes with power analysis attacks. In: International conference on mobile lightweight wireless systems. Springer, Berlin/Heidelberg, pp 229–242CrossRef De Meulenaer G, Standaert FX (2010) Stealthy compromise of wireless sensor nodes with power analysis attacks. In: International conference on mobile lightweight wireless systems. Springer, Berlin/Heidelberg, pp 229–242CrossRef
73.
Zurück zum Zitat Hively LM, McDonald JT (2013) Theorem-based, data-driven, cyber event detection. In: Proceedings of the eighth annual cyber security and information intelligence research workshop. ACM, New York, p 58 Hively LM, McDonald JT (2013) Theorem-based, data-driven, cyber event detection. In: Proceedings of the eighth annual cyber security and information intelligence research workshop. ACM, New York, p 58
74.
Zurück zum Zitat Dawson JA, McDonald JT, Shropshire J, Andel TR, Luckett P, Hively L (2017) Rootkit detection through phase-space analysis of power voltage measurements. In: 2017 12th international conference on malicious and unwanted software (MALWARE). IEEE, Piscataway, pp 19–27CrossRef Dawson JA, McDonald JT, Shropshire J, Andel TR, Luckett P, Hively L (2017) Rootkit detection through phase-space analysis of power voltage measurements. In: 2017 12th international conference on malicious and unwanted software (MALWARE). IEEE, Piscataway, pp 19–27CrossRef
75.
Zurück zum Zitat Gunti N B, Lingasubramanian K (2015) Efficient static power based side channel analysis for hardware trojan detection using controllable sleep transistors. In: SoutheastCon 2015. IEEE, pp 1–6 Gunti N B, Lingasubramanian K (2015) Efficient static power based side channel analysis for hardware trojan detection using controllable sleep transistors. In: SoutheastCon 2015. IEEE, pp 1–6
76.
Zurück zum Zitat Shende R, Ambawade DD (2016) A side channel based power analysis technique for hardware trojan detection using statistical learning approach. In: Wireless and optical communications networks (WOCN), 2016 thirteenth international conference on. IEEE, Piscataway, pp 1–4 Shende R, Ambawade DD (2016) A side channel based power analysis technique for hardware trojan detection using statistical learning approach. In: Wireless and optical communications networks (WOCN), 2016 thirteenth international conference on. IEEE, Piscataway, pp 1–4
77.
Zurück zum Zitat Moore S, Yampolskiy M, Gatlin J, McDonald JT, Andel TR (2016) Buffer overflow attack’s power consumption signatures. In: Proceedings of the 6th workshop on software security, protection, and reverse engineering. ACM, New York, p 6 Moore S, Yampolskiy M, Gatlin J, McDonald JT, Andel TR (2016) Buffer overflow attack’s power consumption signatures. In: Proceedings of the 6th workshop on software security, protection, and reverse engineering. ACM, New York, p 6
78.
Zurück zum Zitat Clark SS, Ransford B, Rahmati A, Guineau S, Sorber J, Xu W, …, Holcomb D (2013) WattsUpDoc: power side channels to nonintrusively discover untargeted malware on embedded medical devices. In: HealthTech Clark SS, Ransford B, Rahmati A, Guineau S, Sorber J, Xu W, …, Holcomb D (2013) WattsUpDoc: power side channels to nonintrusively discover untargeted malware on embedded medical devices. In: HealthTech
79.
Zurück zum Zitat Abbas M, Prakash A, Srikanthan T (2017) Power profile based runtime anomaly detection. In: TRON symposium (TRONSHOW). IEEE, Tokyo Abbas M, Prakash A, Srikanthan T (2017) Power profile based runtime anomaly detection. In: TRON symposium (TRONSHOW). IEEE, Tokyo
80.
Zurück zum Zitat Gonzalez CA, Hinton A (2014) Detecting malicious software execution in programmable logic controllers using power fingerprinting. In: International conference on critical infrastructure protection. Springer, Berlin/Heidelberg, pp 15–27 Gonzalez CA, Hinton A (2014) Detecting malicious software execution in programmable logic controllers using power fingerprinting. In: International conference on critical infrastructure protection. Springer, Berlin/Heidelberg, pp 15–27
81.
Zurück zum Zitat Xiao YJ, Xu WY, Jia ZH, Ma ZR, Qi DL (2017) NIPAD: a non-invasive power-based anomaly detection scheme for programmable logic controllers. Front Inf Technol Electron Eng 18(4):519–534CrossRef Xiao YJ, Xu WY, Jia ZH, Ma ZR, Qi DL (2017) NIPAD: a non-invasive power-based anomaly detection scheme for programmable logic controllers. Front Inf Technol Electron Eng 18(4):519–534CrossRef
82.
Zurück zum Zitat Gong X, Kiyavash N (2013) Timing side channels for traffic analysis. In: Acoustics, speech and signal processing (ICASSP), 2013 IEEE international conference on. IEEE, Piscataway, pp 8697–8701CrossRef Gong X, Kiyavash N (2013) Timing side channels for traffic analysis. In: Acoustics, speech and signal processing (ICASSP), 2013 IEEE international conference on. IEEE, Piscataway, pp 8697–8701CrossRef
83.
Zurück zum Zitat Gong X, Kiyavash N (2016) Quantifying the information leakage in timing side channels in deterministic work-conserving schedulers. IEEE/ACM Trans Networking 24(3):1841–1852CrossRef Gong X, Kiyavash N (2016) Quantifying the information leakage in timing side channels in deterministic work-conserving schedulers. IEEE/ACM Trans Networking 24(3):1841–1852CrossRef
84.
Zurück zum Zitat Hoyos J, Dehus M, Brown TX (2012) Exploiting the GOOSE protocol: a practical attack on cyber-infrastructure. In: Globecom Workshops (GC Wkshps), 2012 IEEE. IEEE, Piscataway, pp 1508–1513CrossRef Hoyos J, Dehus M, Brown TX (2012) Exploiting the GOOSE protocol: a practical attack on cyber-infrastructure. In: Globecom Workshops (GC Wkshps), 2012 IEEE. IEEE, Piscataway, pp 1508–1513CrossRef
85.
Zurück zum Zitat Zhong X, Ahmadi A, Brooks R, Venayagamoorthy GK, Yu L, Fu Y (2015) Side channel analysis of multiple pmu data in electric power systems. In: Power systems conference (PSC), 2015 Clemson University. IEEE, Piscataway, pp 1–6 Zhong X, Ahmadi A, Brooks R, Venayagamoorthy GK, Yu L, Fu Y (2015) Side channel analysis of multiple pmu data in electric power systems. In: Power systems conference (PSC), 2015 Clemson University. IEEE, Piscataway, pp 1–6
86.
Zurück zum Zitat Zhong X, Arunagirinathan P, Ahmadi A, Brooks R, Venayagamoorthy GK (2015) Side-channels in electric power synchrophasor network data traffic. In: Proceedings of the 10th annual cyber and information security research conference. ACM, New York, p 3 Zhong X, Arunagirinathan P, Ahmadi A, Brooks R, Venayagamoorthy GK (2015) Side-channels in electric power synchrophasor network data traffic. In: Proceedings of the 10th annual cyber and information security research conference. ACM, New York, p 3
87.
Zurück zum Zitat Islam CS, Mollah MSH (2015) Timing SCA against HMAC to investigate from the execution time of algorithm viewpoint. In: Informatics, electronics & vision (ICIEV), 2015 international conference on. IEEE, Piscataway, pp 1–6 Islam CS, Mollah MSH (2015) Timing SCA against HMAC to investigate from the execution time of algorithm viewpoint. In: Informatics, electronics & vision (ICIEV), 2015 international conference on. IEEE, Piscataway, pp 1–6
88.
Zurück zum Zitat Johnstone MN, Peacock M, den Hartog JI (2015) Timing attack detection on bacnet via a machine learning approach Johnstone MN, Peacock M, den Hartog JI (2015) Timing attack detection on bacnet via a machine learning approach
89.
Zurück zum Zitat Dunlap S, Butts J, Lopez J, Rice M, Mullins B (2016) Using timing-based side channels for anomaly detection in industrial control systems. Int J Crit Infrastruct Prot 15:12–26CrossRef Dunlap S, Butts J, Lopez J, Rice M, Mullins B (2016) Using timing-based side channels for anomaly detection in industrial control systems. Int J Crit Infrastruct Prot 15:12–26CrossRef
90.
Zurück zum Zitat Kocher P, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, …, Yarom Y (2018) Spectre attacks: exploiting speculative execution. arXiv preprint arXiv:1801.01203 Kocher P, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, …, Yarom Y (2018) Spectre attacks: exploiting speculative execution. arXiv preprint arXiv:1801.01203
91.
Zurück zum Zitat Hintz A (2002) Fingerprinting websites using traffic analysis. In: International workshop on privacy enhancing technologies. Springer, Berlin/Heidelberg, pp 171–178 Hintz A (2002) Fingerprinting websites using traffic analysis. In: International workshop on privacy enhancing technologies. Springer, Berlin/Heidelberg, pp 171–178
92.
Zurück zum Zitat Lu L, Chang EC, Chan MC (2010) Website fingerprinting and identification using ordered feature sequences. In: European symposium on research in computer security. Springer, Berlin/Heidelberg, pp 199–214 Lu L, Chang EC, Chan MC (2010) Website fingerprinting and identification using ordered feature sequences. In: European symposium on research in computer security. Springer, Berlin/Heidelberg, pp 199–214
93.
Zurück zum Zitat Chen S, Wang R, Wang X, Zhang K (2010) Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: 2010 IEEE symposium on security and privacy. IEEE, Los Alamitos, pp 191–206CrossRef Chen S, Wang R, Wang X, Zhang K (2010) Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: 2010 IEEE symposium on security and privacy. IEEE, Los Alamitos, pp 191–206CrossRef
94.
Zurück zum Zitat Tsalis N, Stergiopoulos G, Bitsikas E, Gritzalis D, Apostolopoulos T (2018) Side channel attacks over encrypted TCP/IP Modbus reveal functionality leaks. In: Proceeding. of the 15th International Conference on Security and Cryptography (SECRYPT-2018), Portugal Tsalis N, Stergiopoulos G, Bitsikas E, Gritzalis D, Apostolopoulos T (2018) Side channel attacks over encrypted TCP/IP Modbus reveal functionality leaks. In: Proceeding. of the 15th International Conference on Security and Cryptography (SECRYPT-2018), Portugal
95.
Zurück zum Zitat de Souza Faria G, Kim HY (2013) Identification of pressed keys from mechanical vibrations. IEEE Transactions on Information Forensics and Security 8(7):1221–1229CrossRef de Souza Faria G, Kim HY (2013) Identification of pressed keys from mechanical vibrations. IEEE Transactions on Information Forensics and Security 8(7):1221–1229CrossRef
96.
Zurück zum Zitat de Souza Faria G, Kim HY (2016) Identification of pressed keys by time difference of arrivals of mechanical vibrations. Comput Secur 57:93–105CrossRef de Souza Faria G, Kim HY (2016) Identification of pressed keys by time difference of arrivals of mechanical vibrations. Comput Secur 57:93–105CrossRef
97.
Zurück zum Zitat Chen CY, Ghassami A, Nagy S, Yoon MK, Mohan S, Kiyavash N, …, Pellizzoni R (2015) Schedule-based side-channel attack in fixed-priority real-time systems Chen CY, Ghassami A, Nagy S, Yoon MK, Mohan S, Kiyavash N, …, Pellizzoni R (2015) Schedule-based side-channel attack in fixed-priority real-time systems
98.
Zurück zum Zitat Weiß M, Weggenmann B, August M, Sigl G (2014) On cache timing attacks considering multi-core aspects in virtualized embedded systems. In: International conference on trusted systems. Springer, Cham, pp 151–167 Weiß M, Weggenmann B, August M, Sigl G (2014) On cache timing attacks considering multi-core aspects in virtualized embedded systems. In: International conference on trusted systems. Springer, Cham, pp 151–167
99.
Zurück zum Zitat August M (2014) IDP: an analysis of a cache-based timing side channel attack and a countermeasure on PikeOS August M (2014) IDP: an analysis of a cache-based timing side channel attack and a countermeasure on PikeOS
100.
Zurück zum Zitat Gritzalis D, Iseppi G, Mylonas A, Stavrou V (2018) Exiting the risk assessment maze: a meta-survey. ACM Comput Surv (CSUR) 51(1):11CrossRef Gritzalis D, Iseppi G, Mylonas A, Stavrou V (2018) Exiting the risk assessment maze: a meta-survey. ACM Comput Surv (CSUR) 51(1):11CrossRef
Metadaten
Titel
A Taxonomy of Side Channel Attacks on Critical Infrastructures and Relevant Systems
verfasst von
Nick Tsalis
Efstratios Vasilellis
Despina Mentzelioti
Theodore Apostolopoulos
Copyright-Jahr
2019
DOI
https://doi.org/10.1007/978-3-030-00024-0_15