Wikipedia defines side-channel attacks as: any attack based on information gaine

Question

Wikipedia defines side-channel attacks as:

any attack based on information gained from the physical implementation of a cryptosystem

Usually in side channel attacks the implementations leak information (e.g., timing attack: the implementation leaks the time it takes to complete a task, etc.)

Are tampering-attacks also considered as side-channel attacks?

On one hand, tampering-attacks are (usually) attacks on the implementation itself. On the other hand, the attack might be such that information only enters the device, and no information comes out of the device, so there is no "side-channel" that leaks the information. (example: If we heat some access-control device, until it grants us the access. Or if we perform SQL injection that causes the device to grant the access (but leaks no secret other than that))

Explanation / Answer

A tampering attack can be considered as an active side-channel attack, which is one that involves (physically) interacting with the device under attack. In contrast, passive attacks involve only measurement and observation.

Generally, however, I think tampering attacks are considered as a separate class as the countermeasures against them are quite different than for other side-channel attacks

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.