TY - GEN
T1 - SoK
T2 - International Conference on Availability, Reliability and Security
AU - Martínez-Rodríguez, MacArena C.
AU - Delgado-Lozano, Ignacio M.
AU - Brumley, Billy Bob
N1 - Funding Information:
Acknowledgments. (i) This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 804476). (ii) Supported in part by the Cybersecurity Research Award granted by the Technology Innovation Institute (TII). (iii) Supported in part by CSIC’s i-LINK+ 2019 “Advancing in cybersecurity technologies” (Ref. LINKA20216). (iv) M. C. Martínez-Rodríguez holds a Post-doc fellowship supported by the Andalusian government with support from the PO. FSE of the European Union. (v) Ignacio M. Delgado-Lozano was financially supported in part by HPY Research Foundation.
Publisher Copyright:
© 2021 ACM.
PY - 2021/8/17
Y1 - 2021/8/17
N2 - In recent years, numerous attacks have appeared that aim to steal secret information from their victim using the power side-channel vector, yet without direct physical access. These attacks are called Remote Power Attacks or Remote Power Analysis, utilizing resources that are natively present inside the victim environment. However, there is no unified definition about the limitations that a power attack requires to be defined as remote. This paper aims to propose a unified definition and concrete threat models to clearly differentiate remote power attacks from non-remote ones. Additionally, we collect the main remote power attacks performed so far from the literature, and the principal proposed countermeasures to avoid them. The search of such countermeasures denoted a clear gap in preventing remote power attacks at the technical level. Thus, the academic community must face an important challenge to avoid this emerging threat, given the clear room for improvement that should be addressed in terms of defense and security of devices that work with private information.
AB - In recent years, numerous attacks have appeared that aim to steal secret information from their victim using the power side-channel vector, yet without direct physical access. These attacks are called Remote Power Attacks or Remote Power Analysis, utilizing resources that are natively present inside the victim environment. However, there is no unified definition about the limitations that a power attack requires to be defined as remote. This paper aims to propose a unified definition and concrete threat models to clearly differentiate remote power attacks from non-remote ones. Additionally, we collect the main remote power attacks performed so far from the literature, and the principal proposed countermeasures to avoid them. The search of such countermeasures denoted a clear gap in preventing remote power attacks at the technical level. Thus, the academic community must face an important challenge to avoid this emerging threat, given the clear room for improvement that should be addressed in terms of defense and security of devices that work with private information.
KW - applied cryptography
KW - countermeasures
KW - hardware security
KW - power analysis
KW - remote power analysis
KW - side-channel analysis
U2 - 10.1145/3465481.3465773
DO - 10.1145/3465481.3465773
M3 - Conference contribution
AN - SCOPUS:85107827430
T3 - ACM International Conference Proceeding Series
BT - 16th International Conference on Availability, Reliability and Security, ARES 2021
PB - ACM
Y2 - 17 August 2021 through 20 August 2021
ER -