A Gentle Introduction to Side Channel Attacks on Smartphones
What Are Side Channels?
Let us consider Fig. 26.1. An input I is given to a computer program CP which outputs O. In addition to the output O returned by the program, various kinds of unintended information leaks may occur. These unintended information leaks are called “side channels” because they do not originate from the program’s output.
Traditional side channels include power, timing, Electro-Magnetic (EM) emanations, Internet traffic patterns, and so on. For example, different operations executed by a program may consume different amounts of energy. So if an attacker can observe power consumption while the program runs, some information about secret operations can be extracted. These are called power side channels and they are relevant for banking cards. Another source of side channels is EM emanations, which are the
L. Simon (h)
© The Author(s) 2016
B. Batiz-Lazo, L. Efthymiou (eds.), The Book of Payments, DOI 10.1057/978-1-137-60231-2_26
Fig. 26.1 Computer program taking input I and giving output O (Source: Author's own design)
result of current flows when the program runs on the CPU. These are also relevant on banking cards. The time it takes for a program to execute different operations may also vary and hence information is leaked; these are called timing side channels.
Side channels on smartphones look rather different. An emerging class of side channels is those that abuse sensors and peripherals such as the built-in accelerometer, gyroscope or camera. Given information leaked from one of these side channels, an attacker can try to compromise a user’s privacy; for example, by inferring secrets such as a password or a PIN. The data gleaned by an attacker through a side channel is, however, “noisy”. This means that it does not contain enough information to recover the original secret reliably. This is what makes side channel attacks challenging in practice. For example, if an attacker can make a video recording of someone while they type their PIN, the video footage may provide valuable information to infer the original PIN. However, it might be the case that the footage has low resolution, or that some parts of the footage are blurred, and so on. Therefore, an attacker must process the leaked data accordingly to extract the maximum amount of information. This requires running algorithms that reduce the noise and highlight the valuable part of the data. Depending on the type of side channels and the secret one wants to infer, different techniques are used. For example, for power and EM side channels, statistical methods are usually used. For side channels based on sensors and peripherals (smartphones), Machine Learning (ML) methods are typically employed. We give a brief introduction of ML in the next section.