Presented at SecurityWeek's 2018 ICS Cyber Security Conference.
Side channel attacks are attacks based on information gained by physical access to the device rather than theoretical weaknesses in algorithms, brute force or cryptanalysis. These attacks pose a significant threat to the security of cryptographic modules. An attacker may obtain secret information, like passwords, or encryption keys by monitoring information the device is leaking such as: amount of time required to perform certain computations, power consumption or electromagnetic radiation while performing the cryptographic operation. Although many of these attacks require considerable technical knowledge of the system, the cost and difficulty of the attacks are being reduced with the introduction of cheap hardware, firmware, and software. This presentation discusses case studies showing side channel vulnerabilities in many implementations of crypto algorithms. It investigates typical targets as well as methodologies and techniques that attackers are using to launch a passive, difficult to detect attack, against ICS devices. It also addresses strategies that can be deployed as countermeasures.