## Diagram: Side-Channel Attacks Classification ### Overview The image is a tree diagram illustrating the classification of side-channel attacks. The diagram branches out from the central topic, "Side-Channel Attacks," into five main categories: "Attacker capability," "Information leaks," "Exploited properties," "Required access," and "Profiling phase." Each of these categories further branches into subcategories, providing a hierarchical breakdown of the different aspects of side-channel attacks. ### Components/Axes * **Main Topic:** Side-Channel Attacks (located at the top center) * **First-Level Categories:** * Attacker capability (top-left) * Information leaks (left-center) * Exploited properties (center) * Required access (right-center) * Profiling phase (top-right) * **Second-Level and Third-Level Subcategories:** These are listed below under "Detailed Analysis." ### Detailed Analysis The diagram breaks down each main category as follows: * **Attacker capability:** * Passive (gray box) * Active (white box) * **Information leaks:** * Unintended (gray box) * Intended (white box) * **Exploited properties:** * Logical (white box) * Mem. access patterns (white box) * Physical (gray box) * Timing (white box) * Sound (white box) * Heat (white box) * Power consumption (gray box) * EM (gray box) * **Required access:** * Local (white box) * Physical (gray box) * Remote (gray box) * **Profiling phase:** * Non-profiled (gray box) * Profiled (white box) ### Key Observations * The diagram uses a hierarchical structure to categorize side-channel attacks. * Some subcategories are further divided (e.g., "Exploited properties" -> "Physical" -> "Timing," "Sound," "Heat," "Power consumption," "EM"). * The use of gray and white boxes may indicate different types or levels of classification, but this is not explicitly defined in the diagram. ### Interpretation The diagram provides a structured overview of the various dimensions of side-channel attacks. It highlights the different capabilities an attacker might possess, the types of information that can be leaked, the properties of the system that can be exploited, the level of access required, and whether the attack involves a profiling phase. The hierarchical structure allows for a detailed understanding of the relationships between these different aspects of side-channel attacks. The diagram suggests that side-channel attacks can be classified based on multiple factors, providing a comprehensive framework for analysis and mitigation. The use of gray and white boxes may indicate a binary classification within each category, but without a legend, the exact meaning is unclear.

\n ## Diagram: Side-Channel Attacks Taxonomy ### Overview The image is a hierarchical diagram illustrating a taxonomy of Side-Channel Attacks. The diagram branches out from the central topic "Side-Channel Attacks" into five main categories: "Attacker capability", "Information leaks", "Exploited properties", "Required access", and "Profiling phase". Each of these categories further branches into sub-categories, providing a detailed classification of different types of side-channel attacks. ### Components/Axes The diagram is structured as a tree, with the root node at the top center and branches extending downwards. There are no axes in the traditional sense, but the diagram uses hierarchical relationships to organize information. The main categories are positioned horizontally, and their sub-categories are arranged vertically below them. ### Detailed Analysis or Content Details Here's a breakdown of each branch: 1. **Attacker capability:** * Passive * Active 2. **Information leaks:** * Unintended * Intended 3. **Exploited properties:** * Logical * Mem. access patterns (Memory access patterns) * Physical * Timing * Sound * Heat * Power consumption * EM (Electromagnetic) 4. **Required access:** * Local * Physical * Remote 5. **Profiling phase:** * Non-profiled * Profiled ### Key Observations The diagram demonstrates a comprehensive categorization of side-channel attacks. The "Exploited properties" branch is the most detailed, with several sub-categories under "Physical" attacks. The diagram highlights the different aspects of side-channel attacks, from the attacker's capabilities to the properties exploited and the access level required. ### Interpretation This diagram serves as a foundational understanding of the landscape of side-channel attacks. It suggests that these attacks can be classified based on various factors, allowing for a more targeted analysis and defense strategy. The distinction between "Passive" and "Active" attacker capabilities indicates the level of interaction the attacker has with the system. The categorization of "Information leaks" into "Unintended" and "Intended" highlights whether the information leakage is a flaw or a deliberate feature. The detailed breakdown of "Exploited properties" shows the diverse range of physical phenomena that can be exploited to extract sensitive information. The "Required access" categories indicate the level of control the attacker needs to launch the attack. Finally, the "Profiling phase" categorization suggests whether the attacker has prior knowledge of the system's behavior. The diagram is a useful tool for security professionals and researchers to understand the different types of side-channel attacks and develop appropriate countermeasures. It provides a clear and concise overview of the field, making it easier to navigate the complex landscape of side-channel security.

\n ## Diagram: Taxonomy of Side-Channel Attacks ### Overview The image displays a hierarchical tree diagram (taxonomy) that classifies the various aspects and categories of "Side-Channel Attacks." The diagram is structured with a single root node at the top, branching out into five primary categories, which further subdivide into more specific types or methods. The layout is a top-down tree, with connecting lines indicating parent-child relationships. Several leaf nodes are shaded in gray, potentially indicating a common, significant, or specific subset within their category. ### Components/Axes **Root Node:** * **Label:** "Side-Channel Attacks" (Top-center of the diagram) **Primary Branches (Level 1, from left to right):** 1. **Attacker capability** 2. **Information leaks** 3. **Exploited properties** 4. **Required access** 5. **Profiling phase** **Sub-categories (Level 2 and beyond):** * **Under "Attacker capability":** * Passive (shaded gray) * Active * **Under "Information leaks":** * Unintended (shaded gray) * Intended * **Under "Exploited properties":** * Logical * Mem. access patterns * Physical (shaded gray) * Timing * Sound * Heat * Power consumption (shaded gray) * EM (shaded gray) * **Under "Required access":** * Local * Physical (shaded gray) * Remote * **Under "Profiling phase":** * Non-profiled * Profiled (shaded gray) ### Detailed Analysis The diagram provides a structured breakdown of side-channel attack characteristics: 1. **Attacker Capability:** Differentiates between attacks based on the attacker's interaction level. "Passive" attacks only observe side-channel emissions, while "Active" attacks may involve injecting signals or faults. 2. **Information Leaks:** Classifies the nature of the information leakage. "Unintended" leaks are incidental byproducts of computation, whereas "Intended" leaks might refer to scenarios where a system is designed to leak information in a controlled manner (e.g., for debugging), which can be exploited. 3. **Exploited Properties:** This is the most detailed branch, categorizing the physical or logical phenomena an attack leverages. * **Logical:** Exploits patterns in software/hardware behavior, specifically "Mem. access patterns" (e.g., cache timing attacks). * **Physical:** Exploits measurable physical emanations. The sub-categories list specific channels: "Timing" (execution time variations), "Sound" (acoustic emissions), "Heat" (thermal output), "Power consumption" (variations in electrical power draw), and "EM" (electromagnetic emissions). 4. **Required Access:** Specifies the level of proximity or access needed to perform the attack. "Local" implies access to the same operating system or virtual machine, "Physical" requires being near the hardware, and "Remote" can be conducted over a network. 5. **Profiling Phase:** Indicates whether the attack requires a preliminary phase to build a model or profile of the target system's behavior. "Non-profiled" attacks work without this step, while "Profiled" attacks depend on it. **Spatial Grounding & Shading:** The legend is implicit through the tree structure and shading. The gray shading is applied to specific leaf nodes across different branches: "Passive," "Unintended," "Physical" (under Exploited properties), "Power consumption," "EM," "Physical" (under Required access), and "Profiled." This visual cue likely highlights a common or canonical subset of side-channel attack characteristics. ### Key Observations * **Comprehensive Taxonomy:** The diagram covers the attack lifecycle from attacker capabilities and required access to the specific physical phenomena exploited and the methodology (profiling). * **Emphasis on Physical Channels:** The "Exploited properties -> Physical" branch is the most granular, listing five distinct measurable channels (Timing, Sound, Heat, Power consumption, EM), indicating the breadth of physical side-channels. * **Shading Pattern:** The shaded items do not form a single coherent path but represent a selection across categories. For example, a common attack profile might be: a **Passive** attacker, exploiting an **Unintended** leak, using a **Physical** property (like **Power consumption** or **EM**), requiring **Physical** access, and employing a **Profiled** methodology. ### Interpretation This diagram serves as a conceptual framework for understanding, categorizing, and potentially defending against side-channel attacks. It moves beyond a simple list of attacks (like "Power Analysis" or "Cache Timing") to deconstruct them into their fundamental components. * **Relationships:** The tree structure shows that a single side-channel attack can be described by a combination of attributes from each primary branch (e.g., a "Passive, Unintended, Timing-based, Remote, Non-profiled" attack). * **Defensive Implications:** By breaking down attacks into these categories, defenders can develop more targeted countermeasures. For instance, mitigations for "Logical" property attacks (like constant-time programming) differ fundamentally from those for "Physical" property attacks (like electromagnetic shielding or power noise injection). * **Notable Insight:** The inclusion of "Intended" information leaks is particularly insightful. It suggests that side-channel vulnerabilities can arise not only from accidental physical emanations but also from deliberate system behaviors that are misused, broadening the scope of what constitutes a side-channel. * **Underlying Principle:** The entire taxonomy underscores the core principle of side-channel attacks: they exploit the *correlation* between a system's secret-dependent internal state and its observable, macroscopic behavior (whether logical or physical), without breaking the primary cryptographic or security mechanism itself.

## Diagram: Side-Channel Attacks Classification ### Overview The diagram illustrates a hierarchical taxonomy of side-channel attacks, categorizing them based on attacker capabilities, exploited properties, required access, and profiling phases. It emphasizes physical and logical attack vectors, with subdivisions into passive/active, unintended/intended, and non-profiled/profiled methodologies. ### Components/Axes 1. **Main Categories**: - Attacker capability - Information leaks - Exploited properties - Required access - Profiling phase 2. **Subcategories**: - **Attacker capability**: Passive, Active - **Information leaks**: Unintended, Intended - **Exploited properties**: Logical, Physical (Timing, Sound, Heat, Power consumption, EM) - **Required access**: Local, Remote - **Profiling phase**: Non-profiled, Profiled 3. **Spatial Structure**: - Root node: "Side-Channel Attacks" (center-top) - Branches radiate downward, with subcategories nested under parent nodes. - Physical properties (e.g., Timing, Power consumption) are grouped under "Exploited properties." - Profiling phase splits into Non-profiled (left) and Profiled (right). ### Detailed Analysis - **Attacker capability**: - Passive: Observes without interaction (e.g., eavesdropping). - Active: Engages with the system (e.g., injecting probes). - **Information leaks**: - Unintended: Accidental data exposure (e.g., cache timing attacks). - Intended: Deliberate data leakage (e.g., fault injection). - **Exploited properties**: - Logical: Exploits computational logic (e.g., power analysis of cryptographic operations). - Physical: Uses measurable physical phenomena: - Timing: Delays in operations (e.g., cache access times). - Sound: Acoustic emissions from hardware. - Heat: Thermal imaging of device activity. - Power consumption: Voltage fluctuations during computation. - EM: Electromagnetic radiation analysis. - **Required access**: - Local: Physical proximity to the target (e.g., USB port access). - Remote: Network-based access (e.g., Wi-Fi side-channel attacks). - **Profiling phase**: - Non-profiled: Generic attacks without prior knowledge of the target. - Profiled: Tailored attacks using specific target data (e.g., user-specific encryption keys). ### Key Observations 1. **Hierarchical Relationships**: - Physical properties are a major subset of exploited properties, indicating their prominence in side-channel attacks. - Profiling phase bifurcates the attack strategy into generic vs. targeted approaches. - Required access (Local/Remote) determines the attacker's proximity to the target. 2. **Notable Patterns**: - Physical attacks dominate the taxonomy, with five distinct subcategories (Timing, Sound, Heat, Power, EM). - Passive and Active attacker capabilities are mutually exclusive but both critical to understanding attack feasibility. 3. **Anomalies**: - "Intended information leaks" may overlap with "Exploited properties," suggesting deliberate design flaws as attack vectors. - "Non-profiled" attacks lack specificity, contrasting with "Profiled" attacks that require prior intelligence. ### Interpretation This diagram underscores the multifaceted nature of side-channel attacks, emphasizing their reliance on physical and logical properties rather than direct system vulnerabilities. The classification highlights: - **Attacker Strategy**: Passive methods (e.g., eavesdropping) vs. Active methods (e.g., injecting faults) depend on the attacker's resources and access. - **Target Characteristics**: Local attacks require physical proximity, while Remote attacks exploit network vulnerabilities. - **Attack Specificity**: Profiled attacks (e.g., using user-specific data) are more targeted but require prior intelligence, whereas Non-profiled attacks are broader but less effective. The taxonomy reflects the evolution of side-channel attacks from theoretical exploits (e.g., timing analysis) to practical, real-world threats (e.g., EM-based cryptanalysis). The emphasis on Physical properties suggests that hardware-level vulnerabilities remain a critical focus for mitigation strategies.