Application-Specific Power Side-Channel Attacks and Countermeasures: A Survey
Sahan Sanjaya, Aruna Jayasena, Prabhat Mishra
TL;DR
This survey tackles the broad threat of power side-channel (PSC) attacks beyond traditional cryptographic targets by introducing a six-axis taxonomy that jointly categorizes attacks by target application, platform, probing interface, power model, analysis method, and countermeasure granularity. It synthesizes PSC techniques across cryptographic implementations, user behavior leakage, instruction disassembly, and machine-learning model extraction, highlighting a shift from classical, hardware-probing attacks to software and remote avenues enabled by interfaces like RAPL and NVML. The work details both non-profiled and profiled analysis methods, including SPA, DPA, CPA, TVLA, template attacks, and ML-based approaches, and it surveys a wide range of countermeasures at algorithmic, logic, and circuit levels, as well as detection techniques. Key findings show that while Hamming weight and Hamming distance remain foundational models, custom, architecture-aware models are increasingly used to capture modern leakage, and profiled ML-based attacks achieve high success under desynchronization and noise. The paper concludes with actionable guidance on standardizing leakage assessment, enabling pre-/post-silicon validation, and developing adaptive, cross-platform defenses to curb PSC threats in cryptography, user privacy, and ML accelerators, including considerations for PQC and future quantum-era devices.
Abstract
Side-channel attacks try to extract secret information from a system by analyzing different side-channel signatures, such as power consumption, electromagnetic emanation, thermal dissipation, acoustics, time, etc. Power-based side-channel attack is one of the most prominent side-channel attacks in cybersecurity, which rely on data-dependent power variations in a system to extract sensitive information. While there are related surveys, they primarily focus on power side-channel attacks on cryptographic implementations. In recent years, power-side channel attacks have been explored in diverse application domains, including key extraction from cryptographic implementations, reverse engineering of machine learning models, user behavior data exploitation, and instruction-level disassembly. In this paper, we provide a comprehensive survey of power side-channel attacks and their countermeasures in different application domains. Specifically, this survey aims to classify recent power side-channel attacks and provide a comprehensive comparison based on application-specific considerations.
