Next Article in Journal
Wandering Drunkards Walk after Fibonacci Rabbits: How the Presence of Shared Market Opinions Modifies the Outcome of Uncertainty
Previous Article in Journal
Dynamic Injection and Permutation Coding for Enhanced Data Transmission
Previous Article in Special Issue
Template Attack of LWE/LWR-Based Schemes with Cyclic Message Rotation
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Entropy
Volume 26
Issue 8
10.3390/e26080684
entropy-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Domain-Agnostic Representation of Side-Channels

by
Aaron Spence
* and
Shaun Bangay
School of Information Technology, Deakin University, Geelong 3216, Australia
*
Author to whom correspondence should be addressed.
Entropy 2024, 26(8), 684; https://doi.org/10.3390/e26080684
Submission received: 30 June 2024 / Revised: 27 July 2024 / Accepted: 8 August 2024 / Published: 13 August 2024
(This article belongs to the Special Issue An Information-Theoretic Approach to Side-Channel Analysis)
Browse Figures
Versions Notes

Abstract

:
Side channels are unintended pathways within target systems that leak internal target information. Side-channel sensing (SCS) is the process of exploiting side channels to extract embedded target information. SCS is well established within the cybersecurity (CYB) domain, and has recently been proposed for medical diagnostics and monitoring (MDM). Remaining unrecognised is its applicability to human–computer interaction (HCI), among other domains (Misc). This article analyses literature demonstrating SCS examples across the MDM, HCI, Misc, and CYB domains. Despite their diversity, established fields of advanced sensing and signal processing underlie each example, enabling the unification of these currently otherwise isolated domains. Identified themes are collating under a proposed domain-agnostic SCS framework. This SCS framework enables a formalised and systematic approach to studying, detecting, and exploiting of side channels both within and between domains. Opportunities exist for modelling SCS as data structures, allowing for computation irrespective of domain. Future methodologies can take such data structures to enable cross- and intra-domain transferability of extraction techniques, perform side-channel leakage detection, and discover new side channels within target systems.

1. Introduction

Systems of all kinds generate a cacophony of observable auxiliary signals as a byproduct of their normal operation. CPUs consume electricity, WiFi signals reflect off surrounding objects, and heartbeats cause vibrations. Such signals are often disregarded as noise; however, extractable and valuable information is embedded within these noisy signals [1,2]. Such an indirect and often unexpected pathway to target information contained within or generated by a target system is known as a side channel. We define the process of exploiting side-channels as side-channel sensing (SCS): the utilisation of available sensor data in a non-trivial way to acquire previously unknown, hidden or unused target information from target systems.
Traditionally established within the cybersecurity (CYB) domain and its respective cyber–physical systems [1,3,4,5], emerging works demonstrate the existence and applicability of SCS in other domains. This includes the human body for medical diagnostics and monitoring (MDM) [1,6] and pairing of humans with cyber–physical systems for human–computer interactions (HCI) [2,7]. An additional domain category, termed miscellaneous (Misc), represents examples of side channels within civil, environmental, and other systems that lack the critical mass for grouping under one domain [2]. As with their CYB target system counterparts, side channels provide indirect and non-obvious access to internal target information.
The identified HCI and Misc domains apply SCS, albeit implicitly, without formal methodologies and with solutions presented in isolation. Conversely, the CYB domain explicitly recognises side channels with formal methodologies. However, their developments are entirely siloed from the other domains, designed solely for their respective cyber–physical target systems (e.g., electronic-based computational systems) and bespoke designs (e.g., using x86 instruction sets [8]) [1,2]. Recent works have formalised SCS within MDM and demonstrated how MDM and CYB can be unified [1]; however, HCI and Misc are omitted. Thus, a systematic SCS framework that is domain-agnostic is needed. This would enable a more formalised and systematic approach to studying side channels, detecting their presence and exploiting them both within and between domains.
Furthermore, such an SCS framework would allow for the development of data structures that capture real-world examples of SCS, irrespective of domain. Such data structures could be utilised computationally to model side-channel leakage or discover new instances [9,10]. Such discoveries have ramifications for target systems, such as revealing security breaches and data leaks [9,11]. or developing novel sensing solutions for acquiring target information such as a person’s heart rate [1]. We further hypothesise that a unified representation would promote the transferability of SCS extraction techniques and approaches both between and within domains. For example, Lange et al. [6] demonstrated the explicit migration of SCS extraction techniques. They utilised techniques derived from CYB against electronic-based computational target systems (e.g., PCs) to infer a person’s PIN via their electroencephalogram (EEG), a MDM solution against a biological target system (e.g., a person’s mind).
This article presents a theorised solution to the identified gap in literature, namely, that SCS is applicable to multiple but isolated domains. The objectives of this article are as follows:
  • To collate and systematically review the literature demonstrating SCS across the MDM, HCI, Misc, and CYB categories in order to derive their shared fundamental principles.
  • To capture each domain’s approach to SCS under a standardised set of terms that encompass all components of the SCS process, from side-channel leakage to target information acquisition, via extraction techniques. Such defined terms must be applicable for adequately describing SCS across all domains, i.e., be domain-agnostic.
The contributions of this article are:
  • To formally establish that utilisation of SCS exists within HCI and Misc domains, albeit implicitly.
  • Establishment of a domain-agnostic SCS framework that provides unified definitions of the SCS process and demonstrate its applicability to the MDM, HCI, Misc, and CYB domains.
  • Discussion of enabled opportunities: the cross- and intra-domain transferability of SCS extraction techniques, and avenues for SCS data structure representation for side-channel leakage detection and side-channel discovery methodologies.
This review begins with a standardised set of terms, each describing a component of the SCS process applicable to all domains. Literature demonstrating SCS across identified domains is collated and analysed in respect to each SCS component (Section 2). Shared fundamental themes between the domains are extracted, resulting in a defined domain-agnostic SCS framework that sufficient describes the entire SCS process and corresponds with real-world observations. The review concludes with discussion of opportunities arising from the establishment of a domain-agnostic SCS framework, including avenues for future work (Section 3). The content of this review is based on the corresponding author’s PhD thesis [12].

2. SCS Across Domains

The SCS process involves the quantification by sensors of signals traversing unexpected indirect pathways (i.e., side channels) within target systems. Captured signals are analyzed via extraction techniques to acquire embedded target information (Figure 1) [1]. For instance, a HCI solution capturing hand gestures visually via a camera is too direct and ‘obvious’, whereas capture via acoustics [13] is less obvious and non-trivial (i.e., a side channel). A SCS framework applicable to and encompassing target systems from any domain does not currently exist. The HCI and Misc domains apply SCS, albeit implicitly, without formal methodologies and with each solution presented in isolation; conversely, the CYB domain explicitly recognises side-channels with formal methodologies. However, their developments are entirely siloed from each other [1,2]. Recent works formalised SCS within MDM and consolidated it with CYB [1]. This section analyses literature demonstrating the definition of SCS across these domains while isolating the target systems involved along with the utilised techniques and mindsets.
Searching for relevant keywords (i.e., side channels, side-channel attacks, covert channels) is ineffective for MDM, HCI, and Misc because the term is not recognised in the respective literature [2]. Instead, articles were seeded from related terms (i.e., sensing, sensors, diagnostics, human–computer interaction, smartphones, wearables, gold standard). Additional papers were identified through online articles reporting on unexpected or non-trivial sensing opportunities. Analysis involved identifying shared principles around how SCS is implemented within each domain. Of interest was how signals traverse, their properties (e.g., some signals may propagate over distance), how they are sensed, and how they can be capitalised on to achieve SCS. Questions arise such as what sensing devices are used and why, and whether solutions are passive or invasive. A synthesis of the literature reveals themes within the respective domains and contributes towards defining SCS in a domain-agnostic way. Despite their diversity, we expect that they share underlying themes in their SCS processes. The result is a SCS framework unifying the extracted themes, providing definition and formalisation to the field of SCS in a way that is applicable to all domains.

2.1. SCS Framework

Current SCS-related literature either lacks consistent terminology and definitions or uses a disparate collection constrained to a specific domain and context [1]. We begin by synthesising a set of standardised terms which (i) encompasses all components of the SCS process, and (ii) is applicable to SCS across all domains. Table 1 illustrates the classification of terms used in this review. Together, these terms describe the entire multi-stage SCS process (Figure 1). We derive the commonalities and differences between domains in respect of their employment of SCS under these unifying terms.

2.1.1. Target Information

Target information is the desired information, as distinguished from other information or noise present within the target system. It exists embedded within signals contained/generated within a target system that leak to sites accessible by a sensor.
CYB 
focuses on target information within electronic-based computational devices. These may be secured cryptographically [15,16,17,18,19], but can also include personal information that is leaked unintentionally, such as media viewing [20], web-browsing habits [21,22,23], and information communicated or generated by devices such as printers [24,25,26]. In rare cases, non-electronic target information is included within the CYB-related literature, such as PIN codes stored in a person’s brain being extracted through analysis of EEG readings [6,7].
MDM 
quantifies physiological or physical parameters within the human body (MDM’s target system). Examples include heart rate [27,28,29,30,31], breathing rate [27,32], chemical concentrations (e.g., oxygen) within the bloodstream [33,34], and tremors [35,36]. Conditions with associated physiological manifestations (including psychological conditions with physiological biomarkers, such as cognitive load via pupillary response [37]) also have the potential to be accessible via side channels.
HCI 
infers the state or intention of humans (i.e., the user) expressed through physiological parameters. This includes gestures initiated by the eyes [38], jaw [39,40,41], tongue [39], hands [13,42], and fingers [43,44]. Such gestures (e.g., moving the eyes from left to right [38] or scratching a surface in an ‘X’ formation [42]) are sensed (e.g., by a smartphone) and the user’s intention is inferred. Unlike other domains, information is part of a feedback loop in which the response from the device loops back to the human, who can then adapt their actions to manipulate the sensing process. For example, touching the flashlight to reduce the light level detected by the camera to infer pressure [43].
Misc 
is diverse in its target information; it is no longer just a read-only quantity, but can be injected for communication [45], control [46] or to support other forms of sensing [47,48]. The diversity of application areas allows for categorisation of classes of target information:
  • Mundane but Convenient: While potholes [49] are easy to identify, augmenting an existing process, in this case taxis, provides data for minimal extra investment. Direct cross-technology communication [50] saves on deploying additional networking nodes.
  • Unexpected: Target information is well hidden and not previously used, such as geolocation from light flicker [51], screen content through audio leaked in a phone call [52], audio recovered from video [53], or human presence through WiFi signal strength [54,55,56].
  • Abstract: Target information that is not normally directly acquired by sensors but can be inferred from one or more channels, such as driver aggression [57] or software identification [58].
  • Target information can be digital information (CYB), a signal associated with some physical process (MDM), an abstraction such as the representation of a state (CYB, Misc), or an intention to perform a particular action (HCI). Opportunities exist to extract target information in any of these forms. In certain scenarios, partial recovery of target information may still provide value, perhaps by revealing insight into a particular execution path (CYB) or enabling a diagnosis (MDM).

2.1.2. Target Systems

A target system is a bounded physical system that contains or generates target information. Understanding its internal operations can reveal the existence of target information as well as the structure of the side channel and its properties.
CYB 
typically ‘attacks’ physical and electronics-based systems such as smart cards [19,59], FPGAs, microcontrollers, embedded devices, PCs [16,17,60], medical devices [61], smartphones [4,14,62], printers (traditional and 3D) [24,25], TVs [20], displays [6,7], and keyboards [63]. Exploitation of specific sensors rather an entire system can also be a side-channel source through signal transformations and injection of signals/values into the signal measured by the sensor [5]. These devices share fundamental exploitable properties such as power consumption, clock rates, acoustic noise generation, and electromagnetic radiation. Consequently, all systems that share a demonstrated exploitable property are vulnerable to SCS [2].
MDM 
focuses on the human body: an inherently complex and interconnected system. Consequently, it is a rich source of side channels, and can be viewed as an amalgamation of components (or subsystems) in a number of ways. For example, it can be segmented based on the location of components such as the back, thorax, and abdomen [64]. Each in turn is comprised of subcomponents such as the musculoskeletal components of the back (vertebrae, scapula, vertebral column, and pelvic bone) [64]. An alternative view is of its major systems (e.g., the nervous system) [65]. Spatial coherence supports tracking of the physical paths followed by target information through neighbouring components. A condition’s cause inhabiting one component may manifest entirely elsewhere, creating opportunities for information leakage [1]. The human body’s interconnectivity is a fundamental principle that should be considered when approaching SCS for MDM.
HCI 
interconnects two distinct target systems, namely, biological systems (e.g., a human’s intentions and intended movements) and electronics-based systems. HCI solutions use the electronic systems to ‘sense’ an appropriate side-channel signal identified within the biological system. The signal is input to a computer which contains an actuation element, such as a display, which feeds a response of the sensed signal back to the human. Unlike MDM, where the human is a passive generator of signals, in HCI signals are actively generated through intentional gestures [13].
Misc 
may exhibit a selection bias in which it is likely to identify more extreme system structures. Examples range from using generic smartphone sensors to categorise driver behaviour [57], exploiting the existing complexity of a taxi network [49], and more complex interactions. Insights into the system configuration, such as wall position and router placement [56], are parameters used to support signal processing. Compared to previous domains, these target systems place less emphasis on the physical co-location of system components. Existing active elements in the target system are exploited by measuring changes in reflected signals, for instance to detect movement [54,55] or by using potholes to induce pain levels [66]. New elements are added to trigger a side-channel response [48]. Examples in the Misc category demonstrate greater diversity in terms of the system components exploited or added compared to those of the other domains. As illustrated by the potato chip bag microphone in [53], any system component (specifically in addition to electronics or local active elements) can be a relevant part of the target system. The boundary of target systems is also less well defined ( versus, e.g., a smartphone), covering large areas such as a country’s electrical grid [51], or a road network [49].
  • A target system consists of its components and their interconnections. System structures associated with side channels have long paths (sequences of components) which increase leakage opportunities [1,9,10]. The interconnections between components allow information to be mixed and distributed to different destinations. Information can be retrieved by manipulating components to inject signals, trigger actions, or generate signals that provide insight into internal operations, such as reflected signals from a WiFi router [56].
CYB components are well documented but tend to actively resist attempts to extricate target information. In contrast, the biological components in MDM applications are modelled empirically. Design documentation is not provided, with often complex interactions between components. MDM systems also support multiple valid classifications for components based on various structural or logical decompositions. As a result, MDM solutions have not been approached from a system viewpoint but rather by replicating gold standard output [1,33,67]. HCI scenarios involve a fusion of both engineered and biological elements, with the addition of feedback loops [68]. The exception cases represented in Misc often involve target systems distributed over (sometimes significant) geographical areas [49,51,57].

2.1.3. Side Channels

Side channels are the pathways that a leaked signal traverses while containing embedded target information. They allow target information to be obtained indirectly or via novel means through signal transformations or modifications (see ‘Side-Channel Properties’ in Section 2.1.4). Target information is often ‘leaked’ from its source components to adjacent components within the target system (perhaps as heat, sound, etc.), often unintentionally or without being noticed. It is presumed that the target information cannot be directly sensed, either because it is actively concealed, inaccessible, expensive, or non-ideal. A side-channel allows these constraints to be bypassed.
CYB 
capitalises on a property of side channels whereby the signal embedded within is transformed and modified during traversal. For example, target information originating from a website could be sent as internet traffic, stored in a text file, and then printed to paper. Target information manifests physically as audio produced by dot-matrix printers [24], vibrations within 3D printers [25], or from observing the magnetic field of a laser printer [26]. Side channels do need to ultimately derive from target information. For example, when exploiting electromagnetic radiation for EDCH encryption algorithm key extraction [16], the side channel results from the mutual information between the internal processing of the EDCH decryption and the electromagnetic radiation emitted by the device. Multiple side channels can be viable for a single target system (e.g., PCs [15,69,70,71]); these may be exploited either individually or concurrently (e.g., sensor fusion) [25].
MDM 
exploits biomarkers, which are quantifiable signals indicative of normal biological processes [72]. Biomarkers may exist internally or externally; thus, their observability varies. When internal, direct measurement with ubiquitous, cheap, and available sensors becomes non-trivial, with reliance on channels where the target information travels to a sensing site being more accessible. For example, dehydration has an externally available biomarker in the level of pH in sweat [73,74], which is quantifiable via colorimetric strips and can be analysed through a smartphone camera [75]. Established gold standard diagnostic devices rely on proven biomarkers. SCS offers the potential to exploit them in new ways or even discover new ones.
HCI 
exploits the way in which information ‘leaks’ along side channels, with SCS solutions existing for the human and/or computer components:
  • Computer channels: Because channels are not deliberately protected (e.g., encrypted), HCI deals with primary channels used in an expected or non-trivial way or via existing or introduced side-channels (for example, sensing pressure through the interaction between accelerometer and vibration generated by the motor built into a smartphone) [44].
  • Human channels: Channels exploited in HCI are those that carry information to more accessible or convenient external locations, such as using electrodes placed within the earlobe to detect eye movement [38].
  • Feedback loops: Both humans and computers can deliberately generate and respond to signals produced by the other component [68,76].
Misc 
involves long pathways from the target information to the sensor [51], and includes signal transformations such as video to sound [53] and separation of mixtures of signals [77]. Missing scenarios include those where the side channel is predominantly virtual (information), as physical interactions are favoured. As such, a side channel exists as one of a number of signals mixed into physical signals, such as light flicker in a video [51]. Otherwise, the side channel may be fragmented across multiple signals, requiring sensors for all signal types (such as acceleration and rotation to recover driving behaviour [57], or multiple sensor elements using the same signal to enhance recovery in a rolling shutter with individual image elements to recover a high frequency signal) [53].
  • Side channels exist in target systems from any domain, respresenting a key insight expressed and explored in this research. Side channels result from entanglement operations within the target system. They allow one signal to be detected by sensing it when mixed in with another. Correlation is one approach used by all domains for identifying side-channel candidates, and is usable even when the causal relationship is not well understood [1]. CYB treats side channels as containing hidden information that needs to be recovered through cunning (i.e., outmanoeuvring defences or obstacles) [69,70]. In contrast, MDM exploits surprising pathways with embedded target information. HCI side channels are not deliberately hidden, but exist due to difficulties in directly sensing the target information. Feedback is one way of achieving the tuning of system parameters and sensor placement required to achieve SCS [68,76]. While electronic and physical/biological channels represent information differently, analogous operations are possible in both. In certain cases, access to one side channel improves opportunities to extract another related channel.

2.1.4. Side-Channel Properties

The following side-channel properties that denote the shared characteristics of all side-channels emerge irrespective of target system and domain [2]:
  • Determinism: There is a reproducible, reliable correlation between internal operations and any quantified signals.
  • Multi-Stage Pathways: A signal often traverses multiple stages along its pathway from internal interconnected components to its sensing site. This makes discovery of all paths non-trivial.
  • Understanding of side channels via their properties provides insights into how to extract their target information, and even into how to discover them. The key is determinism. A reliable correlation between the internal source and quantified output signals indicates a candidate side channel. This is the case irrespective of whether the mechanism enabling it is understood. Furthermore, all side channels are indirect by definition; therefore, the multi-stage pathway property is present in all candidate side-channels. The following additional side-channel properties reflect how signals are subject to a myriad of modifications during traversal of a side channel:
  • Signal Transformations: Signals are transformative between states. In MDM for example, excessive bilirubin buildup in the bloodstream (a by-product of recycling red blood cells) manifests as a yellowish discolouration of the skin and sclera if subject to jaundice [67]. Transformations may be invoked via interference (perhaps intentionally by an observer), signal reflection/refraction, or due to obstructions. Additionally, they may occur both within and beyond the target system’s boundary. Signal transformations are capitalised on by all domains, either via custom sensors or, as is common in MDM and HCI, using existing sensors on a constrained platform (e.g., a smartphone).
  • Modulation Proportion: How prominent the target information is within a side channel is determined by its proportion in relation to the signal in which it is embedded. A low proportion when mixed with other signals may make the target information difficult to detect.
  • Signal Mixing: Target systems internally consist of interwoven channels in which their signals mix and collide. Target information that is not directly accessible may instead be detected when mixed with another signal. Alternatively, a signal external and alien to the side channel (or even the target system itself) could be injected and mixed into the side channel.
  • Multivariate: A single target information source can have multiple associated side channels, increasing the number of available attack vectors.
  • Such properties provide insight into the side-channel signal’s structure and embedded target information. The multi-stage nature of side-channels means that side channels emanate and traverse from their source in a myriad of ways, during which time side-channels are mixed, transformed, and vary in modulation (Figure 2). Consequently, multiple side channels may be plausible for the same target information. MDM is an example, with the human body’s interconnected nature promoting an array of side channels. For example, a single instance of target information such as the heart rate is accessible by traditional gold standards (ECG, stethoscope) as well as by “less obvious” side channels: within the ear canal [78], via chest and head movement [79,80,81,82], photoplethysmography by a camera view of the ear canal [83] or face [30,31,74], or monitoring of chest oscillations via WiFi (e.g., electromagnetic radiation) [32].
Identifying which properties are present and to what extent can dictate how a signal is quantified. For instance, signal transformations allows sensors to capture target information that is outside the intended sensing capability, for example, using a microphone to sense pressure variations within the lungs [33] or using speakers to operate as a microphone [71]. Transformations may enable unexpected and novel SCS solutions that were not previously possible or that improve on existing solutions. The presence of multivariance indicates that a single target information may have multiple viable sensing sites, with some being more viable and others potentially impossible.

2.1.5. Information Parameters

‘Information’ is a core theme throughout SCS solutions, and is prominent across the entire SCS process. From an information theory perspective, Shannon [84] formalised the representation and quantifying of information in respect of its communication over a channel to a receiver. Similarly, SCS involves the communication of target information in the form of a signal over a channel in order to be received by a sensor and deconstructed. The view that information is quantifiable and communicated is adopted in CYB with the side-channel vulnerability factor (SVF), a method to quantify the amount of information that is present or leaked via side channels [85]. Such a method is valuable for assessing a target system’s level of exposure to unauthorised access. The different domains demonstrate that it is need not necessary to quantify the amount of target information being communicated in order to achieve SCS; instead, greater reliance is placed on the side-channel property of determinism (Section 2.1.4).
The SCS examples define target information and signals in the physical sense, e.g., electromagnetic radiation. Each comes bundled with associated properties that describes that signal. For example, the associated properties of electromagnetic radiation include frequency, propagation, and refraction. Viewed together, the domains exhibit trends that go beyond physical modalities, for instance, solutions utilising remote sensing (tablet screen replication through leaked electromagnetic radiation [86] (CYB), lung health classification via sound [33] (MDM), gesture recognition via sound through a surface [42] (HCI), remote sensing of human movement via WiFi (i.e., electromagnetic radiation) [56] (Misc)). These examples, varying by domain and target system, are connected not by the utilised physical modalities (i.e., electromagnetic radiation and sound) but by the shared properties of these modalities. Fundamental to this is information that propagates over distance and/or through materials with measurable frequencies. Such descriptions enable side channels to be understood in terms of their information parameters. This provides an abstracted view of side channels and a foundational step towards unifying SCS across domains. SCS examples that appear disconnected may actually share common information parameters in their sensed signals and/or utilised SCS extraction techniques.

2.1.6. Sensors

Sensors quantify the information parameters of the signal at a specific location along the side-channel.
CYB 
selects sensors most appropriate for the signal in question (e.g., copper coils for electromagnetic radiation [87]). Measurement considers the reduction of extraneous information sources, the placement of sensors, and concurrent internal processes within a target system [14]. CYB recognises that noise is potentially the source of side channels. Trial and error is common for refining measurements, such as finding the optimal location to sense electromagnetic radiation from a PC [16].
MDM 
utilises sensors along a spectrum as per its context specific suitability, as described by Spence and Bangay [1]:
  • Stand-alone sensors: Large variety, small size, ubiquitous, and easily embedded into devices [88].
  • Wearables: Ubiquitous, real-time continuous monitoring, with direct or near-body contact. Customisable via additional sensors [89] and attachments [90,91].
  • Smartphones: Ubiquitous, real-time continuous monitoring, in proximity to the body, built-in processing capabilities [27]. Ability to customise or enhance sensing capabilities with attachments [92,93].
  • Wearables/smartphones with remote server: Increased processing capabilities for analysis, opportunities for data aggregation from multiple sources [89,90].
HCI 
adopts a large array of signal types. This is due to HCI’s affinity for prototyping and its focus on two distinct target systems, one electronic-based and the other biological-based. Emphasis is placed on consideration of the information parameters of the quantified signals and how they can be best exploited. Acoustics propagate along or through materials [42] and over distance through empty space [13], both of which enable detection of user input and movements at distance. Sensors can be placed at varied and multiple locations and quantify signals locally or remotely depending on the information parameters being exploited.
Misc 
tends to deal with signals originating from physical processes. This can be exploited by deliberately triggering a signal change [45,48]. Sensors range from those already available in a standard smartphone [57] to customised rigs that adapt samples for better sensing (e.g., by staining samples to highlight allergens [94]) or actively injecting signals to trigger side channels [48]. Human detection using WiFi progresses from using customised hardware to using existing installations only [54,55,56].
  • Sensing in CYB and HCI is achieved with custom sensors deliberately chosen as per the information parameters in focus. Smartphones are commonly used in MDM and HCI because they are ubiquitous and portable with an array of embedded sensors. These factors allow for extended data collection, replacing brief access to high quality but expensive devices. Interesting sensors result from repurposing existing sensors, such as a lensless microscope produced by projecting holographic interference patterns onto a smartphone camera [95]. Examples exist where the same sensor (particularly on smartphones) is used for diverse purposes. In this way, SCS solutions can achieve the same outcome using very different pathways, for instance, through alternative versions of the same gold standard in MDM [1] or the CYB examples that identify screen content through power consumption, audio signals, or electromagnetic radiation. Use of various standalone sensors often indicates research that is in the prototyping stages, representing an effective strategy when approaching the non-obvious nature of side channels. Notably, sensor placement is as crucial as which sensor is used and how [96,97].
Sensing is enhanced by active sensing, which refers to injecting information to augment or cancel particular signals. This is most apparent for MDM when manipulating biometric samples, such as by staining blood samples [98]. HCI sensing tends to be active. The sensor’s output is fed back to the human participant, enabling them to adapt their response, thereby creating a feedback loop. The efficiency of sensing is tuned by manipulating sensor placement or by controlling parameters such as filter bands when processing the data. In Misc, sensor clusters such as collections of individual sensor elements in a camera are used collectively to compensate for the limited spatial and temporal resolution of any individual element.

2.1.7. Methods and Extraction Techniques

Two related but distinct methodologies are employed to acquire target information. First, SCS methods detail how signals suspected of housing target information (i.e., side channels) are sensed. Second, SCS extraction techniques extract embedded target information from sensed signals [2]. Spence and Bangay [2] state that despite target system variance across domains (e.g., cyber–physical, biological, civil infrastructure), SCS methods can be abstracted so as to be applicable to all. They are classified as followed:
  • Invasive vs. Non-Invasive: The target system is physically modified to provide (better) access to specific signals, or only originally accessible signals are sensed.
  • Active vs. Passive: Control over the target system’s operations are exploited, perhaps by repeated execution of internal operations to trigger specific signals, or used to aid in the study of how internal operations work, such as the injection of particular input to measure the output signals and their behaviour.
  • Remote vs. Local: The side channel’s information parameters (Section 2.1.5) define whether sensing can (and should) occur at a distance. Local measurements provide clearer signals, although this may not be possible depending on the level of access to the target system or the measurement intention (e.g., covert sensing).
  • Profiled vs. Non-Profiled: With unimpeded access to the target system, a large number of measurements are collected to build a model of the determinism between its internal operations and sensed signals. Future measurements of this target system are analysed in the context of this profile.
  • Utilising existing third-party data: Third-party collected data may already inadvertently house embedded target information.
  • Multivariate: Sensor fusion techniques involve the collation of data from multiple sensed side channels output from the same target system.
  • Signal Injection: Bespoke signals are injected into the target system to invoke observable or specific output signals. This also includes the intention to invoke faults (i.e., behaviour different to its original design) in order to create measurable outputs to learn more of the internal operations.
  • Software-based approaches to expand hardware: Target systems that are not modifiable physically (per an invasive method) may limit available output signals. However, an array of sensors may already exist within the target system itself (e.g., a smartphone), and a multivariate approach can collate them to provide access to target information.
  • Repurposing Sensor: Sensors used as actuators can often ‘sense’ target information beyond their original design intention, for example, the ability to recreate audio from visual recordings via a camera [53].
  • Similarly, Spence and Bangay [2] collated SCS extraction techniques abstracted so as to be applicable across domains:
  • Power analysis attacks: Exploitation of deterministic correlations between internal operations and the output quantified signal, for example, a computational device’s power consumption or emitted electromagnetic radiation. Sufficient resolution in the quantified signal can reveal executed operations, including the execution sequence, from which target information can be inferred or reconstructed.
  • Information-theoretical analysis: Treats signals as noisy, with target information muddled within. Encompasses signal processing techniques from information theory (e.g., Shannon’s entropy, Hamming weights), cryptanalysis, statistical analysis (e.g., maximum likelihood [99,100], correlation, or simple regressions), and transformations (e.g., FFTs).
  • Machine learning: When large sensing datasets from side channels can be create or acquired, machine learning offers automated feature extraction stages for identifying how target information can be extracted.
  • The crux of our SCS research is that noise in a signal may actually contain meaningful content (i.e., target information), thereby qualifying as a candidate side channel. The lack of a unified SCS framework results in solutions using ad hoc sequences of features, filters, and other individually tuned signal processing stages. Adoption of mindsets from varying domains represents an opportunity to reveal novel SCS extraction techniques; for example, one may ‘attack’ the human body for MDM purposes similarly to how cyber–physical systems are exploited within CYB [1].
SCS method pairings with applicable SCS extraction techniques are dependent on the defined constraints and intentions. CYB often has unrestricted access to its target systems; therefore, they are free to modify them with signal injections and active SCS methods or perform lengthy and repeated measurements to develop a profile. If covert sensing is an objective, non-invasive and remote methods are preferred. MDM and HCI are much more constrained. Invasive methods are unlikely to be ideal when performed on the human body, nor is there usually the option of performing enough measurements to build a profile of an individual. Active methods may be possible, such as requiring the patient/user to perform specific actions or movements in order to invoke desired signals (e.g., increasing the heart rate by running). HCI solutions are also more tolerant of errors; with the human as an active participant in a feedback loop, they are open to experimentation with repurposing sensors or substituting software-based approaches.
For all domains, information parameters (Section 2.1.5) are a driving factor, either limiting or enabling the applicable SCS methods and extraction techniques.

Reliance on Information Parameters

As defined, the ‘information’ represented by target information and side-channel signals is described in respect of its information parameters (Section 2.1.5). To operate, SCS extraction techniques take as input the required information parameters. These are then manipulated to extract the embedded target information. Adib and Katabi [56] used WiFi (electromagnetic radiation) from routers to track the movement of humans, even through walls, by employing signal processing and source separation extraction techniques. These techniques capitalised on the associated information parameters, frequency and duration, that WiFi propagates and reflects. Their extraction techniques are not only applicable to WiFi signals but to any side-channel signal from any domain or target system that shares the same information parameters.

2.1.8. Summary

This analysis provides insight into how SCS is applied across domains. CYB is concerned with target information within electronic devices. Typical target information includes encryption keys [3], personal information such as media viewing [20] and web browsing habits [21,22,23], and eavesdropping, such as remote viewing of tablet screens [86]. MDM quantifies physical or physiological parameters within the human body (MDM’s target system) for the purpose of a diagnosis or monitoring of a medical condition. Except for psychological conditions (i.e., arising from or within the mind), all target information exists physically, where it may not be possible to measure directly without disturbing or invading the system [1]. HCI involves perception of the state or intention of the human. Such target information is expressed through physiological parameters such as gestures initiated by the eyes [38], jaw [39,40,41], tongue [39], hands [13,42], and fingers [43,44]. Unlike other domains, information does not just travel from human to computer. Instead, it is part of a feedback loop between computer and human, allowing both to adapt their actions in order to manipulate the sensing process. In such scenarios, the target system (the human) is an active participant in the SCS solution. Lastly, Misc demonstrates that SCS is relevant across more than the three primary domains, indicating that systems from any domain are susceptible to side channels and may be exploitable via new solutions.
Despite this diversity, established fields of advanced sensing and signal processing underlie each example, enabling a unified view of otherwise isolated domains (Figure 3). Each term corresponds to an SCS component. Combined, they produce a SCS framework, providing an abstract and domain-agnostic unified definition of SCS irrespective of the specific environment and application. This enables side channels from any target system or domain to be understood abstractly and uniformly (Figure 4). By sufficiently describing the entire SCS process, the SCS framework components correspond with real-world observations. That is, target information embedded within a signal flowing from a target system (often unintentionally) along a side channel characterised by specific information parameters that capture its state and behaviour. These can then be exploited via an extraction technique to acquire the embedded target information.

3. Analysis and Discussion

The SCS framework is a theorised solution for unifying SCS demonstrated within multiple isolated domains. It establishes a unified, abstracted, and domain-agnostic definition of SCS across four domains. With this view, it is possible to derive the fundamentals of the SCS process and apply it to any scenario. Implementation of SCS is dependent on its environment, which is describable by the SCS framework. We recognise that all side channels exhibit a set of properties (Section 2.1.4). Together, these shape the identification and understanding of side channels. Within a target system, target information may be physically contained within or manifest from internal operations. Resulting signals that produce a deterministic correlation are prime candidates to be side channels. Traversing side-channel signals follow a multi-stage pathway during which they are likely to be modified or transformed due to side-channel properties involving signal transformations, modulation proportions, signal mixing, and multivariance. The signals will likely vary in the number of ’stages’ or modifications encountered in relation to their starting state. In theory, longer side-channel pathways have a higher chance of intertwining with other channels, which may introduce additional noise or enable novel sensing opportunities. Ultimately, side-channels are mutable, whether by their own volition or by external deliberate forces. For instance, certain SCS examples are only possible due to signal injections (e.g., flashlight, WiFi signal) to invoke the required signal-mixing side-channel property (Section 2.1.4).
A signal’s traversal ends once it is quantified by a sensor, either external or internal to the target system. The sensing site is dictated by (i) the information parameters involved, (ii) whether there is sufficient unrestricted access to the target system to allow for tampering, and/or (iii) covert or non-invasive sensing was an objective. Side-channel signals and their embedded target information are represented not by their physical modalities (e.g., electricity, sound) but by their information parameters, that is, the fundamental properties that describe them (e.g., frequency) (Section 2.1.4). A quantified signal needs to contain the information parameters that sufficiently denote the target information and can be subsequently processed via SCS extraction techniques [2].
This section explores opportunities enabled by defining a domain-agnostic SCS framework, each representing an avenue for future work.

3.1. Transferability of SCS Extraction Techniques

As each domain abides by the same SCS framework components, a hypothesis for intra-domain and cross-domain transferability emerges. The SCS framework has established that it is the information parameters that SCS extraction techniques require and exploit (Section 2.1.5). Thus, given that two side-channels share identical information parameters, a SCS extraction method demonstrated for one is applicable to the other. This statement applies irrespective of domain or target system, meaning that SCS methods and extraction techniques from all identified domains are applicable candidates within the others (Section 2.1.7).
Martinovic et al. [7] and Lange et al. [6] demonstrated an explicit transfer of CYB-derived SCS extraction techniques to a biological target system (i.e., MDM). They recognised that the brain is a bounded system with input and output signals; it ‘consumes electricity’ during normal operation and outputs EEG readings. Akin to a PC consuming electricity acting as a side channel in CYB, there is a deterministic correlation between the brain’s internal operations and the output EEG readings. The authors exploited a neurophysiological phenomenon called the Event-Related Potential (ERP), consisting of signatures in EEG readings that correspond to specific visual and auditory stimuli (i.e., a side channel). Participants were exposed to stimuli of possibly known information (e.g., people they know). Output EEGs were analysed via statistical and regression analysis for classification and dimensionality reduction to extract ERP indicating a recognition confirmation. Use of ERP is akin to the profiling SCS method, and analysis of the EEG readings are akin to the machine learning and information theoretical analysis SCS extraction techniques (Section 2.1.7). This example demonstrates the cross-domain transferability of SCS extraction techniques.
It should be recognised that in this approach the domains and target systems are inconsequential. Instead, what is considered are the information parameters (Section 2.1.5). A PC and a brain share comparable physical modalities. Both consume electricity and output usage, while sharing fundamental information parameters of frequency, amplitude, and time. To explore this concept further, we can consider the HCI example of SCS by Low et al. [43]. The output luminance from the flash of a smartphone was quantified using the camera (i.e., the sensor). As the user obstructs the flash, the sensed luminance level varies. This can be parsed as a metric of the ’pressure’ being applied. Luminance is the information parameter that describes the target information, which is exploited by their SCS extraction techniques (correlations and regressions). Within the human body, each heartbeat invokes a periodic oscillation of blood volume within the bloodstream. This is a proven side channel for detecting heart rate visually via a camera [28]. When a flashlight is shone onto a person’s skin, the luminance of the reflecting light varies in correlation with the volume in the underlying bloodstream, from which the heart rate can be inferred.
Both side channels contain the same information parameters, and require a signal injection (e.g., a flashlight). It is the luminance (the information parameter) that their respective SCS extraction techniques rely on and exploit to operate.
The cases above stem from different target systems and domains, albeit with side channels using comparable information parameters. This view promotes the transferability of SCS extraction techniques. Similarly, the concept applies in cases of intra-domain transferability. For example, given a MDM target system (e.g., the human body), a proven SCS extraction technique for one part of the body may be applicable elsewhere, irrespective of the different physical modalities involved, so long as they share identical information parameters.
Complimenting the transferability hypothesis, we can consider the mindsets underlying each domain. From the ‘attack’ mindset of CYB, involving invasion/modification of the target system, to the desire for non-invasive and even passive sensing of MDM and HCI. Understood is that while covert sensing may not be essential, unobtrusive sensing methods can still be advantageous, particularly within MDM and HCI where non-invasive sensing is preferred. Similarly, adoption of HCI’s willingness to experiment with prototypes and considered sensors may bode well for other domains, particularly due to the propensity for unorthodox sensors. This encourages exploration of potentially existing side channels or the information parameters of quantifiable signals. Shared mindsets include the ability to achieve SCS despite sensor availability constraints, and perhaps the inability to invasively modify or probe target systems. Instead, there is reliance on understanding of side-channel properties and information parameters, along with the adoption of SCS methods and extraction techniques not normally (or at all) associated with a particular domain.
Challenges arise in the sheer diversity in target systems across varying domains. On the surface, viewing a smartphone as akin to the human body, or a PC as akin to an electrical grid appears nonsensical. Furthermore, side channels that share comparable or identical information parameters may not qualify for transferable SCS extraction techniques. Signal noise, diversity in target information, and the SCS methods applicable for the target system (e.g., invasive vs. passive) all influence the approach to SCS. Nonetheless, the SCS framework enables a fundamental and abstracted view of side channels, shedding the constraints of bespoke approaches for specific target systems or domains by providing deeper descriptors of side channels beyond just their physical modality (e.g., electricity, vibration).

3.2. Representation of Side Channels

Opportunities exist in parsing the SCS framework into sufficient data structures that can be used computationally. CYB models target systems via data structures such as flow trees and directed graphs. However, they are designed especially for cyber-physical target systems [9,10]. The SCS framework provides a domain-agnostic representation applicable to all target systems. Granted each SCS component is sufficient encoded, a data structure can model the real-world side channels of any target system. Such data structures can then be processed computationally. Within CYB, side channels within target systems are modelled and methodologies developed to detect side-channel leakage for privacy concerns [101] or discover new side channels for novel sensing opportunities [102]. Representations of side channels for MDM, HCI, and Misc are non-existent, as SCS is not yet formally established in these domains. However, the SCS framework demonstrates that despite target system diversity, they can fundamentally be described by the SCS framework components. Consequently, their respective target systems can also be captured as a data structure.
We propose that side-channel leakage detection and side-channel discovery through modelling of target systems is equally applicable to MDM, HCI, and Misc. Such methods need only look for determinism within modelled target systems (Section 2.1.4). The SCS framework enables a formalised and systematic approach to studying side channels, detecting their presence, and exploiting them. Candidate side channels can be studied as per their side-channel properties to understand the connection indicated by the determinism. A suitable SCS method is determined by the defined constraints and intentions (Section 2.1.7). For instance, certain SCS solutions care only for acquiring target information, and can be invasive or local. An effective SCS extraction technique is best identified by study of the information parameters present, or by whether an identical side channel has been proven elsewhere (Section 2.1.5).
For example, the human body is a rich source of side channels (Section 2.1.2). Modelling its structure and their connections to develop MDM solutions is well established. However, a data structure model following the SCS framework is a novel approach. The benefits include viewing the human body as per its side-channel properties and information parameters. Such a data structure can be analysed computationally, akin to how CYB’s target systems are. Instances of determinism point to candidate novel side channels, each describable by the SCS framework.
Consequently, the hypothesis regarding transferability of SCS extraction techniques is directly interlinked (Section 3.1). Side channels discovered via side-channel discovery methods can be analyzed and understood as per the SCS framework. Crucially, the information parameters can be identified. Thus, SCS extraction techniques shown to utilise the identified information parameters are applicable to newly discovered side channels as well.

3.3. Additional Domains

The reviewed domains of CYB, MDM, HCI, and Misc represent the most explicit examples of SCS within the literature. However, Misc alludes to other domains that could be named if enough examples are amassed. One example is civil infrastructure and its related target systems, such as electrical grids and road networks. Another potential field involves the environment, both natural and built. Examples include detecting movement behind room walls via WiFi and unique exploitations of benign physical objects, such as detecting audio from the vibrations of chip packets. The SCS framework remains applicable to the target systems of these additional domains irrespective of their structure or components, as all target systems are viewed abstractly. Each generates a cacophony of observable auxiliary signals as a byproduct of their normal operation. Where determinism is confirmed, side channels are suspected, which can be framed by their side-channel properties and understood via the information parameters demonstrated in this review. When these are quantified, appropriate SCS extraction techniques can be employed.

4. Conclusions

SCS involves the utilisation of available sensor data in a non-trivial way to acquire previously unknown, hidden, or unused target information from target systems. This review analyses the applicability of the SCS process across four distinct domains. We are the first to establish SCS within the HCI and Misc domains, which hitherto have been ad hoc and isolated. This novel approach broadens the field of SCS beyond the current boundary of MDM and CYB and their respective target systems (Section 2). Despite their diversity, each of these domains consists of a plethora of SCS-related solutions. We have demonstrated that each fundamentally relies on the strong correlation between externally sensed signals and the internal operations of their target system, i.e., the side-channel property of determinism (Section 2.1.4). Established fields of advanced sensing and signal processing techniques that exploit this correlation underlie each SCS example across each domain. Irrespective of domain, there is a mindset that noise is potentially the source of side channels. SCS can be achieved despite sensor availability constraints through non-obvious and indirect means.
This work provides a theorised unified view of these otherwise isolated domains. We establish that the SCS process can be defined by the distinct yet connected components of target information, target systems, side channels, side-channel properties, information parameters, sensors, and SCS methods and extraction techniques (Section 2). Combined, these form a SCS framework providing a unified, abstract, and domain-agnostic definition of SCS irrespective of the specific environment and application. This framework sufficiently describes the entire SCS process, with the SCS framework components corresponding to real-world observations.
The SCS framework enables a formalised and systematic approach to studying side channels, detecting their presence, and exploiting them both within and between domains. As each domain abides by the same SCS framework components, a hypothesis around the intra-domain and cross-domain transferability of SCS extraction techniques emerges (Section 3.1). Demonstrated SCS extraction techniques are applicable to other side channels that exhibit identical information parameters, irrespective of the domain or target system. Consequently, opportunities exist where exploiting the mindset of one domain may be lead to novel outcomes in another. From the ‘attack’ mindset of CYB, willing to invade/modify the target system, to the desire for non-invasive and even passive sensing in MDM and HCI. Techniques and approaches can be transferred between and within domains that subscribe to the SCS framework.
Additional avenues exist in the capture of SCS examples as data structures for computation. A suitable data structure can be representative of real-world SCS examples as well as of a real-world target system. Methodologies can take such data structures as input for side-channel leakage detection and side-channel discovery. These methodologies would inherently be domain-agnostic and applicable to all target systems that can be modelled by the SCS framework (Section 3.2). Lastly, the Misc domain hints at additional domains that could be incorporated into the SCS framework in the future (Section 3.3).

Author Contributions

Conceptualization, A.S. and S.B.; methodology, A.S. and S.B.; formal analysis, A.S. and S.B.; writing—original draft preparation, A.S.; writing—review and editing, A.S. and S.B. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Spence, A.; Bangay, S. Side-Channel Sensing: Exploiting Side-Channels to Extract Information for Medical Diagnostics and Monitoring. IEEE J. Transl. Eng. Health Med. 2020, 8, 1–13. [Google Scholar] [CrossRef] [PubMed]
  2. Spence, A.; Bangay, S. Security beyond cybersecurity: Side-channel attacks against non-cyber systems and their countermeasures. Int. J. Inf. Secur. 2021, 21, 437–453. [Google Scholar] [CrossRef]
  3. Standaert, F.X.; Malkin, T.G.; Yung, M. A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In Advances in Cryptology-EUROCRYPT 2009: 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, 26–30 April 2009; Proceedings 28; Springer: Berlin/Heidelberg, Germany, 2009; pp. 443–461. [Google Scholar] [CrossRef]
  4. Spreitzer, R.; Moonsamy, V.; Korak, T.; Mangard, S. Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices. IEEE Commun. Surv. Tutorials 2018, 20, 465–488. [Google Scholar] [CrossRef]
  5. Giechaskiel, I.; Rasmussen, K. Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses. IEEE Commun. Surv. Tutorials 2020, 22, 645–670. [Google Scholar] [CrossRef]
  6. Lange, J.; Massart, C.; Mouraux, A.; Standaert, F.X. Side-Channel Attacks Against the Human Brain: The PIN Code Case Study. In Constructive Side-Channel Analysis and Secure Design: 8th International Workshop, COSADE 2017, Paris, France, 13–14 April 2017; Revised Selected Papers 8; Guilley, S., Ed.; Springer: Cham, Switzerland, 2017; pp. 171–189. [Google Scholar]
  7. Martinovic, I.; Davies, D.; Frank, M.; Perito, D.; Ros, T.; Song, D. On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces. In Proceedings of the USENIX Security Symposium, Bellevue, WA, USA, 8–10 August 2012; pp. 143–158. [Google Scholar]
  8. Weber, D.; Ibrahim, A.; Nemati, H.; Schwarz, M.; Rossow, C. Osiris: Automated Discovery of Microarchitectural Side Channels. arXiv 2021, arXiv:2106.03470. [Google Scholar]
  9. Kemmerer, R.A.; Porras, P.A. Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels. IEEE Trans. Softw. Eng. 1991, 17, 1166–1185. [Google Scholar] [CrossRef]
  10. Rodrigues, B.; Quintão Pereira, F.M.; Aranha, D.F. Sparse Representation of Implicit Flows with Applications to Side-Channel Detection. In Proceedings of the 25th International Conference on Compiler Construction, Barcelona, Spain, 17–18 March 2016; pp. 110–120. [Google Scholar] [CrossRef]
  11. Ferraiuolo, A.; Xu, R.; Zhang, D.; Myers, A.C.; Suh, G.E. Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis. In Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, Xi’an, China, 8–12 April 2017; pp. 555–568. [Google Scholar] [CrossRef]
  12. Spence, A. Side-Channel Sensing: Systematic Discovery of Side-Channels. Ph.D. Dissertation, Deakin University, Geelong, Australia, 2023. [Google Scholar]
  13. Lee, J.s.; Yeo, W.S. Sonicstrument: A Musical Interface with Stereotypical Acoustic Transducers. In Proceedings of the International Conference on New Interfaces for Musical Expression, Oslo, Norway, 30 May–1 June 2011; pp. 24–27. [Google Scholar]
  14. Standaert, F.X. Introduction to Side-Channel Attacks; Springer: Boston, MA, USA, 2010; pp. 27–42. [Google Scholar] [CrossRef]
  15. Kocher, P.; Jaffe, J.; Jun, B. Differential Power Analysis; Springer: Berlin, Germany, 1999; pp. 388–397. [Google Scholar] [CrossRef]
  16. Genkin, D.; Pachmanov, L.; Pipman, I.; Tromer, E. ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs. In Topics in Cryptology-CT-RSA 2016: The Cryptographers’ Track at the RSA Conference 2016, San Francisco, CA, USA, 29 February–4 March 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 219–235. [Google Scholar]
  17. Genkin, D.; Pipman, I.; Tromer, E. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. J. Cryptogr. Eng. 2015, 5, 95–112. [Google Scholar] [CrossRef]
  18. Zhou, Y.; Feng, D. Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing. IACR Cryptol. EPrint Arch. 2005, 2005, 388. [Google Scholar]
  19. Tunstall, M. Smart Card Security. In Smart Cards, Tokens, Security and Applications; Mayes, K., Markantonakis, K., Eds.; Springer International Publishing: Cham, Switzerland, 2017; pp. 217–251. [Google Scholar] [CrossRef]
  20. Greveler, U.; Justus, B.; Loehr, D. Multimedia content identification through smart meter power usage profiles. In Proceedings of the International Conference on Information and Knowledge Engineering (IKE); The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp): Athens, Greece, 2012; p. 1. [Google Scholar]
  21. Zhang, K.; Li, Z.; Wang, R.; Wang, X.; Chen, S. Sidebuster: Automated detection and quantification of side-channel leaks in web application development. In Proceedings of the 17th ACM Conference on Computer and Communications Security 2010, Chicago, IL, USA, 4–8 October 2010. [Google Scholar] [CrossRef]
  22. Mather, L.; Oswald, E. Pinpointing side-channel information leaks in web applications. J. Cryptogr. Eng. 2012, 2, 161–177. [Google Scholar] [CrossRef]
  23. Chen, S.; Wang, R.; Wang, X.; Zhang, K. Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 16–19 May 2010; pp. 191–206. [Google Scholar] [CrossRef]
  24. Backes, M.; Dürmuth, M.; Gerling, S.; Pinkal, M.; Sporleder, C. Acoustic Side-Channel Attacks on Printers. In Proceedings of the USENIX Security Symposium, Washington, DC, USA, 11–13 August 2010; pp. 307–322. [Google Scholar]
  25. Chhetri, S.R.; Faruque, M.A.A. Side-Channels of Cyber-Physical Systems: Case Study in Additive Manufacturing. IEEE Des. Test 2017, 34, 18–25. [Google Scholar] [CrossRef]
  26. Tosaka, T.; Taira, K.; Yamanaka, Y.; Nishikata, A.; Hattori, M. Feasibility study for reconstruction of information from near field observations of the magnetic field of laser printer. In Proceedings of the 2006 17th International Zurich Symposium on Electromagnetic Compatibility, Singapore, 27 February–3 March 2006; pp. 630–633. [Google Scholar] [CrossRef]
  27. Sanyal, S.; Nundy, K.K. Algorithms for Monitoring Heart Rate and Respiratory Rate From the Video of a User’s Face. IEEE J. Transl. Eng. Health Med. 2018, 6, 1–11. [Google Scholar] [CrossRef]
  28. Grimaldi, D.; Kurylyak, Y.; Lamonaca, F.; Nastro, A. Photoplethysmography detection by smartphone’s videocamera. In Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, Prague, Czech Republic, 15–17 September 2011; Volume 1, pp. 488–491. [Google Scholar] [CrossRef]
  29. Lee, J.; Reyes, B.A.; McManus, D.D.; Maitas, O.; Chon, K.H. Atrial Fibrillation Detection Using an iPhone 4S. IEEE Trans. Biomed. Eng. 2013, 60, 203–206. [Google Scholar] [CrossRef] [PubMed]
  30. Ming-Zher, P.; McDuff, D.J.; Picard, R.W. Advancements in Noncontact, Multiparameter Physiological Measurements Using a Webcam. Biomed. Eng. IEEE Trans. 2011, 58, 7–11. [Google Scholar] [CrossRef]
  31. Poh, M.Z.; McDuff, D.J.; Picard, R.W. Non-contact, automated cardiac pulse measurements using video imaging and blind source separation. Opt. Express 2010, 18, 10762–10774. [Google Scholar] [CrossRef] [PubMed]
  32. Adib, F.; Mao, H.; Kabelac, Z.; Katabi, D.; Miller, R.C. Smart Homes that Monitor Breathing and Heart Rate. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems—CHI’15, Seoul, Republic of Korea, 18–23 April 2015; pp. 837–846. [Google Scholar] [CrossRef]
  33. Larson, E.C.; Goel, M.; Boriello, G.; Heltshe, S.; Rosenfeld, M.; Patel, S.N. SpiroSmart: Using a microphone to measure lung function on a mobile phone. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing—UbiComp ’12, Pittsburgh, PA, USA, 5–8 September 2012; pp. 280–289. [Google Scholar] [CrossRef]
  34. Ding, X.; Nassehi, D.; Larson, E.C. Measuring Oxygen Saturation With Smartphone Cameras Using Convolutional Neural Networks. IEEE J. Biomed. Health Informatics 2019, 23, 2603–2610. [Google Scholar] [CrossRef] [PubMed]
  35. Kang, S.J.; Choi, J.H.; Kim, Y.J.; Ma, H.I.; Lee, U. Development of an acquisition and visualization of forearm tremors and pronation/supination motor activities in a smartphone based environment for an early diagnosis of Parkinson’s disease. Adv. Sci. Technol. Lett. 2015, 116, 209–212. [Google Scholar]
  36. LeMoyne, R.; Mastroianni, T.; Cozza, M.; Coroian, C.; Grundfest, W. Implementation of an iPhone for characterizing Parkinson’s disease tremor through a wireless accelerometer application. In Proceedings of the 2010 Annual International Conference of the IEEE Engineering in Medicine and Biology, Buenos Aires, Argentina, 31 August–4 September 2010; pp. 4954–4958. [Google Scholar] [CrossRef]
  37. Wangwiwattana, C.; Ding, X.; Larson, E.C. PupilNet, Measuring Task Evoked Pupillary Response using Commodity RGB Tablet Cameras. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2018, 1, 1–26. [Google Scholar] [CrossRef]
  38. Manabe, H.; Fukumoto, M.; Yagi, T. Conductive rubber electrodes for earphone-based eye gesture input interface. Pers. Ubiquitous Comput. 2014, 19, 143–154. [Google Scholar] [CrossRef]
  39. Sahni, H.; Bedri, A.; Reyes, G.; Thukral, P.; Guo, Z.; Starner, T.; Ghovanloo, M. The tongue and ear interface: A wearable system for silent speech recognition. In Proceedings of the 2014 ACM Conference on Ubiquitous Computing, Seattle, WA, USA, 13–17 September 2014. [Google Scholar] [CrossRef]
  40. Bedri, A.; Byrd, D.; Presti, P.; Sahni, H.; Gue, Z.; Starner, T. Stick it in your ear: Building an in-ear jaw movement sensor. In Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, Osaka, Japan, 7–11 September 2015. [Google Scholar] [CrossRef]
  41. Bedri, A.; Li, R.; Haynes, M.; Kosaraju, R.P.; Grover, I.; Prioleau, T.; Beh, M.Y.; Goel, M.; Starner, T.; Abowd, G. EarBit: Using Wearable Sensors to Detect Eating Episodes in Unconstrained Environments. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2017, 1, 37. [Google Scholar] [CrossRef]
  42. Harrison, C.; Hudson, S.E. Scratch input: Creating large, inexpensive, unpowered and mobile finger input surfaces. In Proceedings of the Annual ACM Symposium on User Interface Software and Technology, Monterey, CA, USA, 19–22 October 2008; pp. 205–208. [Google Scholar]
  43. Low, S.; Sugiura, Y.; Lo, D.; Inami, M. Pressure detection on mobile phone by camera and flash. In Proceedings of the 5th Augmented Human International Conference, Kobe, Japan, 7–8 March 2014. [Google Scholar] [CrossRef]
  44. Hwang, S.; Bianchi, A.; Wohn, K.Y. VibPress: Estimating pressure input using vibration absorption on mobile devices. In Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services, Munich, Germany, 27–30 August 2013. [Google Scholar] [CrossRef]
  45. Sullenberger, R.M.; Kaushik, S.; Wynn, C.M. Photoacoustic communications: Delivering audible signals via absorption of light by atmospheric H2O. Opt. Lett. 2019, 44, 622–625. [Google Scholar] [CrossRef]
  46. Qin, Y.; Carlini, N.; Cottrell, G.; Goodfellow, I.; Raffel, C. Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition. In Proceedings of the 36th International Conference on Machine Learning, Long Beach, CA, USA, 9–15 June 2019; Chaudhuri, K., Salakhutdinov, R., Eds.; Volume 97, pp. 5231–5240. [Google Scholar]
  47. Han, C.; O’Sullivan, J.; Luo, Y.; Herrero, J.; Mehta, A.D.; Mesgarani, N. Speaker-independent auditory attention decoding without access to clean speech sources. Sci. Adv. 2019, 5, aav6134. [Google Scholar] [CrossRef] [PubMed]
  48. Rahman, T.; Adams, A.T.; Schein, P.; Jain, A.; Erickson, D.; Choudhury, T. Nutrilyzer: A Mobile System for Characterizing Liquid Food with Photoacoustic Effect. In Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM, Stanford, CA, USA, 14–16 November 2016; pp. 123–136. [Google Scholar] [CrossRef]
  49. Eriksson, J.; Girod, L.; Hull, B.; Newton, R.; Madden, S.; Balakrishnan, H. The pothole patrol: Using a mobile sensor network for road surface monitoring. In Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, Breckenridge, CO, USA, 17–20 June 2008; pp. 29–39. [Google Scholar]
  50. Wang, W.; He, S.; Sun, L.; Jiang, T.; Zhang, Q. Cross-Technology Communications for Heterogeneous IoT Devices Through Artificial Doppler Shifts. IEEE Trans. Wirel. Commun. 2019, 18, 796–806. [Google Scholar] [CrossRef]
  51. Garg, R.; Hajj-Ahmad, A.; Wu, M. Geo-location estimation from Electrical Network Frequency signals. In Proceedings of the 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, Vancouver, BC, Canada, 26–31 May 2013; pp. 2862–2866. [Google Scholar] [CrossRef]
  52. Genkin, D.; Pattani, M.; Schuster, R.; Tromer, E. Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–23 May 2019. [Google Scholar]
  53. Davis, A.; Rubinstein, M.; Wadhwa, N.; Mysore, G.J.; Durand, F.; Freeman, W.T. The Visual Microphone: Passive Recovery of Sound from Video. ACM Trans. Graph. 2014, 33, 79:1–79:10. [Google Scholar] [CrossRef]
  54. Zhu, Y.; Xiao, Z.; Chen, Y.; Li, Z.; Liu, M.; Zhao, B.Y.; Zheng, H. Adversarial WiFi Sensing. arXiv 2018, arXiv:1810.10109. [Google Scholar]
  55. Yang, J.; Zou, H.; Jiang, H.; Xie, L. Device-Free Occupant Activity Sensing Using WiFi-Enabled IoT Devices for Smart Homes. IEEE Internet Things J. 2018, 5, 3991–4002. [Google Scholar] [CrossRef]
  56. Adib, F.; Katabi, D. See through walls with WiFi! ACM SIGCOMM Comput. Commun. Rev. 2013, 43, 75–86. [Google Scholar] [CrossRef]
  57. Johnson, D.; Trivedi, M.M. Driving style recognition using a smartphone as a sensor platform. In Proceedings of the 2011 14th International IEEE Conference on Intelligent Transportation Systems (ITSC), Washington, DC, USA, 5–7 October 2011; pp. 1609–1615. [Google Scholar]
  58. Lemke-Rust, K.; Samarin, P. Exploring Embedded Software with Side Channels and Fault Analysis. In Proceedings of the 2018 12th European Workshop on Microelectronics Education (EWME), Braunschweig, Germany, 24–26 September 2018; pp. 67–70. [Google Scholar]
  59. Chari, S.; Rao, J.R.; Rohatgi, P. Template Attacks. In Cryptographic Hardware and Embedded Systems-CHES 2002: 4th International Workshop Redwood Shores, CA, USA, 13–15 August 2002; Springer: Berlin/Heidelberg, Germany, 2003; pp. 13–28. [Google Scholar] [CrossRef]
  60. Kuhn, M.G. Electromagnetic eavesdropping risks of flat-panel displays. In Privacy Enhancing Technologies; Springer: Berlin/Heidelberg, Germany, 2005; Volume 3424, pp. 88–107. [Google Scholar]
  61. Yaqoob, T.; Abbas, H.; Atiquzzaman, M. Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical Devices–A Review. IEEE Commun. Surv. Tutorials 2019, 21, 3723–3768. [Google Scholar] [CrossRef]
  62. Yang, Q.; Gasti, P.; Zhou, G.; Farajidavar, A.; Balagani, K.S. On inferring browsing activity on smartphones via USB power analysis side-channel. IEEE Trans. Inf. Forensics Secur. 2016, 12, 1056–1066. [Google Scholar] [CrossRef]
  63. Vuagnoux, M.; Pasini, S. An improved technique to discover compromising electromagnetic emanations. In Proceedings of the 2010 IEEE International Symposium on Electromagnetic Compatibility, Fort Lauderdale, FL, USA, 25–30 July 2010; pp. 121–126. [Google Scholar] [CrossRef]
  64. Drake, R.; Vogl, A.W.; Mitchell, A.W. Gray’s Anatomy for Students E-Book; Elsevier Health Sciences: Amsterdam, The Netherlands, 2009. [Google Scholar]
  65. Boron, W.F.; Boulpaep, E.L. Medical Physiology, 2e Updated Edition E-Book; Elsevier Health Sciences: Amsterdam, The Netherlands, 2012. [Google Scholar]
  66. Ashdown, H.F.; D’Souza, N.; Karim, D.; Stevens, R.J.; Huang, A.; Harnden, A. Pain over speed bumps in diagnosis of acute appendicitis: Diagnostic accuracy study. Bmj 2012, 345, e8012. [Google Scholar] [CrossRef]
  67. de Greef, L.; Goel, M.; Seo, M.J.; Larson, E.C.; Stout, J.W.; Taylor, J.A.; Patel, S.N. Bilicam: Using Mobile Phones to Monitor Newborn Jaundice. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing—UbiComp ’14, Seattle, WA, USA, 13–17 September 2014; pp. 331–342. [Google Scholar] [CrossRef]
  68. Lux, E.; Adam, M.; Dorner, V.; Helming, S.; Knierim, M.; Weinhardt, C. Live Biofeedback as a User Interface Design Element: A Review of the Literature. Commun. Assoc. Inf. Syst. 2018, 43, 257–296. [Google Scholar] [CrossRef]
  69. Biswas, A.K.; Ghosal, D.; Nagaraja, S. A Survey of Timing Channels and Countermeasures. ACM Comput. Surv. 2017, 50, 1–39. [Google Scholar] [CrossRef]
  70. Carrara, B.; Adams, C. Out-of-Band Covert Channels—A Survey. ACM Comput. Surv. 2016, 49, 1–36. [Google Scholar] [CrossRef]
  71. Guri, M.; Solewicz, Y.; Elovici, Y. MOSQUITO: Covert Ultrasonic Transmissions Between Two Air-Gapped Computers Using Speaker-to-Speaker Communication. In Proceedings of the 2018 IEEE Conference on Dependable and Secure Computing (DSC), Kaohsiung, Taiwan, 10–13 December 2018; pp. 1–8. [Google Scholar] [CrossRef]
  72. Biomarkers Definitions Working Group. Biomarkers and surrogate endpoints: Preferred definitions and conceptual framework. Clin. Pharmacol. Ther. 2001, 69, 89–95. [Google Scholar] [CrossRef] [PubMed]
  73. Morgan, R.M.; Patterson, M.J.; Nimmo, M.A. Acute effects of dehydration on sweat composition in men during prolonged exercise in the heat. Acta Physiol. Scand. 2004, 182, 37–43. [Google Scholar] [CrossRef] [PubMed]
  74. Scully, C.G.; Lee, J.; Meyer, J.; Gorbach, A.M.; Granquist-Fraser, D.; Mendelson, Y.; Chon, K.H. Physiological Parameter Monitoring from Optical Recordings With a Mobile Phone. IEEE Trans. Biomed. Eng. 2012, 59, 303–306. [Google Scholar] [CrossRef]
  75. Oncescu, V.; O’Dell, D.; Erickson, D. Smartphone based health accessory for colorimetric detection of biomarkers in sweat and saliva. Lab Chip 2013, 13, 3232. [Google Scholar] [CrossRef] [PubMed]
  76. Ritter, W. Benefits of Subliminal Feedback Loops in Human-Computer Interaction. Adv. Hum.-Comput. Interact. 2011, 2011, 346492:1–346492:11. [Google Scholar] [CrossRef]
  77. Vincent, E.; Bertin, N.; Gribonval, R.; Bimbot, F. From blind to guided audio source separation: How models and side information can improve the separation of sound. IEEE Signal Process. Mag. 2014, 31, 107–115. [Google Scholar] [CrossRef]
  78. Nirjon, S.; Zhao, F.; Dickerson, R.F.; Li, Q.; Asare, P.; Stankovic, J.A.; Hong, D.; Zhang, B.; Jiang, X.; Shen, G. MusicalHeart: A hearty way of listening to music. In Proceedings of the 10th ACM Conference on Embedded Network Sensor Systems—SenSys’12, Toronto, ON, Canada, 6–9 November 2012; pp. 43–56. [Google Scholar] [CrossRef]
  79. Jaakkola, J.; Jaakkola, S.; Lahdenoja, O.; Hurnanen, T.; Koivisto, T.; Pankaala, M.; Knuutila, T.; Kiviniemi, T.O.; Vasankari, T.; Airaksinen, K.J. Mobile Phone Detection of Atrial Fibrillation With Mechanocardiography. Circulation 2018, 137, 1524–1527. [Google Scholar] [CrossRef]
  80. Lee, J.; Reyes, B.A.; McManus, D.D.; Mathias, O.; Chon, K.H. Atrial fibrillation detection using a smart phone. In Proceedings of the 2012 Annual International Conference of the IEEE Engineering in Medicine and Biology Society, San Diego, CA, USA, 28 August–1 September 2012; pp. 1177–1180. [Google Scholar] [CrossRef]
  81. McManus, D.D.; Lee, J.; Maitas, O.; Esa, N.; Pidikiti, R.; Carlucci, A.; Harrington, J.; Mick, E.; Chon, K.H. A novel application for the detection of an irregular pulse using an iPhone 4S in patients with atrial fibrillation. Heart Rhythm 2013, 10, 315–319. [Google Scholar] [CrossRef]
  82. Balakrishnan, G.; Durand, F.; Guttag, J. Detecting Pulse from Head Motions in Video. In Proceedings of the 2013 IEEE Conference on Computer Vision and Pattern Recognition, Portland, OR, USA, 23–28 June 2013; pp. 3430–3437. [Google Scholar] [CrossRef]
  83. Poh, M.Z.; Kim, K.; Goessling, A.D.; Swenson, N.C.; Picard, R.W. Heartphones: Sensor Earphones and Mobile Application for Non-obtrusive Health Monitoring. In Proceedings of the 2009 International Symposium on Wearable Computers, Linz, Austria, 4–7 September 2009; pp. 153–154. [Google Scholar] [CrossRef]
  84. Shannon, C.E. A mathematical theory of communication. Bell Syst. Tech. J. 1948, 27, 379–423. [Google Scholar] [CrossRef]
  85. Demme, J.; Martin, R.; Waksman, A.; Sethumadhavan, S. Side-channel vulnerability factor: A metric for measuring information leakage. In Proceedings of the 2012 39th Annual International Symposium on Computer Architecture (ISCA), Portland, OR, USA, 9–13 June 2012; pp. 106–117. [Google Scholar] [CrossRef]
  86. Hayashi, Y.; Homma, N.; Miura, M.; Aoki, T.; Sone, H. A Threat for Tablet PCs in Public Space: Remote Visualization of Screen Images Using EM Emanation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security—CCS’14, Scottsdale, Arizona, USA, 3–7 November 2014; pp. 954–965. [Google Scholar] [CrossRef]
  87. Lomné, V.; Prouff, E.; Roche, T. Behind the Scene of Side Channel Attacks. In Advances in Cryptology—ASIACRYPT 2013: 19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, 1–5 December 2013; Proceedings, Part I; Sako, K., Sarkar, P., Eds.; Springer: Berlin/Heidelberg, Germany, 2013; pp. 506–525. [Google Scholar] [CrossRef]
  88. Larson, E.C.; Lee, T.; Liu, S.; Rosenfeld, M.; Patel, S.N. Accurate and privacy preserving cough sensing using a low-cost microphone. In Proceedings of the 2011 ACM Conference on Ubiquitous Computing, Beijing, China, 17–21 September 2011; pp. 375–384. [Google Scholar] [CrossRef]
  89. Yumak, Z.; Pu, P. Survey of Sensor-Based Personal Wellness Management Systems. BioNanoScience 2013, 3, 254–269. [Google Scholar] [CrossRef]
  90. Rodgers, M.M.; Pai, V.M.; Conroy, R.S. Recent Advances in Wearable Sensors for Health Monitoring. IEEE Sensors J. 2015, 15, 3119–3126. [Google Scholar] [CrossRef]
  91. Shrestha, P.; Saxena, N. An Offensive and Defensive Exposition of Wearable Computing. ACM Comput. Surv. 2018, 50, 1–39. [Google Scholar] [CrossRef]
  92. Triantafyllidis, A.K.; Velardo, C.; Salvi, D.; Shah, S.A.; Koutkias, V.G.; Tarassenko, L. A Survey of Mobile Phone Sensing, Self-Reporting, and Social Sharing for Pervasive Healthcare. IEEE J. Biomed. Health Informatics 2017, 21, 218–227. [Google Scholar] [CrossRef] [PubMed]
  93. Im, H.; Castro, C.M.; Shao, H.; Liong, M.; Song, J.; Pathania, D.; Fexon, L.; Min, C.; Avila-Wallace, M.; Zurkiya, O.; et al. Digital diffraction analysis enables low-cost molecular diagnostics on a smartphone. Proc. Natl. Acad. Sci. USA 2015, 112, 5613–5618. [Google Scholar] [CrossRef]
  94. Coskun, A.F.; Wong, J.; Khodadadi, D.; Nagi, R.; Tey, A.; Ozcan, A. A personalized food allergen testing platform on a cellphone. Lab Chip 2013, 13, 636–640. [Google Scholar] [CrossRef] [PubMed]
  95. Tseng, D.; Mudanyali, O.; Oztoprak, C.; Isikman, S.O.; Sencan, I.; Yaglidere, O.; Ozcan, A. Lensfree microscopy on a cellphone. Lab Chip 2010, 10, 1787–1792. [Google Scholar] [CrossRef]
  96. Jablonsky, N.; McKenzie, S.; Bangay, S.; Wilkin, T. Evaluating sensor placement and modality for activity recognition in active games. In Proceedings of the Australasian Computer Science Week Multiconference, Geelong, Australia, 30 January–3 February 2017; pp. 61:1–61:8. [Google Scholar] [CrossRef]
  97. Vermeulen, J.; Willard, S.; Aguiar, B.; De Witte, L.P. Validity of a Smartphone-Based Fall Detection Application on Different Phones Worn on a Belt or in a Trouser Pocket. Assist. Technol. 2014, 27, 18–23. [Google Scholar] [CrossRef] [PubMed]
  98. Stemple, C.C.; Angus, S.V.; Park, T.S.; Yoon, J.Y. Smartphone-Based Optofluidic Lab-on-a-Chip for Detecting Pathogens from Blood. J. Lab. Autom. 2014, 19, 35–41. [Google Scholar] [CrossRef]
  99. Wang, C.; Wang, X.; Long, Z.; Yuan, J.; Qian, Y.; Li, J. Estimation of temporal gait parameters using a wearable microphone-sensor-based system. Sensors 2016, 16, 2167. [Google Scholar] [CrossRef]
  100. Le, T.H.; Canovas, C.; Clédiere, J. An overview of side channel analysis attacks. In Proceedings of the Asia CCS’08 ACM Symposium on Information, Computer and Communications Security, Tokyo, Japan, 18–20 March 2008; pp. 33–43. [Google Scholar]
  101. Trippel, C.; Lustig, D.; Martonosi, M. Checkmate: Automated synthesis of hardware exploits and security litmus tests. In Proceedings of the 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Fukuoka, Japan, 20–24 October 2018; pp. 947–960. [Google Scholar]
  102. Gruss, D.; Spreitzer, R.; Mangard, S. Cache template attacks: Automating attacks on inclusive last-level caches. In Proceedings of the 24th USENIX Conference on Security Symposium, Washington, DC, USA, 12–14 August 2015; pp. 897–912. [Google Scholar]
Entropy 26 00684 g001
Figure 1. An illustration of the domain-agnostic SCS process.
Figure 1. An illustration of the domain-agnostic SCS process.
Entropy 26 00684 g001
Entropy 26 00684 g002
Figure 2. Side-channel properties describe the structure and behaviour of side channels and their embedded signals.
Figure 2. Side-channel properties describe the structure and behaviour of side channels and their embedded signals.
Entropy 26 00684 g002
Entropy 26 00684 g003
Figure 3. The SCS framework unifies the themes from each individual domain.
Figure 3. The SCS framework unifies the themes from each individual domain.
Entropy 26 00684 g003
Entropy 26 00684 g004
Figure 4. A side channel connecting heartbeats and skin colour variance. A smartphone quantifies this colour variance on a person’s forehead to infer heart rate (the target information). Side channels can be understood following the SCS framework components.
Figure 4. A side channel connecting heartbeats and skin colour variance. A smartphone quantifies this colour variance on a person’s forehead to infer heart rate (the target information). Side channels can be understood following the SCS framework components.
Entropy 26 00684 g004
Table 1. Terminology for defining the components of the SCS process [12].
Table 1. Terminology for defining the components of the SCS process [12].
Existing Classifications Related to Side-Channel UseClassifications Used in This Research
Side-channel attacks (relating to side-channel exploitation within CYB only) [14], side-channel sensing (relating to side-channel exploitation within CYB as well as other domains) [2].Side-channel sensing
Target information (used within MDM and CYB [2] but also applicable to all domains).Target information
Cryptographic devices (attacks against cyber–physical devices) [14], target systems (within context of MDM and CYB) [1,2].Target system
Biomarkers (objectively measured characteristics that lead to a diagnosis), side channel (a pathway in which target information traverses along within any context) [1,2,14].Side-channel
Side-channel properties [2].Side-channel properties
Modalities (a description of the target information and the signal within which it is embedded) [1].Information parameters
Measurement setup [14], sensors [2].Sensors
Leakage models (understanding of the signal within a side channel in a CYB context) [14], techniques [1,15], physical attacks [14], side-channel attack techniques [2].Methods and Extraction techniques
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Spence, A.; Bangay, S. Domain-Agnostic Representation of Side-Channels. Entropy 2024, 26, 684. https://doi.org/10.3390/e26080684

AMA Style

Spence A, Bangay S. Domain-Agnostic Representation of Side-Channels. Entropy. 2024; 26(8):684. https://doi.org/10.3390/e26080684

Chicago/Turabian Style

Spence, Aaron, and Shaun Bangay. 2024. "Domain-Agnostic Representation of Side-Channels" Entropy 26, no. 8: 684. https://doi.org/10.3390/e26080684

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop