Introduction

Question 1

What are the types of side channels?

Answer 1

I/O Observable, Software observable, physically observable

Question 2

What is an I/O Observable SC?

Answer 2

Using metadata about a program’s response to input/output to leak information

Question 3

What is a software observable SC?

Answer 3

obtaining information by executing a program on the target system

Question 4

What is a physically observable SC?

Answer 4

obtain information by observing the target’s physical properties

Question 5

Subtypes of I/O SCs?

Answer 5

Timing side channel, termination side channel (subtype of timing)

Question 6

What is and isn’t an I/O SC?

Answer 6

Observing when and how large data is sent, NOT the data itself

Question 7

Why are I/O SC dangerous?

Answer 7

They generally do not require physical access and therefore can be done remotely and without permissions

Question 8

What is the main cause of I/O SC?

Answer 8

Secret-dependent control flows that create a timing difference

Question 9

What is the main idea behind software observable SC?

Answer 9

Programs running on the same computer share resources. By measuring your own performance, you can learn information about other programs’ resource usage

Question 10

Name some shared resource side channels

Answer 10

• monitor pages swapped into RAM to tell which part of a program is executing
• branch pred can leak information about which branches have been taken
• cache side channels

Question 11

Shared resource contention side channels

Answer 11

?

Question 12

What is speculative execution?

Answer 12

when we are not sure what instructions we should be executing, so we speculatively execute our best guess (branch pred)

Question 13

Describe Spectre

Answer 13

Speculative execution attack.

1. victim stores secret in reg
2. has secret-independent code with branch instr
3. attack trains predictor to jump to malicious code, reads secret from reg
4. uses a cache side channel to read secret
5. victim sees branch is incorrect, flushes pipeline, proceeds

Question 14

What are some examples of physically observable SCs?

Answer 14

Power, sound/acoustic, backscattering, electromagnetic, temperature, photonic/light, fault injections (physically inject fault signal into the system)

Question 15

Subtypes of power SCs?

Answer 15

• Simple Power Analysis (SPA) - observable by looking at power trace (looking at raw data)
• Differential Power Analysis (DPA) - observable by looking at statistical transformation of data
• High-Order Differential Power Analysis (HO-DPA) - DPA but using data from multiple sources (must synchronize by time)

Question 16

What are the benefits of EM SCs?

Answer 16

• Can be measured without direct access to device

- hard to mimic EM signals - harder for malware to fake the correct signal