Secure Software Design - Side Channel and Remanence Attacks

Question 1

What are side channel attacks?

Answer 1

Attacks that exploit indirect ‘side effects’ of algorithms, like power usage or timing, rather than attacking encryption directly.

Question 2

Fill in the blank: Side channel attacks exploit the ______ of cryptographic algorithms instead of directly breaking encryption.

Answer 2

Implementation

Question 3

List two types of side channel attacks discussed in the document.

Answer 3

Electrical consumption attacks and electromagnetic radiation analysis.

Question 4

What is an electrical consumption attack?

Answer 4

An attack that analyzes power usage variations to infer processing operations.

Question 5

How can electromagnetic radiation be used in side channel attacks?

Answer 5

Specific instructions emit unique EM signals that can be monitored to infer cryptographic keys.

Question 6

Name two countermeasures against electromagnetic side channel attacks.

Answer 6

Faraday plating and algorithmic randomization.

Question 7

Fill in the blank: Temporal analysis in side channel attacks relies on variations in ______ to deduce information.

Answer 7

Timing or execution time

Question 8

What is the purpose of the Montgomery Powering Ladder?

Answer 8

To equalize power usage and timing by adding extra instructions, concealing variations in side channel characteristics.

Question 9

Explain the purpose of safe modular exponentiation in cryptography.

Answer 9

It standardizes execution time for modular operations, reducing timing vulnerabilities.

Question 10

What is a fault injection attack?

Answer 10

An attack where invalid data or instructions are injected to observe system reactions, potentially revealing sensitive data.

Question 11

How does fixed-time processing help prevent side channel attacks?

Answer 11

It ensures that all operations take the same time, making it harder for attackers to deduce information based on timing.

Question 12

What is a remanence attack?

Answer 12

An attack that exploits residual data left in memory after a process completes, which may contain sensitive information.

Question 13

Fill in the blank: A remanence attack may retrieve sensitive data because memory retains ______ after program execution.

Answer 13

Residual data

Question 14

List two types of data that can be targeted by remanence attacks.

Answer 14

Encryption keys and sensitive variables.

Question 15

Why is memory erasure important in preventing remanence attacks?

Answer 15

It removes residual data from memory, preventing attackers from accessing sensitive information left after execution.

Question 16

Explain the purpose of ‘canaries’ in security.

Answer 16

Canaries are markers used to detect memory tampering or buffer overflows.

Question 17

How does Stackguard use canaries to prevent attacks?

Answer 17

Stackguard automatically places canaries in stack frames to protect against buffer overflow attacks.

Question 18

Fill in the blank: ______ is a technique that protects stack integrity by inserting random markers to detect overflows.

Answer 18

Canary insertion

Question 19

What is a practical example of protecting variables in C++?

Answer 19

Using canaries and integrity checks to prevent unauthorized access to variable data.

Question 20

What type of side channel attack uses an oscilloscope to monitor power usage?

Answer 20

Electrical consumption attack.

Question 21

Why might fixed-time processing reduce vulnerability to timing attacks?

Answer 21

Fixed-time processing standardizes execution duration, making it harder to infer data based on time variations.

Question 22

Name a software approach to prevent fault injection attacks.

Answer 22

Inserting canaries, using randomization, or implementing hardened compilers.

Question 23

Why is randomization effective in side channel attack prevention?

Answer 23

It changes patterns in execution, making it harder to detect predictable side effects like power or timing variations.

Question 24

What is a timing attack?

Answer 24

An attack that analyzes differences in processing time to infer data, often used to deduce cryptographic keys.

Question 25

Fill in the blank: Remanence attacks exploit the ______ nature of memory, which retains data after use.

Answer 25

Persistent

Question 26

What is the function of a Faraday cage in preventing side channel attacks?

Answer 26

It blocks electromagnetic emissions, preventing external monitoring of data signals.

Question 27

Why is it important to randomize instructions in cryptographic algorithms?

Answer 27

To obscure predictable patterns in power and timing, making side channel attacks more difficult.

Question 28

What does the Montgomery Powering Ladder add to cryptographic processes?

Answer 28

Additional instructions to equalize power and timing across branches, hiding variations.

Question 29

What security risk does memory remanence pose?

Answer 29

It can expose sensitive data if residual information is retained in memory after processing.

Question 30

Fill in the blank: In cryptographic security, ______ are used to detect buffer overflows by placing markers in data segments.

Answer 30

Canaries

Question 31

Why are stack canaries critical in preventing buffer overflow attacks?

Answer 31

They act as markers that, if altered, signal potential memory corruption or overflow.

Question 32

Describe a method to secure memory-stored data in a client-server model.

Answer 32

Use integrity checks and regular memory erasure on the server side to prevent residual data exposure.