Secure Software Design - Side Channel and Remanence Attacks Flashcards
What are side channel attacks?
Attacks that exploit indirect ‘side effects’ of algorithms, like power usage or timing, rather than attacking encryption directly.
Fill in the blank: Side channel attacks exploit the ______ of cryptographic algorithms instead of directly breaking encryption.
Implementation
List two types of side channel attacks discussed in the document.
Electrical consumption attacks and electromagnetic radiation analysis.
What is an electrical consumption attack?
An attack that analyzes power usage variations to infer processing operations.
How can electromagnetic radiation be used in side channel attacks?
Specific instructions emit unique EM signals that can be monitored to infer cryptographic keys.
Name two countermeasures against electromagnetic side channel attacks.
Faraday plating and algorithmic randomization.
Fill in the blank: Temporal analysis in side channel attacks relies on variations in ______ to deduce information.
Timing or execution time
What is the purpose of the Montgomery Powering Ladder?
To equalize power usage and timing by adding extra instructions, concealing variations in side channel characteristics.
Explain the purpose of safe modular exponentiation in cryptography.
It standardizes execution time for modular operations, reducing timing vulnerabilities.
What is a fault injection attack?
An attack where invalid data or instructions are injected to observe system reactions, potentially revealing sensitive data.
How does fixed-time processing help prevent side channel attacks?
It ensures that all operations take the same time, making it harder for attackers to deduce information based on timing.
What is a remanence attack?
An attack that exploits residual data left in memory after a process completes, which may contain sensitive information.
Fill in the blank: A remanence attack may retrieve sensitive data because memory retains ______ after program execution.
Residual data
List two types of data that can be targeted by remanence attacks.
Encryption keys and sensitive variables.
Why is memory erasure important in preventing remanence attacks?
It removes residual data from memory, preventing attackers from accessing sensitive information left after execution.