Secure Software Design - Side Channel and Remanence Attacks Flashcards

1
Q

What are side channel attacks?

A

Attacks that exploit indirect ‘side effects’ of algorithms, like power usage or timing, rather than attacking encryption directly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Fill in the blank: Side channel attacks exploit the ______ of cryptographic algorithms instead of directly breaking encryption.

A

Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List two types of side channel attacks discussed in the document.

A

Electrical consumption attacks and electromagnetic radiation analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an electrical consumption attack?

A

An attack that analyzes power usage variations to infer processing operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can electromagnetic radiation be used in side channel attacks?

A

Specific instructions emit unique EM signals that can be monitored to infer cryptographic keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name two countermeasures against electromagnetic side channel attacks.

A

Faraday plating and algorithmic randomization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Fill in the blank: Temporal analysis in side channel attacks relies on variations in ______ to deduce information.

A

Timing or execution time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of the Montgomery Powering Ladder?

A

To equalize power usage and timing by adding extra instructions, concealing variations in side channel characteristics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain the purpose of safe modular exponentiation in cryptography.

A

It standardizes execution time for modular operations, reducing timing vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a fault injection attack?

A

An attack where invalid data or instructions are injected to observe system reactions, potentially revealing sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does fixed-time processing help prevent side channel attacks?

A

It ensures that all operations take the same time, making it harder for attackers to deduce information based on timing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a remanence attack?

A

An attack that exploits residual data left in memory after a process completes, which may contain sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Fill in the blank: A remanence attack may retrieve sensitive data because memory retains ______ after program execution.

A

Residual data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

List two types of data that can be targeted by remanence attacks.

A

Encryption keys and sensitive variables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is memory erasure important in preventing remanence attacks?

A

It removes residual data from memory, preventing attackers from accessing sensitive information left after execution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Explain the purpose of ‘canaries’ in security.

A

Canaries are markers used to detect memory tampering or buffer overflows.

17
Q

How does Stackguard use canaries to prevent attacks?

A

Stackguard automatically places canaries in stack frames to protect against buffer overflow attacks.

18
Q

Fill in the blank: ______ is a technique that protects stack integrity by inserting random markers to detect overflows.

A

Canary insertion

19
Q

What is a practical example of protecting variables in C++?

A

Using canaries and integrity checks to prevent unauthorized access to variable data.

20
Q

What type of side channel attack uses an oscilloscope to monitor power usage?

A

Electrical consumption attack.

21
Q

Why might fixed-time processing reduce vulnerability to timing attacks?

A

Fixed-time processing standardizes execution duration, making it harder to infer data based on time variations.

22
Q

Name a software approach to prevent fault injection attacks.

A

Inserting canaries, using randomization, or implementing hardened compilers.

23
Q

Why is randomization effective in side channel attack prevention?

A

It changes patterns in execution, making it harder to detect predictable side effects like power or timing variations.

24
Q

What is a timing attack?

A

An attack that analyzes differences in processing time to infer data, often used to deduce cryptographic keys.

25
Q

Fill in the blank: Remanence attacks exploit the ______ nature of memory, which retains data after use.

A

Persistent

26
Q

What is the function of a Faraday cage in preventing side channel attacks?

A

It blocks electromagnetic emissions, preventing external monitoring of data signals.

27
Q

Why is it important to randomize instructions in cryptographic algorithms?

A

To obscure predictable patterns in power and timing, making side channel attacks more difficult.

28
Q

What does the Montgomery Powering Ladder add to cryptographic processes?

A

Additional instructions to equalize power and timing across branches, hiding variations.

29
Q

What security risk does memory remanence pose?

A

It can expose sensitive data if residual information is retained in memory after processing.

30
Q

Fill in the blank: In cryptographic security, ______ are used to detect buffer overflows by placing markers in data segments.

A

Canaries

31
Q

Why are stack canaries critical in preventing buffer overflow attacks?

A

They act as markers that, if altered, signal potential memory corruption or overflow.

32
Q

Describe a method to secure memory-stored data in a client-server model.

A

Use integrity checks and regular memory erasure on the server side to prevent residual data exposure.