Side-channel Attacks

Question 1

What is the definition of a side-channel attack

Answer 1

A side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the design nor implementation of the algorithm itself

Question 2

Name examples for possible side-channels

Answer 2

• timing attack
• power-monitoring attack
• data remanence
• electromagnetic attack
• optical attack

Question 3

Which mathematical fact is the square and multiply algorithm based on?

Answer 3

x^n = | x(x^2)^(n-1/2) if n is odd | (x^2)^n/2 if n is even

Question 4

How can we perform a power consumption analysis attack on the square & multiply algorithm?

Answer 4

• square & multiply -> 1

- square -> 0

Question 5

What is the idea of timing attacks?

Answer 5

• measure time of cryptographic operations

- time can differ on the input -> get info about input

Question 6

How does searching cryptographic keys in memory work?

Answer 6

• by definition should have high entropy

- > search for high entropy memory regions

Question 7

How do cache attacks work?

Answer 7

Attacker deduces input by probing memory after victim’s execution (cache miss? cache hit?)

Question 8

How do cold boot attacks work? What are some countermeasures?

Answer 8

Attacker cools down memory to preserve its content after a reboot then looks for key

countermeasures:

• avoid storing keys in memory, use CPU / overwrite after usage
• encrypt keys in memory using keys stored elsewhere

Question 9

Name some attacks on air-gapped systems

Answer 9

• via portable storage devices (Stuxnet: USB)
• optical (telescope, reflections)
  Exfiltration (e.g. air-gapped device infected, wants to export data):
• AirHopper: FM radio signals
• sound-based attacks using recording of keystrokes
• BitWhisper: uses heat emissions
• PowerHammer: uses fluctuations in power line