Side-channel Attacks Flashcards

1
Q

What is the definition of a side-channel attack

A

A side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the design nor implementation of the algorithm itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name examples for possible side-channels

A
  • timing attack
  • power-monitoring attack
  • data remanence
  • electromagnetic attack
  • optical attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which mathematical fact is the square and multiply algorithm based on?

A

x^n = | x(x^2)^(n-1/2) if n is odd | (x^2)^n/2 if n is even

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can we perform a power consumption analysis attack on the square & multiply algorithm?

A
  • square & multiply -> 1

- square -> 0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the idea of timing attacks?

A
  • measure time of cryptographic operations

- time can differ on the input -> get info about input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How does searching cryptographic keys in memory work?

A
  • by definition should have high entropy

- > search for high entropy memory regions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do cache attacks work?

A

Attacker deduces input by probing memory after victim’s execution (cache miss? cache hit?)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do cold boot attacks work? What are some countermeasures?

A

Attacker cools down memory to preserve its content after a reboot then looks for key

countermeasures:

  • avoid storing keys in memory, use CPU / overwrite after usage
  • encrypt keys in memory using keys stored elsewhere
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name some attacks on air-gapped systems

A
  • via portable storage devices (Stuxnet: USB)
  • optical (telescope, reflections)
    Exfiltration (e.g. air-gapped device infected, wants to export data):
  • AirHopper: FM radio signals
  • sound-based attacks using recording of keystrokes
  • BitWhisper: uses heat emissions
  • PowerHammer: uses fluctuations in power line
How well did you know this?
1
Not at all
2
3
4
5
Perfectly