Side-channel Attacks Flashcards
What is the definition of a side-channel attack
A side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the design nor implementation of the algorithm itself
Name examples for possible side-channels
- timing attack
- power-monitoring attack
- data remanence
- electromagnetic attack
- optical attack
Which mathematical fact is the square and multiply algorithm based on?
x^n = | x(x^2)^(n-1/2) if n is odd | (x^2)^n/2 if n is even
How can we perform a power consumption analysis attack on the square & multiply algorithm?
- square & multiply -> 1
- square -> 0
What is the idea of timing attacks?
- measure time of cryptographic operations
- time can differ on the input -> get info about input
How does searching cryptographic keys in memory work?
- by definition should have high entropy
- > search for high entropy memory regions
How do cache attacks work?
Attacker deduces input by probing memory after victim’s execution (cache miss? cache hit?)
How do cold boot attacks work? What are some countermeasures?
Attacker cools down memory to preserve its content after a reboot then looks for key
countermeasures:
- avoid storing keys in memory, use CPU / overwrite after usage
- encrypt keys in memory using keys stored elsewhere
Name some attacks on air-gapped systems
- via portable storage devices (Stuxnet: USB)
- optical (telescope, reflections)
Exfiltration (e.g. air-gapped device infected, wants to export data): - AirHopper: FM radio signals
- sound-based attacks using recording of keystrokes
- BitWhisper: uses heat emissions
- PowerHammer: uses fluctuations in power line