Side Channels

Question 1

What is a side-channel attack?

Answer 1

An attack based on information from the physical implementation of a system, rather than its theoretical properties.

Question 2

Why are side-channel attacks significant in cryptosystems?

Answer 2

Cryptosystems often leak information through timing, power consumption, or electromagnetic emissions, revealing secret data.

Question 3

What are timing attacks?

Answer 3

Exploiting variations in operation times to infer sensitive information, such as cryptographic keys.

Question 4

What is power analysis in side-channel attacks?

Answer 4

Observing power consumption patterns to deduce information about computations or secret keys.

Question 5

What is differential power analysis?

Answer 5

Using statistical analysis of power consumption traces to extract cryptographic keys.

Question 6

How do cache timing attacks work?

Answer 6

Manipulating cache states and observing timing differences to infer victim activity and data access patterns.

Question 7

What vulnerability does Spectre exploit?

Answer 7

Speculative execution and cache timing to access private information within the same process.

Question 8

How does the “Flush + Reload” technique work?

Answer 8

Fluch cache lines, wait for victim activity, then reload and time accesses to see which lines the victim accessed.

Question 9

What are the steps in a Spectre attack?

Answer 9

1. Train branch predictor.
2. Exploit mis-speculation to access restricted memory.
3. Analyze cache impacts to extract secrets.

Question 10

What are laser-based audio injection attacks?

Answer 10

Using lasers to simulate audio signals in voice-controlled systems to manipulate them remotely.

Question 11

How can motion sensors be exploited?

Answer 11

Inferring speech or keystrokes from subtle vibrations detected by accelerometers and gyroscopes.

Question 12

How can keyboards be compromised?

Answer 12

Monitoring electromagnetic emissions or acoustics to infer typed characters.

Question 13

How can reflections compromise privacy?

Answer 13

Analyzing reflections from screens or surfaces to recover displayed or typed information.

Question 14

How can sound be extracted from videos?

Answer 14

Using high-frame-rate video analysis to infer sound vibrations (e.g., SIGGRAPH “Visual Microphone”).

Question 15

What is website fingerprinting?

Answer 15

Identifying accessed webpages based on traffic patterns or power consumption profiles.

Question 16

How does powerline eavesdropping work?

Answer 16

Observing electromagnetic interference from devices via powerlines to infer activity or data.

Question 17

How can side channels be used positively?

Answer 17

For anomaly detection in constrained environments like medical devices.

Question 18

What are the key requirements for effective side-channel detection systems?

Answer 18

No software changes, no updates, no manual configuration, and no network connection.

Question 19

What assumptions are made about the adversary in Spectre attacks?

Answer 19

Can run code in the same process.
Controls inputs to specific memory areas.
Cannot directly access restricted memory.

Question 20

What is speculative execution?

Answer 20

Predicting and executing instructions ahead of actual decisions to improve speed, later rolling back if predictions are incorrect.