Week 9: Side Channels

Question 1

What are some possible Side-Channel Attacks?

Answer 1

Runtime/Timing.
Power Analysis - SPA.
Temperature.
Sound (then SPA).
EM emanation.
Photonic emissions.

Question 2

How can Simple Power Analysis Attacks be prevented?

Answer 2

Add noise - can be filtered/averaged out.
Decrease signal/balance power consumption - costly.
Fix algorithm - small leakages may remain undetected.

Question 3

How to prevent SPA-like attacks on AES?

Answer 3

Fix with a constant time xtime operation.
Beware compiler optimizations and CPUs with non-constant time multiplication.
Bigger CPUs use T-Tables - bigger table lookups.

Question 4

What is the intuition behind Side Channel Attacks?

Answer 4

Power consumption of ek(x) depends on k.

Question 5

How do differential timing attacks work on AES?

Answer 5

T(k, x) = T_xtime(k, x) + T_rest
T(k, x) = sumof(T_xtime,i(k, x)) + const.

Question 6

Describe a SPA-like attack on AES?

Answer 6

1. Send input byte + read MSBit(B0)
2. Compute hypothetical MSbit for each candidate k:
   - Key space halved
3. Repeat for new input
4. Repeat for every key byte

Question 7

Describe a differential timing attack on AES?

Answer 7

• For each candidate k:
  
  • For each x:
    
    • Compute MSbit
    • If 0, add to T0 -> else, T1
  • Computer averages and (T1_avg - T0_avg)
• Find max avg.

Question 8

Explain FLUSH+RELOAD?

Answer 8

(Assumes attacker has local, non-privileged code execution)
1. Target L3(LLC) cache (works across cores).
2. Flush cache.
3. Run victim.
4. Measure access times to victim memory.

Question 9

How does an attacker probe address for FLUSH+RELOAD?

Answer 9

mmap() function