Questions tagged [side-channel]

A side channel attack is an attack that deduces secret information from environmental observations such as timing or power consumption.

A side channel of system is a way in which the system reveals information indirectly. Side channel attacks attacks can allow attackers to obtain confidential information even when the stored or transmitted message itself is not leaked.

A common class of side channels is timing timing-attack, where the duration of certain operations reveals information about the data that is being processed. For example, the number of elementary operations in an encryption algorithm may depend on the value of the key; the interval between network packets may be indicative of how much computation was required to generate the packet and thus of the content of the packet.

Other types of side channels include power consumption, electromagnetic radiation, noise, etc.

For questions about side channel attacks on cryptographic algorithms specifically, see also side-channel-attacks on our sister site about cryptography.

85 questions

171

votes

3 answers

Meltdown and Spectre Attacks

Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one. Main concerns What is speculative execution and what does it…

vulnerability known-vulnerabilities side-channel meltdown spectre

asked Jan 05 '18 at 13:41

M'vy

13,033
3
47
69

votes

8 answers

Should I worry about remote timing attacks on string comparison?

Say we have a Java web application which uses a shared secret to verify the identity of the client. The secret is stored on the server, and the client transmits the secret over SSL where it is checked: String SECRET_ON_SERVER =…

java timing-attack side-channel

asked Jan 18 '16 at 17:29

George Powell

1,508
12
14

votes

5 answers

Timing Safe String Comparison - Avoiding Length Leak

Let's say that we're building a generic timing-safe comparison function for general purpose use. Making it so that it is safe when both strings are equal length is pretty well known. However, what I'm not sure about is how we can make it safe if the…

confidentiality programming timing-attack side-channel

asked Feb 03 '14 at 21:21

ircmaxell

1,416
12
16

votes

2 answers

Principles of cache attacks

There are many scientific publications that deal with cache attacks. Most recently, the CacheBleed attack was published which exploits cache bank conflicts on the Intel Sandy Bridge architecture. Most timing attacks use a similar approach: The…

timing-attack caching side-channel

asked Jun 05 '16 at 08:07

null

votes

4 answers

Detect non HTTP packets using port 80

We are currently doing port whitelisting on our firewalls which is working well but this of course does not prevent the implementation of side channels or the misuse of these ports for other purposes. For example, an attacker could still initialize…

network firewalls ids side-channel

asked Feb 17 '16 at 08:03

davidb

4,285
3
19
31

votes

6 answers

Keyboards immune to signal monitoring?

Reading a couple questions and answers here recently got me to thinking. Wireless keyboards run the inherent risk of exposing their data due to the relatively broad transmission range, and the ease with which highly sensitive receivers (remember,…

hardware side-channel van-eck-phreaking

asked Mar 09 '11 at 20:04

Iszi

26,997
18
98
163

votes

5 answers

How can I prevent side-channel attacks against authentication?

After reading this excellent answer, I learned about the existence of side-channel attacks. From the code example provided, it is possible to determine the correct password by timing the code when given various inputs. for (i = 0; i < n; i++) { …

side-channel timing-attack

asked Oct 30 '19 at 14:22

dalearn

votes

2 answers

RSA key recovery using sound - How does it work?

A very interesting Debian security advisory was released yesterday. Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen…

rsa side-channel

asked Dec 19 '13 at 12:04

user10211

votes

2 answers

How are code-branch side channel attacks mitigated on Java?

When you are working with secret keys, if your code branches unequally it could reveal bits of the secret keys via side channels. So for some algorithms it should branch uniformly independently of the secret key. On C/C++/Rust, you can use assembly…

java side-channel assembly

asked Mar 06 '22 at 22:09

Guerlando OCs

votes

5 answers

Can sites which check your password as you type pose a security risk?

Some sites that I use check my password as I type it into the login (not registration) form. So, for example, to begin with I might have: Username: sapi ✓ Password: passw × and by the time I've finished typing, the site already lets me know that…

tls passwords side-channel

asked Jul 25 '14 at 06:31

sapi

1,850
2
12
11

votes

5 answers

Are variable time comparisons always a security risk in cryptography code?

I came across the cryptography python package, and noticed it had the following about reporting security vulnerabilities: Examples of things we wouldn’t consider security issues: Using a variable time comparison somewhere, if it’s not possible to…

cryptography timing-attack side-channel

asked Apr 15 '19 at 01:29

curiousgeorge7

votes

2 answers

What are the new MDS attacks, and how can they be mitigated?

Several new hardware side-channels were discovered called MDS attacks, which allow reading arbitrary memory, like Meltdown. Many existing mitigations are useless against them. The relevant CVEs are: CVE-2018-12126 - Microarchitectural Store Buffer…

hardware threat-mitigation side-channel intel

asked May 15 '19 at 02:06

forest

64,616
20
206
257

votes

1 answer

Why does this cache attack work?

I was recently reading the following paper about doing a cache attack in Javascript: https://arxiv.org/pdf/1502.07373v2.pdf But I was confused by how it could work. In the paper, an 8 MB buffer was enough to have a high success rate for finding an…

javascript memory timing-attack side-channel

asked Jan 18 '18 at 20:23

sunny-lan

votes

1 answer

Covert, Overt, and side channels

I am really confused between the following three terms: Overt Channel. Covert Channel. Side-Channel. I feel frustrated! I've been searching about them to find a clear explanation but I keep getting confused more. I REALLY apology if this question…

encryption cryptography timing-attack side-channel covert-channel

asked Feb 10 '16 at 20:44

Steve

votes

5 answers

Origin of side-channel attacks

What is the origin of side-channel attacks? Is it related to the algorithm or to the implementation? In other words, is the software responsible for the attack or the hardware? Is there a cryptographic algorithm that is resistant to side-channel…

side-channel

asked Feb 10 '15 at 10:58

TheGoodUser

2 3 4 5 6 Next