Questions tagged [side-channel]

A side channel attack is an attack that deduces secret information from environmental observations such as timing or power consumption.

A side channel of system is a way in which the system reveals information indirectly. Side channel attacks can allow attackers to obtain confidential information even when the stored or transmitted message itself is not leaked.

A common class of side channels is timing , where the duration of certain operations reveals information about the data that is being processed. For example, the number of elementary operations in an encryption algorithm may depend on the value of the key; the interval between network packets may be indicative of how much computation was required to generate the packet and thus of the content of the packet.

Other types of side channels include power consumption, electromagnetic radiation, noise, etc.

For questions about side channel attacks on cryptographic algorithms specifically, see also side-channel-attacks on our sister site about cryptography.

85 questions
171
votes
3 answers

Meltdown and Spectre Attacks

Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one. Main concerns What is speculative execution and what does it…
M'vy
  • 13,033
  • 3
  • 47
  • 69
36
votes
8 answers

Should I worry about remote timing attacks on string comparison?

Say we have a Java web application which uses a shared secret to verify the identity of the client. The secret is stored on the server, and the client transmits the secret over SSL where it is checked: String SECRET_ON_SERVER =…
George Powell
  • 1,508
  • 12
  • 14
22
votes
5 answers

Timing Safe String Comparison - Avoiding Length Leak

Let's say that we're building a generic timing-safe comparison function for general purpose use. Making it so that it is safe when both strings are equal length is pretty well known. However, what I'm not sure about is how we can make it safe if the…
ircmaxell
  • 1,416
  • 12
  • 16
19
votes
2 answers

Principles of cache attacks

There are many scientific publications that deal with cache attacks. Most recently, the CacheBleed attack was published which exploits cache bank conflicts on the Intel Sandy Bridge architecture. Most timing attacks use a similar approach: The…
null
  • 525
  • 2
  • 13
19
votes
4 answers

Detect non HTTP packets using port 80

We are currently doing port whitelisting on our firewalls which is working well but this of course does not prevent the implementation of side channels or the misuse of these ports for other purposes. For example, an attacker could still initialize…
davidb
  • 4,285
  • 3
  • 19
  • 31
18
votes
6 answers

Keyboards immune to signal monitoring?

Reading a couple questions and answers here recently got me to thinking. Wireless keyboards run the inherent risk of exposing their data due to the relatively broad transmission range, and the ease with which highly sensitive receivers (remember,…
Iszi
  • 26,997
  • 18
  • 98
  • 163
18
votes
5 answers

How can I prevent side-channel attacks against authentication?

After reading this excellent answer, I learned about the existence of side-channel attacks. From the code example provided, it is possible to determine the correct password by timing the code when given various inputs. for (i = 0; i < n; i++) { …
dalearn
  • 283
  • 2
  • 10
17
votes
2 answers

RSA key recovery using sound - How does it work?

A very interesting Debian security advisory was released yesterday. Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen…
user10211
17
votes
2 answers

How are code-branch side channel attacks mitigated on Java?

When you are working with secret keys, if your code branches unequally it could reveal bits of the secret keys via side channels. So for some algorithms it should branch uniformly independently of the secret key. On C/C++/Rust, you can use assembly…
Guerlando OCs
  • 405
  • 4
  • 14
15
votes
5 answers

Can sites which check your password as you type pose a security risk?

Some sites that I use check my password as I type it into the login (not registration) form. So, for example, to begin with I might have: Username: sapi ✓ Password: passw × and by the time I've finished typing, the site already lets me know that…
sapi
  • 1,850
  • 2
  • 12
  • 11
12
votes
5 answers

Are variable time comparisons always a security risk in cryptography code?

I came across the cryptography python package, and noticed it had the following about reporting security vulnerabilities: Examples of things we wouldn’t consider security issues: Using a variable time comparison somewhere, if it’s not possible to…
curiousgeorge7
  • 121
  • 1
  • 4
11
votes
2 answers

What are the new MDS attacks, and how can they be mitigated?

Several new hardware side-channels were discovered called MDS attacks, which allow reading arbitrary memory, like Meltdown. Many existing mitigations are useless against them. The relevant CVEs are: CVE-2018-12126 - Microarchitectural Store Buffer…
forest
  • 64,616
  • 20
  • 206
  • 257
11
votes
1 answer

Why does this cache attack work?

I was recently reading the following paper about doing a cache attack in Javascript: https://arxiv.org/pdf/1502.07373v2.pdf But I was confused by how it could work. In the paper, an 8 MB buffer was enough to have a high success rate for finding an…
sunny-lan
  • 251
  • 1
  • 6
10
votes
1 answer

Covert, Overt, and side channels

I am really confused between the following three terms: Overt Channel. Covert Channel. Side-Channel. I feel frustrated! I've been searching about them to find a clear explanation but I keep getting confused more. I REALLY apology if this question…
9
votes
5 answers

Origin of side-channel attacks

What is the origin of side-channel attacks? Is it related to the algorithm or to the implementation? In other words, is the software responsible for the attack or the hardware? Is there a cryptographic algorithm that is resistant to side-channel…
TheGoodUser
  • 799
  • 1
  • 6
  • 13
1
2 3 4 5 6