Questions tagged [side-channel]

A side channel attack is an attack that deduces secret information from environmental observations such as timing or power consumption.

A side channel of system is a way in which the system reveals information indirectly. Side channel attacks attacks can allow attackers to obtain confidential information even when the stored or transmitted message itself is not leaked.

A common class of side channels is timing timing-attack, where the duration of certain operations reveals information about the data that is being processed. For example, the number of elementary operations in an encryption algorithm may depend on the value of the key; the interval between network packets may be indicative of how much computation was required to generate the packet and thus of the content of the packet.

Other types of side channels include power consumption, electromagnetic radiation, noise, etc.

For questions about side channel attacks on cryptographic algorithms specifically, see also side-channel-attacks on our sister site about cryptography.

85 questions

votes

6 answers

Does having no 'if' blocks in code mitigate side-channel attacks?

Looking through descriptions of Spectre and Meltdown it seems that speculative execution - the basis for these attacks - occurs only with branched code. Therefore, it seems logical to conclude that having no if statements would preclude speculative…

secure-coding side-channel

asked Jan 14 '22 at 17:49

postoronnim

votes

4 answers

Simple defense against power analysis?

I would like to hear your opinions and how effective would my proposed defense is against power analysis. It is one of the nastiest side channel attacks because it's undetectable and passive, but assuming that your power strip can be trusted it…

cryptography defense attack-vector timing-attack side-channel

asked Aug 05 '16 at 10:53

Jensen68

votes

1 answer

How sensitive are acoustic side-channels to compression with a narrowband codec?

Assume sensitive audio emissions from a mechanical keyboard. These audio emissions are often sufficient to reconstruct the actual key presses that generated the sound. If the audio is compressed using a narrowband audio codec such as G.711, how much…

side-channel compression audio infoleak

asked Apr 27 '21 at 01:20

forest

64,616
20
206
257

votes

1 answer

Is flushing of all caches on any context switch between mutually-distrusting processes the only way to prevent cache timing attacks?

This article demonstrates a devastating Javascript-based cache timing attack that allows for cross-VM tracking of mouse movements and other activities by web pages. Is the only way to prevent cache-based snooping for the kernel to (1) never run…

data-leakage timing-attack side-channel

asked May 24 '16 at 03:26

Demi

votes

1 answer

To what extent are countermeasures against side-channel attacks effective/ used regularly by everyone?

I'm doing an Extended Essay for IB right now and I'm doing it on how secure RSA is. As side-channel attacks are one category of attack, I was wondering (as I am struggling with the conclusion) while there are countermeasures, is it true that most…

rsa side-channel

asked Nov 28 '18 at 13:21

Stephanie Halim

votes

1 answer

Can speculative execution on intel cpu be disabled?

In the light of all the recent Intel Vulnerabilities with speculative execution, can speculative execution be fully disabled to protect from all this vulnerabilities, from BIOS or OS kernel? Maybe stupid question, but is it possible?

meltdown spectre side-channel cpu

asked Aug 24 '18 at 17:01

user3604665

votes

3 answers

Is the Linux kernel vulnerable to LazyFP (CVE-2018-3665)?

Recently, a side-channel attack was discovered that exploits lazy FPU state switching to leak the contents of MMX, SSE, and AVX registers. The vulnerability can only be exploited when lazy FPU saves are used, as opposed to eager FPU saves. I am…

linux vulnerability hardware kernel side-channel

asked Jun 15 '18 at 05:04

forest

64,616
20
206
257

votes

1 answer

Can Spectre be fixed in future hardware simply by purging CPU caches?

As far as I understand it, Spectre is caused by speculative execution not completely undoing all side effects of an incorrect branch prediction (specifically, not undoing a CPU cache write). Doesn't that mean that it would be relatively simple to…

side-channel spectre

asked Jan 04 '18 at 05:21

strugee

votes

1 answer

Get key by monitoring power consimption of AES hardware core?

Is it possible for an adversary to gain knowledge of the secret key by analyzing the power consumption of an AES hardware core? I think he/she can't, but I am having difficulty to give a reasonable explanation.

encryption aes hardware side-channel

asked May 20 '17 at 00:09

azerb

votes

3 answers

Software defense against cold-boot attacks

Cold boot attacks are particularly nasty. On Android, a solution is to use a Nexus device with a locked bootloader to preven flashing a custom recovery. On a PC, your safeguards are even more limited. The attacker that has access to a running laptop…

side-channel cold-boot-attack

asked May 31 '15 at 19:03

Naftuli Kay

6,715
9
47
75

votes

0 answers

FLUSH + RELOAD Proof of Concept - Why do we need to flush more than needed?

Problem I am putting together a proof of concept for the FLUSH + RELOAD attack. The method is outlined in great detail in this paper. The general idea is simple - cached addresses can be accessed with much greater speed than addresses not in the…

side-channel timing-attack intel flush-reload

asked Aug 31 '20 at 01:56

K. Jiang

votes

1 answer

Can string comparison realistically be exploited in a timing attack on a web server?

Suppose you have the following code in Node: const { token } = req.body const hash = crypto.createHmac('sha256', SECRET).update(token).digest('hex') const user = await User.findById(req.session.userId) if (hash === user.rememberMeHash)…

javascript node.js side-channel timing-attack

asked Dec 15 '19 at 02:10

Alex

votes

3 answers

How are websites actually mititating BREACH? (HTTPS + compression)

After reading some popular questions and answer on this website about BREACH, the only advice seems to be: don't compress anything that might contain secrets (including CSRF tokens). However, that doesn't sound like great advice. Most websites are…

tls threat-mitigation side-channel compression breach

asked Dec 12 '19 at 16:58

reed

15,398
6
43
64

votes

0 answers

What kind of attacks can hardware level memory encryption protect from?

Both AMD and Intel have introduced memory encryption at the hardware level. AMD calls this Secure Memory Encryption (SME), with the Intel version being Total Memory Encryption (TME). What kind of attacks can this technology protect from, and what…

encryption hardware spectre side-channel rowhammer

asked Oct 28 '19 at 16:12

Steve Sether

21,480
8
50
76

votes

1 answer

If rowhammer only results in capacitor discharge, how can it flip 0 to 1?

In rowhammer, why will changing the voltage on one row cause the other row to open/close? Is it related to induction? How can it change bits from 0 to 1? I understand from 1 to 0 - voltage discharge, but how can it cause cells to charge? EDIT: This…

hardware physical memory side-channel rowhammer

asked Aug 09 '18 at 05:44

789

Prev 1

3 4 5 6 Next