SIDE-CHANNEL ATTACK (SCA)

 Imagine that a robber wants to break into your house, not necessarily he has to break the lock and come inside. he may break the hinges of the door and break-in. Like this attackers use a similar concept to break a cryptosystem through side-Channel attack.

Come on let's go through the topic Side-Channel Attack 

what is a side-channel attack ?

Introduction

 A side-channel attack (SCA) is a security exploit that attempts to extract secrets from a chip or a system by measuring or analyzing various parameters.

Such as: timing information, power consumption, electromagnetic leaks

Or we can say that "side-channel attacks are based on side-channel information"

A side-channel attack may also be referred to as a sidebar attack or an implementation attack. These attacks pose a serious threat to modules that integrate cryptographic system.

How does a SCA work?

* A side-channel attack doesn't target a program or its code directly.

* It attempts to gather information or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware.

It breaks cryptography by exploiting information in advertently leaked by a system.

Eg: van Eck phreaking attack, which is also known as a Transient Electromagnetic Pulse Emanation Standard (TEMPEST).This attack monitors the electromagnetic field (EMF) radiation emitted by a computer screen to view information before it is encrypted. 



Different types of Side-Channel Attacks

Cache attackattacks based on attacker's ability to monitor cache accesses made by the victim in a shared physical system as in virtualized environment or a type of cloud service.

Eg: In 2017, two CPU vulnerabilities Meltdown and Spectre were discovered, which can use a cache and timing-based side channel to allow an attacker to leak memory contents of other processes and the operating system itself.

* Timing attack attacks based on measuring how much time various computations take to perform.

The research paper on “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems” by Paul C.Kocher shows the timing attacks that have been done on the cryptographic implementations to extract the secret key.

The following factors can cause impact in the timing attack:

  • The CPU that runs the system.
  • The design of the cryptographic system and the algorithms it uses.
  • The way the system has been implemented.
  • Any timing attack countermeasures that may be in place.

Power-monitoring attackattacks that make use of varying power consumption by the hardware during computation.

These attacks are roughly categorized into simple power analysis (SPA) and differential power analysis (DPA).

 Simple power analysis (SPA) attacks are characterized by Kocher et al. in [KJJ99] in the following way: “SPA is a technique that involves directly interpreting power consumption measurements collected during cryptographic operations.” In other words, the attacker tries to derive the key more or less directly from a given trace. This can make SPA attacks quite challenging in practice. Often, they require detailed knowledge about the implementation of the cryptographic algorithm that is executed by the device under attack. Furthermore, if only one power trace is available, usually complex statistical methods have to be used in order to extract the signal.

Differential power analysis (DPA) is the use of power monitoring techniques to discover and interpret the cryptographic mechanisms within a silicon device. Silicon Labs incorporates several patented countermeasures to make DPA attacks more difficult to execute. DPA is possible due to electromagnetic radiation and fluctuations in power consumption are side effects of any electronic system. An adversary can exploit these natural phenomena to gain information on what a silicon device is doing at a point in time. Silicon Labs implements countermeasures that prevent or mitigate these threats.

Electromagnetic attackattacks based on leaked electromagnetic radiation, which can directly provide plaintexts and other information.

Acoustic cryptanalysisattacks that exploit sound produced during a computation (rather like power analysis).

 A 2017 study (Genkin, Shamir, & Tromer, 2017) demonstrated acoustic attacks against computer processors by analyzing noise from capacitors and inductors inside the motherboards.

* Differential fault analysisin which secrets are discovered by introducing faults in a computation.

Data remanence in which sensitive data are read after supposedly having been deleted. (i.e. Cold boot attack).

Software-initiated fault attacksCurrently a rare class of side channels, Row hammer is an example in which off-limits memory can be changed by accessing adjacent memory too often (causing state retention loss).

Opticalin which secrets and sensitive data can be read by visual recording using a high resolution camera, or other devices that have such capabilities.

For detailed information you can check the link given below:

* https://payatu.com/blog/asmita-jha/side-channel-attack-basics

* https://www.cybrary.it/blog/what-is-a-side-channel-attack/

* https://www.comparitech.com/blog/information-security/side-channel-attack/

Conclusions

Side-channel attacks are an important class of cryptanalytic techniques. Although less generic than classical cryptanalysis, since they target a specific implementation rather than an abstract algorithm, they are generally much more powerful. Such attacks are applicable to most (if not all) present circuit technologies and have to be considered as a serious threat for the security of actual embedded devices. From an operational point of view, security against side-channel attacks can be obtained by the sound combination of various countermeasures. However, significant attention has to be paid to the fair evaluation of these countermeasures in order to properly assess the security of any cryptographic device and trade it with implementation efficiency. Additionally side-channel attacks are only a part of the physical reality and resisting them may induce weaknesses with respect to other issues. The development of a unified framework for the analysis of physical security concerns and possibly a theory of provable physical security is a long term goal in cryptographic research.

Comments

Post a Comment

Popular posts from this blog

TryHackMe - Overpass

Image
   Overpass Hello guys, welcome    back again! with another walkthrough this time   we're moving through a box called "overpass" from TryHackMe . Come on guys, let's move to the TryHackme website, login with your  credentials then go to the learn option there search for "Overpass" select it and join the room. Before starting the machine you need to establish a connection with TryHackMe server using an openvpn. For that you click on  the profile avatar ➡ Access  ➡  Download my configuration file. Next you need to open your terminal and run these cmds: ➡ ls ➡ cd Downloads ➡ ls ➡ sudo openvpn (filename) Now our ovpn connected successfully. Go back to THM website and select ' start machine ', you will get an IP copy that IP and open new terminal switch to root user by using cmd: sudo su. Scanning & Enumeration:    ➡ ping 10.10.137.248     ➡  nmap -A  10.10.137.248 After aggressive scanning we get that, port 22 ...
Read more

MATRIX

Image
 Hello , welcome all, we are here for a walkthrough on matrix machine. Lets roll on and capture the flag.  Summary of the steps The summary of the steps involved in solving this CTF is given below.    1, Identifying target host by using the Nmap utility    2, Scanning open ports by using the Nmap scanner    3, Learning more about the target system with HTML comments    4, Identifying and downloading hidden files    5, Generating a password list with wordlist    6, Brute-forcing with Hydra    7, Logging in and bypassing Rbash shell    8, Taking root access    9, Reading flag file Step-1 * First open terminal and run  "ifconfig"  command, copy the IP and move to next step Step-2 switch to root user by running "sudo su" command * Take IP and scan using Nmap run;    ⇒  nmap -sn IP.0/24 * For aggressive scanning run;  ⇒ nmap -A -v IP Step-3 * Copy that IP and sear...
Read more