What are the types of side channels?
I/O Observable, Software observable, physically observable
What is an I/O Observable SC?
Using metadata about a program’s response to input/output to leak information
What is a software observable SC?
obtaining information by executing a program on the target system
What is a physically observable SC?
obtain information by observing the target’s physical properties
Subtypes of I/O SCs?
Timing side channel, termination side channel (subtype of timing)
What is and isn’t an I/O SC?
Observing when and how large data is sent, NOT the data itself
Why are I/O SC dangerous?
They generally do not require physical access and therefore can be done remotely and without permissions
What is the main cause of I/O SC?
Secret-dependent control flows that create a timing difference
What is the main idea behind software observable SC?
Programs running on the same computer share resources. By measuring your own performance, you can learn information about other programs’ resource usage
Name some shared resource side channels
- monitor pages swapped into RAM to tell which part of a program is executing
- branch pred can leak information about which branches have been taken
- cache side channels
Shared resource contention side channels
?
What is speculative execution?
when we are not sure what instructions we should be executing, so we speculatively execute our best guess (branch pred)
Describe Spectre
Speculative execution attack.
- victim stores secret in reg
- has secret-independent code with branch instr
- attack trains predictor to jump to malicious code, reads secret from reg
- uses a cache side channel to read secret
- victim sees branch is incorrect, flushes pipeline, proceeds
What are some examples of physically observable SCs?
Power, sound/acoustic, backscattering, electromagnetic, temperature, photonic/light, fault injections (physically inject fault signal into the system)
Subtypes of power SCs?
- Simple Power Analysis (SPA) - observable by looking at power trace (looking at raw data)
- Differential Power Analysis (DPA) - observable by looking at statistical transformation of data
- High-Order Differential Power Analysis (HO-DPA) - DPA but using data from multiple sources (must synchronize by time)
What are the benefits of EM SCs?
- Can be measured without direct access to device
- hard to mimic EM signals - harder for malware to fake the correct signal
-
Introduction16
-
I/O Side Channels9
-
Software Observable Side Channels8
-
Software-Observable SC Beyond Resource Contention10
-
Physically Observable Side Channels24
-
Modulation and Side Channels26
-
Fine-Grained Analysis of Physically Observable Side Channels23
-
Software Created Covert Channels5
-
Parameters that Affect Physically Observable Side Channels32
-
Fault Injection Attacks21
-
Back-Scattering Side Channels14
-
Hardware Trojans34
-
Historical Overview of Side Channel Attacks7
-
Historical Overview of Physically Observable Side Channels10
-
quizzes2
