Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: What is a "Side-channel attack?"  (Read 2327 times)

0 Members and 1 Guest are viewing this topic.

Geek-9pm

    Topic Starter

    Mastermind
  • Geek After Dark
  • Thanked: 1026
    • Gekk9pm bnlog
  • Certifications: List
  • Computer: Specs
  • Experience: Expert
  • OS: Windows 10
What is a "Side-channel attack?"
« on: January 31, 2018, 08:43:27 PM »
Side-channel attack?
This term might appear  in recent news articles about a perceived weakness in the way modern computer chips work. Such a weakness might be used by cyber criminals to compromise data security.
Here is the Wikipedia explanation:
https://en.wikipedia.org/wiki/Side-channel_attack
Quote
Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited to break the system. Some side-channel attacks require technical knowledge of the internal operation of the system, although others such as differential power analysis are effective as black-box attacks. Many powerful side-channel attacks are based on statistical methods pioneered by Paul Kocher.
This is nothing new.
Quote
Historical analogues to modern side-channel attacks are known. A recently declassified NSA document reveals that as far back as 1943, an engineer with Bell telephone observed decipherable spikes on an oscilloscope associated with the decrypted output of a certain encrypting teletype.[...
...
In the 1980s, Soviet eavesdroppers were suspected of having planted bugs inside IBM Selectric typewriters to monitor the electrical noise generated as the type ball rotated and pitched to strike the paper; the characteristics of those signals could determine which key was pressed.[10]
Nothing to worry about.

BC_Programmer


    Mastermind
  • Typing is no substitute for thinking.
  • Thanked: 1140
    • Yes
    • Yes
    • BC-Programming.com
  • Certifications: List
  • Computer: Specs
  • Experience: Beginner
  • OS: Windows 11
Re: What is a "Side-channel attack?"
« Reply #1 on: January 31, 2018, 08:57:29 PM »
My understanding has been that it is analogous to "listening" to a combination lock to try to find the combination; exploiting a deep understanding of the specific mechanisms of a system in order to gain access.

I think it's name is because it's not quite a backdoor, but it's certainly not the "expected" way in. Sort of like the difference between having a secret backdoor password and knowing that a system takes an extra 2 nanoseconds somehow each time you type the correct letters for the password.
« Last Edit: January 31, 2018, 09:10:19 PM by BC_Programmer »
I was trying to dereference Null Pointers before it was cool.

Geek-9pm

    Topic Starter

    Mastermind
  • Geek After Dark
  • Thanked: 1026
    • Gekk9pm bnlog
  • Certifications: List
  • Computer: Specs
  • Experience: Expert
  • OS: Windows 10
Re: What is a "Side-channel attack?"
« Reply #2 on: January 31, 2018, 10:27:01 PM »
Good example!
Similar analogies could be made about physical security.
A householder gets new locks for his doors and neglects to notice there is a small window the attic.  A small burglar could get in through the small window.

That does not mike the house a bad house. It just was not made to be a fortress.

The 'flaws' in the design of any CPU might be necessary to get the level pf performance that  users expect. As this time that has not been proven to be true or false.

Right now, the really big threat is so many users are not vigilant about computer security and allow too many unsafe  things to get into a personal computer.

I found a link that claims you do not need an AV programs anymore.  :o
No, I am not going to put the link here.  8)