What is a side-channel attack?

These types of attacks take advantage of information patterns. For example, electrical emissions from a computer screen or hard drive that could be used to analyze the type of information displayed on a screen or from computer components that draw different amounts of power when performing specific processes.

Using this type of attack could be very dangerous, because a different landscape is used to explore vulnerabilities than conventional approaches.

As shown in Figure 1 below, signals from popular devices such as smartphones, built-in IoT devices were used to find vulnerabilities, extract sensitive information or behaviors by analyzing the signal frequency over a period of time (from inputs and outputs).

Picture 1: Receiving side signals from popular devices ( source )

Another popular example of side- Attack depicting the scenario from Figure 1 is the use of the sounds of a key (keyboard) to identify it.

The image of side-channel attacks

"Usually when we design an algorithm we think about inputs and outputs. "We don't think about anything else that happens when the program runs," said Daniel Genkin, a computer scientist at the University of Michigan.

Computers work with and there are many physical side effects that can be analyzed, including time, power, and sound. These are three important ingredients that could be explored by fraudsters. For example, a timing attack is a side-channel attack in which an attacker attempts to compromise a cryptosystem by analyzing the time it takes to execute cryptographic algorithms.

Another known scenario is the blind SQL attack. Here, WAIT FOR DELAY functions can be used to suspend execution for a specified period of time or WAIT FOR TIME can be used to suspend query execution and resume when system time is equal to the parameter. Using this method, an attacker lists each letter of the desired data using the following logic:

  1. If the first letter of the first database name is "A", wait 10 seconds.
  2. If the first letter of the first database name is "B", wait 10 seconds.
  3. [etc.]

In detail, these attacks take advantage of one of these effects to obtain more information about the secrets of the algorithm used.

From the intruder's point of view, virtually any random information leak can be collected to learn something he should not have learned.

Figure 2 below shows how a side-channel attack can be used for an attacker to gain the secrets of a normal application workflow and exploit side information such as sound, frequency, power consumption, and so on to get the final output (e.g., plain text from a ciphertext).

Figure 2 : Normal workflow in relation to a side-channel attack scenario

Computer systems are now much more sophisticated so these attacks are becoming more and more difficult to detect and prevent.

For example, several bugs have been detected in recent years on popular equipment, with vulnerabilities you already know:  Meltdown, Specter, Fallout , RIDL and Zombieload. They all take advantage of side-channel attacks.

Let's look at each of them in detail.

Meltdown: This is a hardware vulnerability that affects Intel x86 microprocessors, IBM POWER processors and some ARM microprocessors. In detail, it allows a malicious process to take up all the memory, even when it is not authorized to do so.

Specter: This is a vulnerability that affects modern microprocessors.

Fallout: The Fallout attack allows the data recently written by the operating system.

RIDL: The RIDL attack can be used to leak information to various security domains from different buffers, such as the line-filling buffer and loading ports, within Intel processors.

ZombieLoad: ZombieLoad Attack revives private browsing history and other sensitive data. Allows information to be leaked from other applications, operating systems, virtual machines in the cloud and trusted execution environments.

Epilogue

Side-channel attacks have been a hot topic in recent years and have given more advanced exploration horizons to vulnerability groups. Meltdown and Specter are the real proof of this dangerous attack.

Η of such scenarios is a difficult task, but there are documented best practices that can be used OWASP (PDF) . For example, setting response times to worst execution times could be a good solution to prevent side-channel attacks in terms of time but with a serious impact on performance.

On the other hand, side-channel attacks on web applications are also a very big problem. You can, for example, find out if a user's name exists from response times or error messages.

Side-channels are displayed in different ways. Detection and prevention is a serious challenge and can often have a negative impact on system performance.

References

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).