Side channel attacks
-
Upload
stefan-fodor -
Category
News & Politics
-
view
1.267 -
download
1
Transcript of Side channel attacks
- 1. Side-Channel AttacksStefan FODOR(backb0ne fl00d3r )1 day before June 'couse the true 1337 hax0rs don't care about vulnerabilities
- 2. Overview
- What is side channel attack
- 3. Classes of side channel attack
- 4. Examples
- 5. Countermeasures
- 6. Questions?
- 7. Side Channel Attacks
- Attack on cryptosystem
- 8. Informations gained from the physical implementation
-
- Not brute-force
- 9. Nor known vulnerabilities
-
- Requires advancesknowledges
-
- Hurraaayy.. no script kiddies!
-
- 10. Classes
- Timing attacks
- 11. Power monitoring attacks
- 12. Electromagnetic attacks
- 13. Acoustic cryptoanalysis
- 14. Differential fault analysis
- 15. OpenSSL attack
- Timing attack
- 16. Apache + mod_SSL
- 17. Compared time needed todecrypting multiple requests
- 18. They deduced multiple 1024 bit private-key
- 19. Acoustical spying
- 10 minutes sound of user typing on a keyboard
- 20. Bad : recovered 96% of the text based on audio
- 21. Worse : 69% of all 10 random character password
- 22. Worst : works on ATMs, too
- 23. Smartphone eBanking
- Implemented as a proof-of-concept
- 24. Monitor the electromagnetic field of the smart-phone performing encryptions
- 25. Deduces the encryption key
- 26. Cold boot attack
- Personal favorite
- 27. Recover the disk encryption key
- 28. after freezing the RAM Memory
- 29. Released in July 2008, still no decent remedy
- 30.
- Countermeasures
- Depends on the system
-
- And the attack predisposed to
-
- You can't beat the hacker's imagination
- 31. Questions?
- 32. Resources
- http://www.networkworld.com/community/node/58989
- 33. http://en.wikipedia.org/wiki/Side_channel_attack
- 34. http://www.berkeley.edu/news/media/releases/2005/09/14_key.shtml
- 35. http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
- 36. http://citp.princeton.edu/memory/
- 37. http://www.youtube.com/watch?v=4L8rnYhnLt8