funsec mailing list archives
Re: side-channel attacks
From: "Wayne J. Hauber" <wjhauber () iastate edu>
Date: Fri, 23 Sep 2005 13:35:52 -0500
At 12:23 PM 9/23/2005, Gadi Evron wrote:
Wayne J. Hauber wrote:Does this article seem plausible? If so, it adds a new security risk that I had never considered.http://www.securityfocus.net/news/11318> I recently posted about this somewhere else.Side channel attacks are not new. You can listen to the keyboard, cpu, hdd, etc. You can go with EM radiation. You can use a telescope to view through a window a reflection off a wall. All you have to do is Google. :)But yes, side channel attacks are cool. Thing is, there are usually *much* easier ways of doing things.A Trojan horse can also be considered a side-channel attack if we are talking encryption, which is exactly the difference between how crypto guys and security guys think.If you ask a crypto guy what the best way of breaking RSA is, you'd get a complicated answer with if's, maybe's and math. If you ask a security guy (or in this case, me), I'd just say use a Trojan horse.
:-) You are right of course. A Trojan is much simpler and more effective.
For crypto guys, once an algorithm is found weak it is no longer trusted and they try and develop new ones, which is good for their science. As security people the more vulnerabilities are found and fixed the more secure we feel (except for worrying that the coders suck and the holes will keep showing).Back to side-channel attacks, try Googling for what Adi Shamir has to say on them. I love this subject. It's way cool.
Thanks for the reference. I skimmed Adi Shamir's stuff. He has a lot to say about side-channel attacks. This looks like something for my late night reading pleasure.
Also, thanks for the new term. I'll add side-channel attacks to my personal glossary.
Wayne
Gadi. -- My blog: http://blogs.securiteam.com/?author=6"The third principle of sentient life is the capacity for self-sacrifice --- the conscious ability to override evolution and self-preservation for a cause, a friend, a loved one."-- Draal, "A Voice in the Wilderness", Babylon 5.
Wayne Hauber (515) 294-9890 Information Technology Services IT Security and Policies 109 Durham Center, ISU, Ames, Iowa 50011wjhauber () iastate edu
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- recorded key clicks a security risk? Wayne J. Hauber (Sep 23)
- side-channel attacks Gadi Evron (Sep 23)
- Re: side-channel attacks Wayne J. Hauber (Sep 23)
- Re: recorded key clicks a security risk? Roland Dobbins (Sep 23)
- Re: recorded key clicks a security risk? Florian Weimer (Sep 23)
- <Possible follow-ups>
- Re: recorded key clicks a security risk? Gregory Hicks (Sep 23)
- side-channel attacks Gadi Evron (Sep 23)