Vulnerability Development mailing list archives
Re: Covert Channels
From: Jose Nazario <jose () monkey org>
Date: Thu, 24 Oct 2002 12:35:58 -0400 (EDT)
most of the examples in this thread have focused on spycraft type stuff, deliberate signalling via communications channels. know also that covert channels can be an inherent design flaw, not tied to deliberate actions, such as timing channels. they can reveal as much information, if not more. as an example, consider the timing attack on cryptography. you can roughly estimate the size of cryptographic keys by watching processor timings. this is an information leak, because now you have some sensitive information about the characteristics of the encryption keys. see "hevia, a, and kiwi, m, 'strength of two data encryption standard implementations under timing attacks', ACM transactions on information and systems security, november, 1999". consider, also, power consumption analysis of smart cards. ___________________________ jose nazario, ph.d. jose () monkey org http://www.monkey.org/~jose/
Current thread:
- RE: Covert Channels, (continued)
- RE: Covert Channels Chris Anley (Oct 22)
- RE: Covert Channels Frank Knobbe (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Richard Masoner (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- Re: Covert Channels Timothy J. Miller (Oct 23)
- Re: Covert Channels David Wagner (Oct 24)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Brooke, O'neil (EXP) (Oct 23)
- RE: Covert Channels Anton Aylward (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Jose Nazario (Oct 24)
- Re: Covert Channels David Wagner (Oct 24)