Chapter 2 - 08 - Understand Cryptographic Attacks - 03_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chapter 2 - 08 - Understand Cryptographic Attacks_fax_ocred.pdf
- Chapter 2 - 08 - Understand Cryptographic Attacks - 04_ocred_fax_ocred.pdf
- WGU D430 Fundamentals of Information Security Exam - 2024/2025 Past Paper PDF
- Chapter_1 Introduction to Cryptography.pdf
- Chapter 1 Introduction to Cryptography PDF
- Computer and Information Security (PDF)
Full Transcript
Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Side-Channel Attack A side-channel attack is a physical attack performed on a cryptographic device/cryptosystem to gain sensitive information Cryptography is generally part of the hardware or software that runs on physical...
Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Side-Channel Attack A side-channel attack is a physical attack performed on a cryptographic device/cryptosystem to gain sensitive information Cryptography is generally part of the hardware or software that runs on physical devices, such as semi-conductors (including resistors, transistors, etc.) These physical devices are affected by various environmental factors, including power consumption, electro-magnetic field, light emission, timing and delay, and sound In a side-channel attack, an attacker monitors these channels (environmental factors) and tries to acquire the information useful for cryptanalysis :..................> 3 Operation Security Boundary Output data Ex: Plaintext «++ > Q - TN < P \ 4 Side-Channel Analysis Channel H : v Assume that encrypted data is to be decrypted v At the time of decryption in a cryptosystem, and displayed as plain text inside a trusted zone physical environmental factors, such as timing of a computer are recorded by an attacker v Timing Information Power Dissipation } and power dissipation, acting on the components n MU0 ?o ,,,,,,,,,,,, “Main” T 1 R A wes Cryptographic 0 ! inputdata N 2 § ¥' The attacker analyzes this information in an Electromagneti Fields Light attempt to gain useful information for cryptanalysis L Al Rights Reserved, Reproduction is Str Side-Channel Attack A side-channel attack is a physical attack performed on a cryptographic device/cryptosystem to gain sensitive information. Cryptography is generally part of the hardware or software that runs on physical devices such as semi-conductors (resistor, transistor, and so on) that interact with and affect various environmental factors as follows: Power Consumption Reveals operations that take place and parameters involved. It is applicable only to hardware cryptosystems. Power consumption analysis is of two types: o Simple Power Analysis (SPA): Provides information regarding the instruction being executed at a certain time and the values of input and output o Differential Power Analysis (DPA): It does not require the knowledge of the details of algorithm implementation; it exploits statistical methods Electromagnetic Field Computer components often generate electromagnetic radiation. By measuring the variations of the electromagnetic field over the chip surface, an attacker can predict its correlation to the underlying computation and data and may be able to deduce some valuable information about this computation and data. Light Emission Kuhn found that the average luminosity of a cathode ray tube (CRT) diffuse reflection of a wall is sufficient to reconstruct the signal displayed on the CRT. Thus, an attacker can gather ample information by reading the signals that a trusted computing platform’s optical output channels emit. Module 02 Page 394 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 According to Loughry and Umphress, one can deduce the data a computer is processing based on the optical radiation emitted from its LED (light-emitting diode) status indicators. * Timing and Delay Systems often compute cryptographic algorithms without time consistency owing to performance optimizations. If such computations involves secret data, then the variations in time can be used to infer the secret information. Here, the attacker analyzes the time taken by a cryptographic device to process each message to discover the secret parameters. = Sound Acoustic attacks exploit the sound produced during a computation. These emissions are from keyboards and computing components (e.g., CPU, memory) acoustic In a side-channel attack, an attacker monitors these channels (environmental factors) and tries to acquire useful information for cryptanalysis. The information thus acquired is termed as sidechannel information. Side-channel attacks are different from traditional/theoretical forms of attacks such as brute-force attacks. The side-channel attack depends on the way in which systems implement cryptographic algorithms rather than the algorithm itself. Mitigation techniques for side-channel-attacks include the following: = Use differential power analysis (DPA) proof protocols with delimited side-channel leakage characteristics and update the keys before the leakage accumulation is significant = Use fixed-time algorithms (i.e., no data-dependent delays) ® Mask and blind algorithms using random nonces = |mplement differential matching techniques to minimize net data-dependent leakage from logic-level transitions = Pre-charge registers and busses to remove leakage signatures from predictable data transitions = Add amplitude or temporal noise to reduce the attacker's signal-to-noise ratio Side-Channel Attack — Scenario Assume that encrypted data are to be decrypted and displayed as plaintext zone. At the time of decryption in a cryptosystem, physical environmental timing and power dissipation, acting on the components of a computer are attacker. The attacker then analyzes this information to gain useful cryptanalysis. Module 02 Page 395 inside a trusted factors, such as recorded by an information for Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks /fi\ m. Exam 212-82 e e? OIR NI NN RN : Input data > lll:--l.llllll-lllll...E......:.........> % ’} E: Ex: Ciphertext -y R :Il....“l") ) ll@' =alede - NN NN ll'llllll'lll: @ NS REEEREENNEERRREEEREERRRERRRRRRRERERR,, RN NI REERERREERsRRREERERRRERRRERE, Security Boundary Output data Operation era |°n EX"I))ecryption EX: Decryption < NN NN Crz)ptog?phic Cryptographic ". (} (l EE NN NN NN SEssssssssssEssEssEns...-.......‘......... Ex: Plaintext. o) - : ! _ “Main” Ch : i l. : Channel anne.: s.: Unintended “Side” Channel(s) v S Timing Information Power Side-Channel Analysis Dissipation Electromagnetic Fields Fields Light Figure 2.79: Side-Channel attack — scenario Module 02 Page 396 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
