Side-channel attacks are always connected with things like algorithms. But the fact is that the side-channel attack benefits some usually small but destructive vulnerabilities in physical infrastructure. In the worst case, people can have a straight line to see through the window what people are writing on their screens while they are walking on the streets. The side-channel attack means that the attacker benefits from physical vulnerabilities.
In Wikipedia, the description of the side-channel attack goes like this. "In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorithm itself (e.g. flaws found in cryptanalysis of a cryptographic algorithm) or minor, but potentially devastating, mistakes or oversights in the implementation. (Cryptanalysis also includes searching for side-channel attacks.) Timing information, power consumption, electromagnetic leaks, and sound are examples of extra information which could be exploited to facilitate side-channel attacks". (Wikipedia, Side-channel attack)
The attacker uses things like changes in the electromagnetic activity or the hacker can benefit from information like suddenly happening needs to change passwords. The best example is the people who are working in some "interesting company", and they discuss in the restaurant about their work. Then somebody says that "There just came to the request to change the password, and I just changed it a couple of days ago". That information can tell hackers that there is something big going on.
We all heard the term side-channel attack. That term means that somebody benefits from the physical vulnerability or structures in the system to get access to the targeted system. The side-channel attack could be the dropped paper there are passwords, eavesdropping with or without electronic systems. Even electronic system-based eavesdropping is not expensive or difficult.
The hacker must just use something like a baby monitor that is hidden in the room. Or the hacker can put the microphone to the stethoscope and eavesdrop the victim through the wall and then the target will turn vulnerable. More advanced ways to make side-channel attacks are drones that monitor the computer's screens through windows and other sensors that can observe the changes in the electricity in wires.
The attackers can follow the use of microprocessors. They can follow electromagnetic waves or they can follow the use of electricity in some buildings. If a thing like a supercomputer center starts to use lots of electricity that means something is happening. Sound is also the mark that something is going on in the computer rooms. If the coolers and ventilation start to act suddenly the computers are driving something heavy. That thing makes especially the computer centers vulnerable.
The sound of the coolers is an effective way to get information about the time when the system makes something hard if there are only supercomputers. Same way certain persons that can connect with some kind of actions like military forces that are going in some computer firm with briefcases can tell that there is some kind of contract going on with that software firm and interesting organization.
https://scitechdaily.com/mits-cybersecurity-metior-a-secret-weapon-against-side-channel-attacks/
https://en.wikipedia.org/wiki/Side-channel_attack
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.