Re: [Hackmeeting] Physical Side-Channel Key-Extraction Attac…

Delete this message

Reply to this message
Autor: gin(e)
Data:  
Para: hackmeeting
Assunto: Re: [Hackmeeting] Physical Side-Channel Key-Extraction Attacks
On 08/22/2014 04:43 PM, Gino di Hacklabbo wrote:
> Our attacks use novel side channels and are based on the observation that
> the "ground" electric potential in many computers fluctuates in a
> computation-dependent way. An attacker can measure this signal by
> touching exposed metal on the computer's chassis with a plain wire, or
> even with a bare hand. The signal can also be measured at the remote end
> of Ethernet, VGA or USB cables.


Di seguito le domande prese dal link passato che mi son sembrate
simpatiche, non hanno però risposto alla mia domanda, parlano della
possibilità di individuare la chiave in base ad un pattern che hanno
riscontrato essere usato per i 2 algoritmi del determinato programma.
Come fanno a distinguere quel pattern se il computer è sotto carico?
Cioè se mentre decritto sto computando altro, la computazione non sporca
il pattern?

---

Q8: How vulnerable is GnuPG now?
We have disclosed our attack to GnuPG developers under CVE-2013-4576 and
CVE-2014-5270, suggested suitable countermeasures, and worked with the
developers to test them. New versions of GnuPG 1.x and of libgcrypt
(which underlies GnuPG 2.x), containing these countermeasures and
resistant to the key-extraction attack described here, were released
concurrently with the first public posting of these results.

GnuPG version 1.4.16 onwards, and libgcrypt 1.6.0 onwards, resist the
key-extraction attack described here. Some of the effects we discovered
(including RSA key distinguishability) remain present.

Q11: What countermeasures are available?
Physical mitigation techniques include Faraday cages (against EM
attacks), insulating enclosures (against chassis and touch attacks), and
photoelectric decoupling or fiberoptic connections (against "far end of
cable" attacks). However, inexpensive protection of consumer-grade PCs
appears difficult, especially for the chassis channel.

Alternatively, the cryptographic software can be changed, and
algorithmic techniques employed to render the emanations less useful to
the attacker. These techniques ensure that the rough-scale behavior of
the algorithm is independent of the inputs it receives; they usually
carry some performance penalty, but are often used in any case to thwart
other side-channel attacks.

non capisco come facciano a distinguere tra