SysSec Lec 1,2 and 3
Side Channel Attacks
Side Channel Attacks
Fichier Détails
| Cartes-fiches | 14 |
|---|---|
| Langue | English |
| Catégorie | Electrotechnique |
| Niveau | Université |
| Crée / Actualisé | 05.01.2021 / 14.01.2021 |
| Lien de web |
https://card2brain.ch/box/20210105_syssec_lec_12_and_3
|
| Intégrer |
<iframe src="https://card2brain.ch/box/20210105_syssec_lec_12_and_3/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Which types of devices are mainly targeted by power analysis side channel attacks?
Smartcards, RFID chips, Sensor Nodes
What is the meaning of the abbreviations SPA and DPA? And what is the difference between thes two?
SPA - Simple Power Analysis / DPA - Differential Power Analysis
While SPA aims for direct traces of a cryptographic key or secret, DPA combines Statistical analysis of multiple measurements with CPA and CCA to extract information about the secret.
What is the meaning of CCA, CPA and KPA?
CCA - Chosen Ciphertext Attack
CPA - Chosen Plaintext Attack
KPA - Known Plaintext Attack
There are also attacks called Chosen Plain- and Ciphertext Attacks
What equipment are used for power cryptanalysis attacks?
Modified reader, Oscilloscope, Ammeter
Given a CMOS logic gate as in the drawing, what can you say about the power consumed during transitions from:
0 to 0
1 to 1
0 to 1
1 to 0
0 to 0: Almost no power used
1 to 1: Almost no power used
0 to 1: Power used is proportional to C1
1 to 0: Power used is proportional to C2
Name three target examples for DPA.
– Storing data to the register or memory (storing 1 vs 0)
– Shifts and rotations (depends on the number of positions by which we shift)
– Logical and arithmetic operations (strong dependency on the values of the operand)
What is the goal of protection against power analysis attacks?
Elimination or significant reduction of the correlation between operand values and power consumption
Draw Shamir's countermeasure schematically. Explain in a few words how it works.
Shamir's Countermeasure uncouples the direct voltage input from the voltage input of a microcontroller by adding to capacitances of which one is charged by the external power supply while the other delivers its energy to the microcontroller
What is the meaning of TEMPEST?
Transmitted Electro-Magnetic Pulse / Energy Standards & Testing
Explain the difference between:
- Tamper resistant
- Tamper responding
- Tamper evident
Tamper resistant: Prevention of Break-In
Tamper responding: real-time detection of intrusion (and prevention of access to sensitive data)
Tamper evident: Detection of intrusion
How would you create a system that is tamper resistant?
Tamper resistant systems take the bank vault approach.
This type of system is typified by the outer case design of an automated teller machine (ATM). Thick steel or other robust materials are utilized to slow down the attack by requiring tools and great effort to breach the system.
How would you create a system that is tamper responding?
Tamper responding systems use the burglar alarm approach.
The defense is the detection of the intrusion, followed by a response to protect the asset.
In the case of attended systems, the response may consist of sounding an alarm. Erasure or destruction of secret data is sometimes employed to prevent theft in the case of isolated systems which cannot depend on outside response. Tamper responding systems do not depend on robust construction or weight to guard an asset. Therefore, they are good for portable systems or other systems where size and bulk are a disadvantage.
How would you create a system that is tamper evident?
Tamper evident systems are designed to ensure that if a break-in occurs, evidence of the break-in is left behind.
This is usually accomplished by chemical or chemical/mechanical means, such as a white paint that 'bleeds' red when cut or scratched, or tape or seals that show evidence of removal. This approach can be very sensitive to even the smallest of penetrations. Frangible (brittle, breakable) covers or seals are other methods available using current technology.
Explain FIPS 140-2 and its four security levels
https://en.wikipedia.org/wiki/FIPS_140-2
