side channels and covert channels
play

Side Channels and Covert Channels Daniel Bosk Department of - PowerPoint PPT Presentation

Feb 21, 2023 •358 likes •689 views

Side Channels Covert Channels References Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems (ICS), Mid Sweden University, Sundsvall. 1st May 2017 Daniel Bosk MIUN ICS Side Channels and Covert

  1. Side Channels Covert Channels References Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems (ICS), Mid Sweden University, Sundsvall. 1st May 2017 Daniel Bosk MIUN ICS Side Channels and Covert Channels 1

  2. Side Channels Covert Channels References 1 Side Channels What are side-channels? Timing Attacks Traffic Analysis Acoustic Attacks Physical Attacks Electromagnetic Attacks 2 Covert Channels Definition Bell-LaPadula Page Faults and LEDs Cheating on the Exam Daniel Bosk MIUN ICS Side Channels and Covert Channels 2

  3. Side Channels Covert Channels References What are side-channels? Definition (Side Channel) A side channel is an unintended channel emitting information which is due to physical implementation flaws and not theoretical weaknesses or forcing attempts. Example Using the standard algorithms for addition and multiplication (using the binary number system) we can easily see that the time to perform 3 × 25 and 7 × 25 will be different. Daniel Bosk MIUN ICS Side Channels and Covert Channels 3

  4. Side Channels Covert Channels References What are side-channels? Looking at the numbers we have we see that 3 10 = 11 2 , 7 10 = 111 2 and 25 10 = 11001 2 Assume each step in the algorithm takes one time unit. Then for 11001 × 11 we get: 5 time units for multiplying the last 1 in 11 with each digit in 11001, another 5 time units for the next digit in 11, we have an additional 1 time unit for shifting the second result one step, finally, we get 6 time units for adding the numbers. For 11001 × 111 we get: 5 time units for each digit, hence 15 in total, we have two shifts, thus 2 time units more, finally we have 7 time units for adding. Daniel Bosk MIUN ICS Side Channels and Covert Channels 4

  5. Side Channels Covert Channels References What are side-channels? Hence, the first multiplication takes 17 time units to perform whereas the second takes 24 time units. This is called a timing attack and is one example of why constant-time operations are desirable. However, in this example we cannot see the difference between multiplication of 2 10 = 10 2 and 3 10 = 11 2 . But in more complex situations this might not even be necessary. Daniel Bosk MIUN ICS Side Channels and Covert Channels 5

  6. Side Channels Covert Channels References Timing Attacks The first example was a timing attack. We can measure the time for different operations. Depending on the times it takes we can figure out something about the operands. Daniel Bosk MIUN ICS Side Channels and Covert Channels 6

  7. Side Channels Covert Channels References Timing Attacks Example (SSH password guessing) In [SWT01] a timing attack on passwords sent over encrypted SSH sessions was shown. As each keystroke in the password is sent in a separate package, the attacker can observe the delay between keystrokes. They found that this gave a factor 50 advantage for guessing the password. Daniel Bosk MIUN ICS Side Channels and Covert Channels 7

  8. Side Channels Covert Channels References Timing Attacks Anonymized traffic with onion routing Alice sends a message encrypted in three layers to Bob. Bob removes the outermost layer and sends to Carol. Carol removes the (next) outermost layer and sends to David. David removes the final layer and sends to destination. Example (De-anonymize traffic) We can also perform time-correlation attacks against anonymity systems. Measure how long it takes between something goes in and something comes out. Then we can figure out who is sending where. Daniel Bosk MIUN ICS Side Channels and Covert Channels 8

  9. Side Channels Covert Channels References Timing Attacks Anonymized traffic with onion routing Alice sends a message encrypted in three layers to Bob. Bob removes the outermost layer and sends to Carol. Carol removes the (next) outermost layer and sends to David. David removes the final layer and sends to destination. Example (De-anonymize traffic) We can also perform time-correlation attacks against anonymity systems. Measure how long it takes between something goes in and something comes out. Then we can figure out who is sending where. Daniel Bosk MIUN ICS Side Channels and Covert Channels 8

  10. Side Channels Covert Channels References Traffic Analysis Daniel Bosk MIUN ICS Side Channels and Covert Channels 9

  11. Side Channels Covert Channels References Acoustic Attacks Some authors 1 showed an attack to extract a 4096-bit RSA private key from a laptop PC (GnuPG implementation of RSA). Computers emit high-pitched noise during operation due to some of their electronic components. This was used to derive the key used for decryption of some chosen ciphertexts within an hour! Their results show that this attack can be accomplished by placing a mobile phone (microphone) next to the target laptop. 1 Daniel Genkin, Adi Shamir and Eran Tromer. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis . Tech. rep. Cryptology ePrint Archive, Report 2013/857, 2013., 2013. URL: http://eprint.iacr.org/2013/857 . Daniel Bosk MIUN ICS Side Channels and Covert Channels 10

  12. Side Channels Covert Channels References Acoustic Attacks Daniel Bosk MIUN ICS Side Channels and Covert Channels 11

  13. Side Channels Covert Channels References Acoustic Attacks The acoustic signals are picked up from components in the power supply. Individual CPU operations are too fast for a microphone to pick up. But long operations such as modular exponentiation (as in RSA) can create a characteristic acoustic spectral signature which can be detected using a microphone. Daniel Bosk MIUN ICS Side Channels and Covert Channels 12

  14. Side Channels Covert Channels References Acoustic Attacks Daniel Bosk MIUN ICS Side Channels and Covert Channels 13

  15. Side Channels Covert Channels References Physical Attacks Daniel Bosk MIUN ICS Side Channels and Covert Channels 14

  16. Side Channels Covert Channels References Physical Attacks Daniel Bosk MIUN ICS Side Channels and Covert Channels 15

  17. Side Channels Covert Channels References Physical Attacks Daniel Bosk MIUN ICS Side Channels and Covert Channels 16

  18. Side Channels Covert Channels References Physical Attacks Daniel Bosk MIUN ICS Side Channels and Covert Channels 17

  19. Side Channels Covert Channels References Electromagnetic Attacks Daniel Bosk MIUN ICS Side Channels and Covert Channels 18

  20. Side Channels Covert Channels References Electromagnetic Attacks Daniel Bosk MIUN ICS Side Channels and Covert Channels 19

  21. Side Channels Covert Channels References Electromagnetic Attacks Daniel Bosk MIUN ICS Side Channels and Covert Channels 20

  22. Side Channels Covert Channels References Electromagnetic Attacks [Kuh04] Daniel Bosk MIUN ICS Side Channels and Covert Channels 21

  23. Side Channels Covert Channels References 1 Side Channels What are side-channels? Timing Attacks Traffic Analysis Acoustic Attacks Physical Attacks Electromagnetic Attacks 2 Covert Channels Definition Bell-LaPadula Page Faults and LEDs Cheating on the Exam Daniel Bosk MIUN ICS Side Channels and Covert Channels 22

  24. Side Channels Covert Channels References Definition Definition (Covert Channel) A covert channel is a mechanism that was not designed for communication but which can nontheless be abused to allow information to flow in a way which is not allowed in the security policy. Definition (Side Channel) A side channel is an unintended channel emitting information which is due to physical implementation flaws and not theoretical weaknesses or forcing attempts. Daniel Bosk MIUN ICS Side Channels and Covert Channels 23

  25. Side Channels Covert Channels References Definition The definitions do overlap. Usually one talks of side-channels in cryptography and covert-channels in larger systems. Daniel Bosk MIUN ICS Side Channels and Covert Channels 24

  26. Side Channels Covert Channels References Bell-LaPadula BLP says “no read up” and “no write down”. What happens if I try to “write up” but something already exists? Using this you can create a covert channel. Each denied operation is one bit of information (entropy) revealed by the security mechanisms. Daniel Bosk MIUN ICS Side Channels and Covert Channels 25

  27. Side Channels Covert Channels References Bell-LaPadula The Naval Research Laboratory invented the NRL-Pump. This is a device used to limit the bandwidth of possible covert channels. The pump allows flow upwards. But we need some flow downwards too, e.g. acknowledgement that data was received correctly. Bandwidth of possible covert channels are limited using buffers and randomised timing of acknowledgements among other things. Daniel Bosk MIUN ICS Side Channels and Covert Channels 26

  28. Side Channels Covert Channels References Bell-LaPadula Example (Logistics system) A military warehouse holds classified equipment, but the warehouse itself it not classified. A person in the logistics department doesn’t have sufficient clearance. What happens when this person wants to use the space for other things? Make some things up and put in there so it looks occupied. What if this person needs some of the items in the cover story? Daniel Bosk MIUN ICS Side Channels and Covert Channels 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem Deterministic Noninterference Nondeducibility Generalized Noninterference Restrictiveness May 26, 2017 ECS 235B Spring Quarter 2017 Slide #1

370 views • 33 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

915 views • 36 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

1.12k views • 37 slides
Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer Security Transient execution and kernel isolation: Meltdown Day 11: Side Channels and Transient Execution Stephen McCamant Transient execution and kernel

496 views • 4 slides
PHY Covert Channels: Can you see the Idles? Ki

PHY Covert Channels: Can you see the Idles? Ki

PHY Covert Channels: Can you see the Idles? Ki Suh Lee Chupja Cornell University Joint work with Han Wang, and Hakim Weatherspoon 1

627 views • 38 slides
Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab Assignment Handout on course website Each (regular) student will receive an email Solo or 2-person group Individual GitHub repo

1.24k views • 102 slides
Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab Assignment Handout on course website Each (regular) student will receive an email Solo or 2-person group Individual GitHub repo

978 views • 42 slides
COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to be problematic for Delft Lab on May 31st seems to be problematic for Twente Systems Security Covert Channels 2 14.05.2018 Prepare to vote 1

1.05k views • 50 slides
Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre

Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre

Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre and Meltdown from covert channels Process isola8on + OS (CS 423) OS paging OS services 0x00000000 Communica<on to other processes

568 views • 15 slides
Hiding in Plain Sight Advances in Malware Covert Communication Channels Pierre-Marc Bureau

Hiding in Plain Sight Advances in Malware Covert Communication Channels Pierre-Marc Bureau

Hiding in Plain Sight Advances in Malware Covert Communication Channels Pierre-Marc Bureau Christian Dietrich Outline 1. Covert Channels 2. Steganography a. Lurk b. Gozi c. Stegoloader 3. Inconspicuous Carrier Protocols a.

674 views • 49 slides
Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurlien Francillon Whats this all about? - A nov novel attack ex exploiting g EM side

886 views • 77 slides
IP Covert Timing Channels: Design and Detection By Serdar Cabuk, Carla E. Brodley, Clay

IP Covert Timing Channels: Design and Detection By Serdar Cabuk, Carla E. Brodley, Clay

IP Covert Timing Channels: Design and Detection By Serdar Cabuk, Carla E. Brodley, Clay Shields. Outline Positive Traits Problems Questions Extensions Other Covert Channels Discussion Positive Traits What are the

496 views • 34 slides
Treating Interference as Noise is Optimal for Covert Communication over Interference Channels

Treating Interference as Noise is Optimal for Covert Communication over Interference Channels

Treating Interference as Noise is Optimal for Covert Communication over Interference Channels Kang-Hee Cho and Si-Hyeon Lee School of Electrical Engineering KAIST 2020 ISIT 1 / 14 Covert Communication ^ Y n W Decoder X n W P n Encoder

386 views • 15 slides
March 6, 2014 1 Mitigation of Covert Channels 2 About Voting and Computers March 6, 2014 ECS 235B

March 6, 2014 1 Mitigation of Covert Channels 2 About Voting and Computers March 6, 2014 ECS 235B

Mitigation of Covert Channels About Voting and Computers March 6, 2014 1 Mitigation of Covert Channels 2 About Voting and Computers March 6, 2014 ECS 235B Winter Quarter 2014 Slide 1 Mitigation of Covert Channels About Voting and Computers

416 views • 26 slides
May 24: Confinement Confinement, non-VM isolation Program modification Covert channels

May 24: Confinement Confinement, non-VM isolation Program modification Covert channels

May 24: Confinement Confinement, non-VM isolation Program modification Covert channels May 24, 2017 ECS 235B Spring Quarter 2017 Slide #1 Compiling Compiler enforces or validates constraints Type-safe language enforces them

313 views • 27 slides
Layered Encapsulation of Congestion Notification draft-briscoe-tsvwg-ecn-tunnel-00.txt Bob

Layered Encapsulation of Congestion Notification draft-briscoe-tsvwg-ecn-tunnel-00.txt Bob

Layered Encapsulation of Congestion Notification draft-briscoe-tsvwg-ecn-tunnel-00.txt Bob Briscoe , BT IETF-69 tsvwg Jul 2007 initial draft Layered Encapsulation of Congestion Notification initial draft:

350 views • 10 slides
Anlisis y Desarrollo de un canal encubierto en una red de sensores ! Jose A. Onieva, Ruben Rios,

Anlisis y Desarrollo de un canal encubierto en una red de sensores ! Jose A. Onieva, Ruben Rios,

Anlisis y Desarrollo de un canal encubierto en una red de sensores ! Jose A. Onieva, Ruben Rios, Bernardo Palenciano* ! NICS Lab University of Mlaga ! http://www.nics.uma.es ! *Dpto. de Infraestructura de TTI ! ! RECSI 2014, Alicante,

618 views • 19 slides
The Bell-LaPadula Model CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey

The Bell-LaPadula Model CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey

The Bell-LaPadula Model CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2008 Week 6 Dr Hans Georg Schaathun The Bell-LaPadula Model Autumn 2008 Week 6 1 / 32 The session Outline The session 1 Finite

848 views • 49 slides
I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage

I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage

I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage Channel Hyunwook Baek , Eric Eide, Robert Ricci, Jacobus Van der Merwe University of Utah 1 Motivation Information leakage in cloud has

874 views • 49 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Information Leakage CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin

Information Leakage CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin

Information Leakage CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 25, 2013 Announcements / Goals HKN

934 views • 79 slides
liberate, (n): A library for exposing (tra ffi c-classification) rules and avoiding them e ffi

liberate, (n): A library for exposing (tra ffi c-classification) rules and avoiding them e ffi

liberate, (n): A library for exposing (tra ffi c-classification) rules and avoiding them e ffi ciently Fangfan Li , Abbas Razaghpanah, Arash Molavi Kakhki, Arian Akhavan Niaki, David Cho ff nes, Phillipa Gill, Alan Mislove 1 Traffic management 2

1.54k views • 115 slides
Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown:

Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown:

Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown: read, write Employee Brown Read Employee Black Brown: read write Black, Brown: read, write REJECTED! Blacks Employee Black is not allowed

565 views • 38 slides

More recommend