Side Channel Attack

Question 1

What is a side-channel attack?

Answer 1

A side-channel attack exploits unintentional physical information emitted by a system to gain internal information about the system.

Question 2

What types of side-channels exist?

Answer 2

There are various types of side-channels such as time, power, electromagnetic radiation, temperature, light, and sound.

Question 3

What is a timing attack?

Answer 3

A timing attack is a type of side-channel attack where the time taken by a system to perform certain operations is measured to extract secret information.

Question 4

What is power analysis?

Answer 4

Power analysis is a type of side-channel attack that involves measuring the power consumption of a device to deduce the operations being performed or the data being processed.

Question 5

What is a padding oracle attack?

Answer 5

A padding oracle attack is a type of side-channel attack that exploits the padding of a cryptographic message to decrypt the ciphertext.

Question 6

What is Rowhammer?

Answer 6

Rowhammer is a hardware bug that allows attackers to manipulate data in memory without accessing it.

Question 7

What are Spectre and Meltdown?

Answer 7

Spectre and Meltdown are hardware vulnerabilities in modern processors that allow programs to steal data which is currently processed on the computer.

Question 8

What are some countermeasures against side-channel attacks?

Answer 8

Countermeasures include shielding, masking, hiding, time/execution randomization, and noise generation.

Question 9

What is shielding in the context of side-channel attacks?

Answer 9

Shielding involves physically protecting a system to prevent it from emitting side-channel information.

Question 10

What is masking in the context of side-channel attacks?

Answer 10

Masking involves obscuring sensitive information by combining it with random data.

Question 11

What is hiding in the context of side-channel attacks?

Answer 11

Hiding involves making the operation time or power consumption independent of the processed data.

Question 12

What is time/execution randomization in the context of side-channel attacks?

Answer 12

Time/execution randomization involves randomizing the time of operations or the order of execution to make it harder for an attacker to correlate observed side-channel information with specific operations.

Question 13

What is noise generation in the context of side-channel attacks?

Answer 13

Noise generation involves adding random data or operations to the system to obscure the side-channel information.

Question 14

How does a timing attack work?

Answer 14

A timing attack works by measuring the time a system takes to perform certain operations and correlating this with the processed data.

Question 15

How does a power analysis attack work?

Answer 15

A power analysis attack works by measuring the power consumption of a device while it is performing certain operations and correlating this with the processed data.

Question 16

How does a padding oracle attack work?

Answer 16

A padding oracle attack works by sending modified ciphertexts to the system and observing the resulting error messages or timings, which can reveal information about the correct plaintext or padding.

Question 17

How does Rowhammer work?

Answer 17

Rowhammer works by repeatedly accessing certain rows of memory, which can cause bit flips in adjacent rows due to a hardware bug in DRAM.

Question 18

How do Spectre and Meltdown work?

Answer 18

Spectre and Meltdown work by exploiting speculative execution and caching mechanisms in modern processors to read memory that should be inaccessible.

Question 19

How does shielding protect against side-channel attacks?

Answer 19

Shielding protects against side-channel attacks by physically preventing a system from emitting side-channel information, for example by using a Faraday cage.

Question 20

How does masking protect against side-channel attacks?

Answer 20

Masking protects against side-channel attacks by obscuring sensitive information with random data, making it harder for an attacker to extract the sensitive information from side-channel observations.

Question 21

How does hiding protect against side-channel attacks?

Answer 21

Hiding protects against side-channel attacks by making the operation time or power consumption independent of the processed data, making it harder for an attacker to correlate observed side-channel information with specific operations.

Question 22

How does time/execution randomization protect against side-channel attacks?

Answer 22

Time/execution randomization protects against side-channel attacks by randomizing the time of operations or the order of execution to make it harder for an attacker to correlate observed side-channel information with specific operations.

Question 23

How does noise generation protect against side-channel attacks?

Answer 23

Noise generation protects against side-channel attacks by adding random data or operations to the system to obscure the side-channel information.

Question 24

What is the goal of a side-channel attack?

Answer 24

The goal of a side-channel attack is to gain internal information about a system by exploiting unintentional physical information emitted by the system.

Question 25

What is the difference between a side-channel attack and a direct attack?

Answer 25

A direct attack targets the system directly, for example by exploiting a software vulnerability, while a side-channel attack exploits unintentional physical information emitted by the system.

Question 26

What is the difference between passive and active side-channel attacks?

Answer 26

In a passive side-channel attack, the attacker only observes the system, while in an active side-channel attack, the attacker actively manipulates the system.

Question 27

What is a simple power analysis (SPA) attack?

Answer 27

A simple power analysis (SPA) attack is a type of power analysis attack that involves directly interpreting power consumption measurements to deduce the operations being performed or the data being processed.

Question 28

What is a differential power analysis (DPA) attack?

Answer 28

A differential power analysis (DPA) attack is a type of power analysis attack that involves statistically analyzing power consumption measurements to deduce the operations being performed or the data being processed.

Question 29

What is an electromagnetic attack?

Answer 29

An electromagnetic attack is a type of side-channel attack that involves measuring the electromagnetic radiation emitted by a device to deduce the operations being performed or the data being processed.

Question 30

What is a fault injection attack?

Answer 30

A fault injection attack is a type of active side-channel attack that involves inducing faults in a system to cause it to reveal sensitive information.

Question 31

What is a cache attack?

Answer 31

A cache attack is a type of side-channel attack that involves exploiting the cache of a processor to deduce the operations being performed or the data being processed.

Question 32

What is a cold boot attack?

Answer 32

A cold boot attack is a type of side-channel attack that involves reading data from memory after a system has been powered off and then powered on again.

Question 33

What is a template attack?

Answer 33

A template attack is a type of side-channel attack that involves creating a template of the side-channel information associated with known operations or data, and then using this template to deduce the operations or data in an actual attack.

Question 34

What is a correlation power analysis (CPA) attack?

Answer 34

A correlation power analysis (CPA) attack is a type of power analysis attack that involves statistically correlating power consumption measurements with hypothetical data-dependent computations to deduce the operations being performed or the data being processed.

Question 35

What is a collision attack?

Answer 35

A collision attack is a type of side-channel attack that involves detecting collisions in hash functions or cache accesses to deduce the operations being performed or the data being processed.

Question 36

What is a relay attack?

Answer 36

A relay attack is a type of side-channel attack that involves relaying information between two parties to deceive one or both of them.

Question 37

What is a replay attack?

Answer 37

A replay attack is a type of side-channel attack that involves capturing valid data transmission and replaying it to deceive the system.

Question 38

What is a man-in-the-middle attack?

Answer 38

A man-in-the-middle attack is a type of side-channel attack that involves intercepting and possibly altering the communication between two parties without their knowledge.

Question 39

What is a chosen plaintext attack?

Answer 39

A chosen plaintext attack is a type of side-channel attack that involves the attacker choosing the plaintext and observing the resulting ciphertext to deduce the encryption key.

Question 40

What is a chosen ciphertext attack?

Answer 40

A chosen ciphertext attack is a type of side-channel attack that involves the attacker choosing the ciphertext and observing the resulting plaintext to deduce the encryption key.