Jump to content

Hacker Lexicon: What Is a Side Channel Attack?


Karlston

Recommended Posts

Hacker Lexicon: What Is a Side Channel Attack?

Computers constantly give off more information than you might realize—which hackers can use to pry out their secrets.
Hands use a stethoscope on a computer.
Think of side channel attacks as the digital equivalent of a burglar opening a safe with a stethoscope pressed to its front panel. Illustration: Elena Lacey; Getty Images

Modern cybersecurity depends on machines keeping secrets. But computers, like poker-playing humans, have tells. They flit their eyes when they've got a good hand, or raise an eyebrow when they're bluffing—or at least, the digital equivalent. And a hacker who learns to read those unintended signals can extract the secrets they contain, in what's known as a "side channel attack.".

 

Side channel attacks take advantage of patterns in the information exhaust that computers constantly give off: the electric emissions from a computer's monitor or hard drive, for instance, that emanate slightly differently depending on what information is crossing the screen or being read by the drive's magnetic head. Or the fact that computer components draw different amounts of power when carrying out certain processes. Or that a keyboard's click-clacking can reveal a user's password through sound alone.

 

"Usually when we design an algorithm we think about inputs and outputs. We don’t think about anything else that happens when the program runs," says Daniel Genkin, a computer scientist at the University of Michigan and a leading researcher in side channel attacks. "But computers don’t run on paper, they run on physics. When you shift from paper to physics, there are all sorts of physical effects that computation has: Time, power, sound. A side channel exploits one of those effects to get more information and glean the secrets in the algorithm."

 

For a sufficiently clever hacker, practically any accidental information leakage can be harvested to learn something they're not supposed to. As computing gets more complicated over time, with components pushed to their physical limits and throwing off unintended information in all directions, side channel attacks are only becoming more plentiful and difficult to prevent. Look no further than the litany of bugs that Intel and AMD have struggled to patch over the last two years with names like Meltdown, Spectre, Fallout, RIDL, or Zombieload—all of which used side channel attacks as part of their secret-stealing techniques.

 

The most basic form of a side channel attack might be best illustrated by a burglar opening a safe with a stethoscope pressed to its front panel. The thief slowly turns the dial, listening for the telltale clicks or resistance that might hint at the inner workings of the safe's gears and reveal its combination. The safe isn't meant to give the user any feedback other than the numbers on the dial and the yes-or-no answer of whether the safe unlocks and opens. But those tiny tactile and acoustic clues produced by the safe's mechanical physics are a side channel. The safecracker can sort through that accidental information to learn the combination.

 

One of the earliest and most notorious computer side channel attacks is what the National Security Agency called TEMPEST. In 1943 Bell Labs discovered that a teletype machine would cause a nearby oscilloscope's readings to move every time someone typed on it. This, the Bell Labs researchers quickly realized, was a problem. The teletype machine was meant to allow secure, encrypted communications, but anyone close enough to read its electromagnetic emissions could potentially decipher its secrets. The phenomenon wouldn't be fully documented in public until 1985, when a computer researcher named Wim van Eck published a paper on what would come to be known as "Van Eck Phreaking," reconstructing the images on a computer screen with long-distance detection of the electrical signals it discharges.

 

Similar electromagnetic leakage attacks have been refined ever since. As recently as 2015, one group of researchers at Tel Aviv University created a $300 gadget that fits in a piece of pita bread and can derive the encryption keys on a nearby laptop's hard drive by picking up its electrical emissions. Other techniques have proven that sound, power usage, or even just the timing patterns in communications can reveal a computer's secrets. The same Tel Aviv University team also found that a microphone picking up the sounds of a computer as it performs decryption can reveal its secret keys, and that patterns in the bursts of encrypted data sent to a web browser can reveal what Netflix or YouTube video someone is watching, with no access to their computer.

 
 

Computers aren't the only targets of side channel attack targets, points out Ben Nassi, a security researcher at Ben Gurion University. They can be any secret process or communication that produces unintended but meaningful signals. Nassi points to eavesdropping methods like using the movement of gyroscopes in a hacked smartphone as microphones to pick up the sounds in a room, or a technique known as "visual microphone" that uses long-distance video of an object—say, a bag of chips or the leaves of a houseplant—to observe vibrations that reveal a conversation that happened nearby.

 

Nassi himself, along with a group of researchers at Ben Gurion, revealed a technique last week that can eavesdrop on conversations in a room in realtime by using a telescope to observe the vibrations of a hanging lightbulb inside. "I’d call it a side effect," Nassi says of this broader definition of side channels that goes beyond computers or even machines. "It's a method to compromise confidentiality by analyzing the side effects of a digital or physical process."

 

And computer-focused side channel attacks have only become more sophisticated. Spectre, Meltdown, and a series of other "microarchitectural" vulnerabilities that affect microprocessors, for instance, all take advantage of a time-based side channel attack. Each uses different techniques to trick a processor into temporarily accessing secret information and then encoding it in a processor's cache, a portion of memory designed to keep certain data close at hand for better efficiency. By then forcing the processor to search for certain information in memory and measuring how quickly the chip accesses it, the hacker can analyze the timing of the processor's responses and learn what's in the cache and what's not, leaking the secret data. (Some researchers consider this a "covert channel" rather than a side channel, since the attacker is essentially planting the information that they will later leak, but official bodies like the Cybersecurity and Infrastructure Security Agency describe Meltdown and Spectre as side-channel attacks, as do the creators of the attacks on their website.)

 

Attacks like Spectre and Meltdown left firms like Intel and other computer manufacturers in a cat-and-mouse game of chasing after their products' accidental information leaks, constantly releasing updates to hide data that's exposed in side channel attacks or pad it with other noise that makes it harder to decipher. As computers become more and more complex, and if the computing industry continues to prioritize performance over security, side channels will still appear, says Michigan's Genkin. In some cases like Spectre and Meltdown, researchers are even digging into years-old mechanics and pulling out secrets that were available for the taking all long—at least, for anyone who could decipher the accidental byproducts of a computer's processes.

 

"They were always there," says Genkin. "The reason you hear more and more about them is that as we dig further, we find more and more side channels to exploit. And as we find out just how bad they are, we are also learning how to defend against them.”

 

 

Hacker Lexicon: What Is a Side Channel Attack?

 

ThanksForReading200x49.jpg

Link to comment
Share on other sites


  • Views 732
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...