Content deleted Content added
Back2 |
m deprecated Template:Reflist#Columns using AWB |
||
Line 1:
{{Multiple issues|
{{essay|date=May 2011}}
{{very long|date=May 2011}}
}}
Line 126:
[[Secure Shell|SSH]] is designed to provide a secure channel between two hosts. Despite the encryption and authentication mechanisms it uses, SSH has weaknesses. In interactive mode, every individual keystroke that a user types is sent to the remote machine in a separate IP packet immediately after the key is pressed, which leaks the inter-keystroke timing information of users’ typing. Below, the picture represents the command ''su'' processed through a SSH connection.
[[File:Ssh timingattack.png|500px|thumb|center||alt=|Network messages sent between the host and the client for the command 'su'
A very simple statistical techniques suffice to reveal sensitive information such as the length of users’ passwords or even root passwords. By using advanced statistical techniques on timing information collected from the network, the eavesdropper can learn significant information about what users type in SSH sessions.<ref name="[Song1p1]">[[#Song1|Song, 2001, p.1]]</ref> Because the time it takes the operating system to send out the packet after the keypress is in general negligible comparing to the interkeystroke timing, this also enables an eavesdropper to learn the precise interkeystroke timings of users’ typing from the arrival times of packets.<ref name="[Song1p2]">[[#Song1|Song, 2001, p.2]]</ref>
Line 135:
Data remanence problems not only affect obvious areas such as RAM and non-volatile memory cells but can also occur in other areas of the device through hot-carrier effects (which change the characteristics of the semiconductors in the device) and various other effects which are examined alongside the more obvious memory-cell remanence problems.<ref name="Gut1">[[#Gut1|Gutmann, 2001, p. 1]]</ref> It is possible to analyse and recover data from these cells and from semiconductor devices in general long after it should (in theory) have vanished.<ref name="Gut2">[[#Gut1|Gutmann, 2001, p. 4]]</ref>
Electromigration, which means to physically move the atom to new locations (to physically alter the device itself) is another type of attack.<ref name="Gut1" /> It involves the relocation of metal atoms due to high current densities, a phenomenon in which atoms are carried along by an
For example, the excavations of voids leads to increased wiring resistance and the growth of whiskers leads to contact formation and current leakage.<ref name="Gut10">[[#Gut1|Gutmann, 2001, p.5]]</ref> An example of a conductor which exhibits whisker growth due to electromigration is shown in the figure below:
Line 148:
Contrary to popular assumption, DRAMs used in most modern computers retain their contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard.<ref name="Hald1p1">[[#Hald1|Halderman, 2008, p1]]</ref>
Many products do cryptographic and other security-related computations using secret keys or other variables that the equipment’s operator must not be able to read out or alter. The usual solution is for the secret data to be kept in volatile memory inside a tamper-sensing enclosure. Security processors typically store secret key material in static RAM, from which power is removed if the device is tampered with. At temperatures below −20 °C, the contents of SRAM can be ‘frozen’. It is interesting to know the period of time for which a static RAM device will retain data once the power has been removed. Low temperatures can increase the data retention time of SRAM to many seconds or even minutes.<ref name="Sko1p3">[[#Sko1|Skorobogatov, 2002, p.3]]</ref>
==== Read/Write exploits thanks to FireWire ====
Line 197:
== References ==
{{
== Bibliography ==
Line 204:
* {{cite book| last1 = Asonov | first1 =D. | title =IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004 | last2 = Agrawal | first2 = R. | periodical = Proceedings 2004 IEEE Symposium on Security and Privacy | volume = | pages = 3–11 | citeseerx = 10.1.1.89.8231 | year = 2004 | issn = 1081-6011 | doi = 10.1109/SECPRI.2004.1301311 | isbn = 0-7695-2136-3 | ref = Aso1 | chapter =Keyboard acoustic emanations }}
* {{Citation| last1 = Zhuang | first1 = Li | last2 = Zhou | first2 = Feng | last3 = Tygar | first3 = J.D. | title = Keyboard acoustic emanations revisited | booktitle = ACM Transactions on Information and System Security (TISSEC) | periodical = Proceedings of the 12th ACM Conference on Computer and Communications Security | place = Alexandria, Virginia, USA | volume = 13 | issue = 1 | pages = 373–382 | publisher = ACM New York, NY, USA | citeseerx = 10.1.1.117.5791 | year = 2005 | issn = 1094-9224 | doi = 10.1145/1609956.1609959 | isbn = 1-59593-226-7 | ref = Zhu1 }}
* {{cite book| last1 = Berger | first1 = Yigael | title = Proceedings of the 13th ACM conference on Computer and communications security
* {{Citation| last1 = Backes | first1 = Michael | last2 = Dürmuth | first2 = Markus | last3 = Gerling | first3 = Sebastian | last4 = Pinkal | first4 = Manfred | last5 = Sporleder | first5 = Caroline | title = Acoustic Side-Channel Attacks on Printers | periodical = Proceedings of the 19th [[USENIX]] Security Symposium | place = Washington, DC| url = http://www.usenix.org/events/sec10/tech/full_papers/Backes.pdf | year = 2010 | isbn = 978-1-931971-77-5 | ref = Back1 }}
Line 210:
* {{cite book| last1 = Osvik | first1 = Dag Arne | title = Topics in Cryptology – CT-RSA 2006 | last2 = Shamir | first2 = Adi | last3 = Tromer | first3 = Eran | booktitle = Lecture Notes in Computer Science | volume = 3860 | pages = 1–20 | periodical = Topics in Cryptology CT-RSA | publisher = Springer-Verlag Berlin, Heidelberg | place = San Jose, California, USA | citeseerx = 10.1.1.60.1857 | year = 2006 | issn = 0302-9743 | doi = 10.1007/11605805_1 | isbn = 3-540-31033-9 | ref = Sha1| chapter = Cache Attacks and Countermeasures: The Case of AES | series = Lecture Notes in Computer Science }}
* {{Citation| last1 = Page | first1 = Daniel | title = Partitioned cache architecture as a side-channel defence mechanism | periodical = Cryptology ePrint Archive | url = http://eprint.iacr.org/2005/280.pdf | year = 2005 | ref = Pag1 }}
* {{cite book| last1 = Bertoni | first1 = Guido | title = International Conference on Information Technology: Coding and Computing (ITCC'05)
=== Chemical ===
Line 233:
=== Temperature ===
* {{Citation| last1 = Skorobogatov| first1 = Sergei | title = Low temperature data remanence in static RAM | publisher = University of Cambridge Computer Laboratory | place = Cambridge, UK| url = http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-536.pdf | year = 2002 | issn = 1476-2986 | ref = Sko1}}
* {{Citation| last1 = Halderman | first1 = J. Alex | last2 = Schoen | first2 = Seth D. | last3 = Heninger | first3 = Nadia | last4 = Clarkson | first4 = William | last5 = Paul | first5 = William | last6 = Calandrino | first6 = Joseph A. | last7 = Feldman | first7 = Ariel J. | last8 = Appelbaum | first8 = Jacob | last9 = Felten | first9 = Edward W. | title = Lest We Remember: Cold Boot Attacks on Encryption Keys | booktitle = Communications of the ACM
=== Timing attacks ===
* {{Citation| last1 = Song | first1 = Dawn Xiaodong | last2 = Wagner | first2 = David | last3 = Tian | first3 = Xuqing | title = Timing analysis of keystrokes and timing attacks on SSH | volume = 10 | pages = 337–352 | place = Washington, D.C., USA | periodical = Proceedings of the 10th conference on USENIX Security Symposium | publisher = USENIX Association Berkeley, California, USA | url = http://www.usenix.org/events/sec01/full_papers/song/song.pdf | year = 2001 | issn = | doi = | isbn = | ref = Song1}}
* {{cite book| last1 = Kocher | first1 = Paul C.| title = Advances in Cryptology
* {{Citation| last1 = Brumley | first1 = David | last2 = Boneh | first2 = Dan | title = Remote timing attacks are practical | volume = 12 | issue = 5 | pages = 701 | periodical = Proceedings of the 12th conference on USENIX Security Symposium SSYM'03 | publisher = USENIX Association Berkeley, California, USA | place = Washington, DC, USA | url = http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf | year = 2003 | doi = 10.1016/j.comnet.2005.01.010 | ref = Brum1}}
| |||