Computer security compromised by hardware failure: Difference between revisions

 

[[Secure Shell|SSH]] is designed to provide a secure channel between two hosts. Despite the encryption and authentication mechanisms it uses, SSH has weaknesses. In interactive mode, every individual keystroke that a user types is sent to the remote machine in a separate IP packet immediately after the key is pressed, which leaks the inter-keystroke timing information of users’ typing. Below, the picture represents the command ''su'' processed through a SSH connection.

 

A very simple statistical techniques suffice to reveal sensitive information such as the length of users’ passwords or even root passwords. By using advanced statistical techniques on timing information collected from the network, the eavesdropper can learn significant information about what users type in SSH sessions.<ref name="[Song1p1]">[[#Song1|Song, 2001, p.1]]</ref> Because the time it takes the operating system to send out the packet after the keypress is in general negligible comparing to the interkeystroke timing, this also enables an eavesdropper to learn the precise interkeystroke timings of users’ typing from the arrival times of packets.<ref name="[Song1p2]">[[#Song1|Song, 2001, p.2]]</ref>

==== Cache attack ====

To increase the computational power, processors are generally equipped with a [[CPU cache|cache memory]] which decreases the memory access latency. Below, the figure shows the hierarchy between the processor and the memory. First the processor looks for data in the cache L1, then L2, then in the memory.

 

When the data is not where the processor is looking for, it is called a cache-miss. Below, pictures show how the processor fetch data when there are two cache levels.