6 Kasım 2019 Çarşamba

Side Channel Attack - Yan Kanal Saldırısı

Giriş
Bazı Side Channel Attack türleri var. Bazıları şöyle
Side-Channel attacks are notoriously difficult to detect, because there are many side-channels that an attacker could look for. This includes, but is not limited to:

- Timing Attacks
- Cache Attacks- Power-Monitoring Attacks
- Acoustic Cryptanalysis
Timing Attacks
Timing Attack'ten kurtulmanın en kolay yolu verilen cevabı sabit sürede tutmak.

Örnek
Elimizde şöyle bir kod olsun.
function Compare(string a, string b)
{
  if (a.Length != b.Length)
  {
    // If the length is not equal, we know the strings will not be equal
    return -1;
  }
  else
  {
    for(int i = 0; i < a.Length; i++)
    {
      if(a[i] != b[i])
      {
        // If one character mismatches, the string is not equal
        return -1;
      }
    }

  // Since no characters mismatched, the strings are equal
  return 0;
  }
}
Açıklaması şöyle.
It returns 0 if strings are equal and -1 if they're not. So what's the problem? The problem is that if a constant secret is used for one part, and attacker-controlled input for the other, then an attacker can measure the time it takes for the function to complete. If the first 3 characters match, it'll take longer than if no characters match.

This means that an attacker can try various inputs and measure how long it will take to complete. The longer it takes, the more consecutive characters are identical. With enough time, an attacker can eventually find out what the secret string is. This is called a side-channel attack.
Bunu düzeltmek için belki şöyle yaparız. Burada her iki girdinin de eşit uzunlukta olduğu varsayılıyor. Belki bu da tam çözüm değil, hatta gereksiz işlemci kullanımına sebep bile olabilir.
difference = 0;
for (i = 0; i < n; i++) {
  difference |= (password[i] ^ input[i]);
}

return difference == 0 ? E_OK : E_FAIL;

Hiç yorum yok:

Yorum Gönder