Showing posts with label side channel. Show all posts
Showing posts with label side channel. Show all posts

Wednesday, November 2, 2011

Compromising emissions!

Been reading about various side channel attacks, I think my skills (lateral thinking, electronics, 'puters, physics and math) could lend themselves well to this ...where do I sign up!
basically is eavesdropping information leaked via power,RF/EMI,sound,light or other means to gain information

http://en.wikipedia.org/wiki/Power_analysis
http://youtu.be/4L8rnYhnLt8
(RF/EMI demo)

http://syhw.posterous.com/two-amusing-side-channel-attacks
(USB port power and sound)
http://cs.tau.ac.il/~tromer/acoustic/
(PoC for picking up sound from mobo capacitors to break RSA )
http://digitallounge.gatech.edu/digitallife/index.html?nid=71506
(Keyboard taps)
http://lasecwww.epfl.ch/keyboard/
(keyboard EMI)

http://www.wired.com/threatlevel/2007/08/researchers-cra/
(car keys...brute forcing the private key from all challenge/responses)

http://www.pop.is/1eyo
(a physical side channel aka safe cracking)

Padding oracle attacks
http://www.usenix.org/event/woot10/tech/full_papers/Rizzo.pdf
(decrypt ciphertext without knowing the key eg to bypass CAPTCHA )
http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf
( Efficient Padding Oracle Attacks on Cryptographic Hardware )


RSA FOB tokens
http://www.geekosystem.com/broken-tokens/


http://www.newscientist.com/blogs/onepercent/2011/11/encryption-for-transit-cards-h.html
(Crack 3DES smart cards with an RFID reader and an oscilloscope, via power analysis of the chip in the card while de/encrypting)

http://www.techwarelabs.com/rfid-hacking-is-it-a-threat

http://www.cl.cam.ac.uk/~mgk25/ieee02-optical.pdf
(Read displays at a distance)
http://applied-math.org/acm_optical_tempest.pdf
http://dl.acm.org/citation.cfm?doid=545186.545189
(Flashing lights on your network kit may be a spanned port!)


TEMPEST backronyms from wikipedia

Tiny ElectroMagnetic Particles Emitting Secret Things
Transmitted Electro-Magnetic Pulse / Energy Standards & Testing
Telecommunications ElectroMagnetic Protection, Equipment, Standards & Techniques
Transient ElectroMagnetic Pulse Emanation STandard
Telecommunications Electronics Material Protected from Emanating Spurious Transmissions
Posted by at 1 comment:
Labels: ,
Subscribe to: Posts (Atom)