Who cares about side-channel attacks?
Steven M. Bellovin
smb at cs.columbia.edu
Thu Oct 30 14:08:35 EDT 2008
On Wed, 29 Oct 2008 23:41:40 -0500
Thierry Moreau <thierry.moreau at connotech.com> wrote:
> Does SCA protection enter the picture? Marginally at best.
>
You're forgetting the first questions you need to ask: who are your
enemies, what are you trying to protect, and what can you enemy spend?
And regardless of the answer to the last part, it's safe to assume that
your enemy would prefer to spend as little as possible. Note that
"spend" includes not just dollars, euros, zorkmids, or linden dollars,
but also reputation if discovered, attack techniques you may or may not
want to reveal, etc.
So -- why do a side-channel attack involving, say, a million SSL
messages (see http://www.cert.org/advisories/CA-1998-07.html), when
that's the sort of thing that will show up in a log file, when you can
send a simple RPC query
(http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx) to
learn a private key?
But -- if you're a transit getting ready to deploy fare cards that
depend on a chip being secure, you'd better be very careful about side
channels, because those attacks can be tried offline.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list