Who cares about side-channel attacks?
Ray Dillinger
bear at sonic.net
Fri Oct 31 17:33:09 EDT 2008
On Thu, 2008-10-30 at 16:32 +1300, Peter Gutmann wrote:
> Look at the XBox
> attacks for example, there's everything from security 101 lack of
> checking/validation and 1980s MSDOS-era A20# issues through to Bunnie Huang's
> FPGA-based homebrew logic analyser and use of timing attacks to recover device
> keys (oh, and there's an example of a real-world side-channel attack for you),
> there's no rhyme or reason to them, it's just "hammer away at everything with
> anything you've got and exploit the first bit that fails".
But isn't that the attacker's job? We will never arrive at anything
secure - or even *learn* anything about how to build real security -
if attackers leave any part of it untested or consistently fail to
try particular approaches. As far as I can see the "acid tests" of
the real world, hammering away with anything they've got, are exactly
the kind of environment that security pros have to design for in the
long run.
We should be trying to identify products and implementations that
hold up under this kind of assault, and then publishing books about
the design processes and best practices that produced them. Knowing
full well that Kerchoff's Principle is alive and well, and that
the people doing the attacks will be first in line to buy the
books. The point is that if the material in the books is any
good, then having the books shouldn't help them.
Cipher suites and protocols and proofs and advanced mathematics
are well and good, but we have to recognize that they are only a
small part of actually building a secure implementation. Holding up
under diverse assault *is* the desired property that we are all
supposed to be working toward, and this kind of diverse assault
is exactly the sort of test we need to validate security design
processes.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list