Who cares about side-channel attacks?

Ray Dillinger bear at sonic.net
Fri Oct 31 17:33:09 EDT 2008 

On Thu, 2008-10-30 at 16:32 +1300, Peter Gutmann wrote:
> Look at the XBox
> attacks for example, there's everything from security 101 lack of
> checking/validation and 1980s MSDOS-era A20# issues through to Bunnie Huang's
> FPGA-based homebrew logic analyser and use of timing attacks to recover device
> keys (oh, and there's an example of a real-world side-channel attack for you),
> there's no rhyme or reason to them, it's just "hammer away at everything with
> anything you've got and exploit the first bit that fails".


But isn't that the attacker's job?  We will never arrive at anything
secure - or even *learn* anything about how to build real security - 
if attackers leave any part of it untested or consistently fail to 
try particular approaches.  As far as I can see the "acid tests" of 
the real world, hammering away with anything they've got, are exactly
the kind of environment that security pros have to design for in the 
long run.  

We should be trying to identify products and implementations that 
hold up under this kind of assault, and then publishing books about 
the design processes and best practices that produced them.  Knowing 
full well that Kerchoff's Principle is alive and well, and that 
the people doing the attacks will be first in line to buy the 
books.  The point is that if the material in the books is any 
good, then having the books shouldn't help them. 

Cipher suites and protocols and proofs and advanced mathematics 
are well and good, but we have to recognize that they are only a 
small part of actually building a secure implementation.  Holding up 
under diverse assault *is* the desired property that we are all 
supposed to be working toward, and this kind of diverse assault 
is exactly the sort of test we need to validate security design 
processes. 

				Bear



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list