Side channel attacks are a method hackers can use to extract information such as password by examining the physical workings of a system.
The common hacking methods used are Timing Attacks, Power Monitoring Attacks, Electromagnetic Cryptanalysis, Acoustic Cryptanalysis and Fault Analysis.
We’ll run over exactly what some of these mean.
Common Hacking Methods
Electromagnetic Attacks
A device could be used to extract electromagnetic information from a keyboard cable as signals are sent down the cable to the computer. This means that it is possible to add a ‘keystroke logger’ without actually installing any software on the target computer.
Power Monitoring Attack
This is a method that is used to break hardware level encryption by monitoring the amount of power used by a processor to obtain information about when a password is being processed and to potentially analyse the data being processed.
Acoustic Cryptanalysis
An acoustic attack can analyse the sounds made by a CPU or drive to obtain information about the cryptographic information held within. A simpler method is by listening to the sounds of the keystrokes on a keyboard and their frequency to determine via statistical analysis what is being typed.
What do Side Channel Attacks Mean For Me?
Simply put, in today’s world with nearly unbreakable encryption methods such as RSA we are seeing more potential use for passwords to be intercepted using a side channel attack.
A common and well known attack on SSH authentication works on the idea that a packet of data is sent every time a keystroke occurs. What this means is that the number of keystrokes in a password can easily be known (so the attacker knows if there are 7 or 9 characters in your password) and also information about the time between key presses is available to the attacker.
By using statistical analysis, it is easy to narrow down a user’s password to only a few different likely options and through this method your password can be extracted.
A similar method can be used at a Bank ATM. “Over the shoulder†password extraction techniques (such as by using a video camera) are strictly speaking not a side channel attack, but recording the sound patterns when a PIN is input to later decode the pin would be closer to the definition.
In today’s world as more of us move towards cloud based applications, their relative imperviousness to direct and brute force attacks means that we will see more and more side channel attack methods being put into play.
There are no perfect methods to prevent side channel attacks completely. User awareness and good system design are the main features that will prevent these types of attacks becoming a problem.
Using different passwords for all the websites that you use is a good method of mitigating the risks of one password being broken being a major problem. Also remember to back up all your cloud data to more than one location.
This article on computer security is provided courtesy of Hirepulse. As an Australian contractor or consultant, you should have a look at our website and advertise with us for free.
Incoming search terms:
- ACOUSTIC CRYPTANALYSIS
- hacking system
- †hacking
- cryptanalysis
- Hacking method explained
- hacking methods explained
- method of side hacking
- password side channel
