0

I have a big problem to figure how the security model in papers about side-channel are relevant (briefly the attacker has a partial access to the hardware).

Why these breaches are so seriously considered?

Is there any known and famous story of a system attacked with these techniques?

Ievgeni
  • 2,585
  • 1
  • 10
  • 32

1 Answers1

2

Actually there are a lot of cases where side-channel are important threats.

To name a few:

  • IOT devices that are storing secret keys to communicate to each other or do whatever they need to do with it, and that are not supposed to be impersonated by an attacked from his computer.
  • Trusted Execution Environment such as TrustZone, SGX or TPMs in general. For a very recent example, see tpm.fail.
  • cloud computing: being able to read somebody's else secrets in memory because you are both sharing the same server in the cloud's system
  • Pay-TV systems or any other system where the providers is broadcasting encrypted content, that is meant to only be decrypted by authorized key holders. (Typically done using smart-cards that are supposed to be impossible to clone, and whose key should be impossible to extract.)

And it even appeared that side-channel such as Spectre and Meltdown could be remotely used through a web browser running malicious Javascript to steal your passwords!

Lery
  • 7,679
  • 1
  • 26
  • 46
  • Yes. Everyone used to buy cloned On-Digital smart cards for £22 in the UK. Not so impossible to clone. And chip&pin debit cards are cloned all the time all over the world. – Paul Uszak Nov 16 '19 at 05:35