Securing Systems From Sidechannel Attacks: a Guide
By Tom Seest
At BestCybersecurityNews, we help entrepreneurs, solopreneurs, young learners, and seniors learn more about cybersecurity.
Side-channel attacks in cybersecurity are well-known and actively protected from countermeasures, while they remain unknown outside this field. This research seeks to utilize cybersecurity-derived side-channel attack mitigation techniques against non-cyber systems using disrupting techniques that disrupt relevant side-channel properties as a defense mechanism.
Table Of Contents
Methods used by attackers for conducting side-channel attacks depend on the information an attacker seeks to steal. With physical access, hackers may monitor device operations to observe power consumption – which could expose cryptographic information or reveal passwords if left uncovered – while collecting radio transmissions, measuring thermal leakage or capacitance, or exploiting cache memory and coherence are other potential methods used by hackers to conduct side-channel attacks. Yossi Oren of Ben Gurion University Cyber Security Research Center was one such expert.
Even after four short years, SideChannel continues to translate technical knowledge into words through biweekly blog posts written by Tempest professionals such as Eduardo Muller of our consulting area – one of which explored whether HTML to PDF converters can be compromised. One such blog post focused on this question: “Can HTML to PDF converters be compromised?”
This paper introduces a novel method for using side-channel attacks to gain sensitive data from OS page cache eviction states using side-channel attacks. This technique can quickly retrieve large amounts of information, making it more effective than previous side-channel attacks and more suitable for real-world attacks against embedded systems like smart vehicles and cyber-physical systems; its authors are currently developing and incorporating this technology into their research work.
Please share this post with your friends, family, or business associates who may encounter cybersecurity attacks.