Collaborate Disseminate
I have an application with a shared secret. This application runs as my user. However, Linux has the /proc directory, and particularly /proc/{pid}/mem and /proc/{pid}/maps. Any process created with my user id can access this, and I do no… Continue reading Is it possible to hide a secret value from my own processes on Linux?
Funny things can happen when a security researcher and an electronics engineer specializing in high-speed circuits get together. At least they did when [Limpkin] met [Roman], which resulted in two …read more Continue reading Current-Based Side-Channel Attacks, Two Ways
I’d like to test cryptographic implementations in FPGA against power analysis. Not being all that handy with hardware and such, I’m looking for an easy solution. What I’ve come across thus far:
ChipWhisper (https://www.newae.com/chipwhi… Continue reading Simple setups for side-channel analysis
Section 3.2.3 of the Fetch standard provides some guidance about how servers can/should handle preflight requests.
A successful HTTP response, i.e., one where the server developer intends to share it, to a CORS request can use any status,… Continue reading Are timing-based side-channel attacks against the server during CORS preflight a legitimate concern?
Referring to Introduction to differential power analysis (Paul Kocher, Joshua Jaffe, Benjamin Jun, Pankaj Rohatgi)
[…]
Because the amount of power used by a device is influenced by the data being processed, power consumption measurement… Continue reading How can differential power analysis (DPA) still work without "sufficient" measurement resolution?
The question is mainly stated in the title. I was wondering what kind of attacks can be launched on such a setup, where someone has access to a running OS with locked screen (needs password for the user to enter). One possibility I can thi… Continue reading What type of attacks can be carried against an OS with FDE, if we assume OS and FDE are implemented correctly?
Here on Hackaday, we routinely cover wonderful informative writeups on different areas of hardware hacking, and we even have our own university with courses that delve into topics one by …read more Continue reading Books You Should Read: The Hardware Hacker’s Handbook
I wonder why certification (common criteria and stuff like that) of security critical hardware that is meant to be used in datacenters (e.g. link encryptors) includes some tests related to TEMPEST attacks.
It seems to me that the actual te… Continue reading Why does certification for datacenter equipment test for TEMPEST?
Despite their claims of innocence, we all know that the big tech firms are listening to us. How else to explain the sudden appearance of ads related to something we’ve …read more Continue reading Audio Eavesdropping Exploit Might Make That Clicky Keyboard Less Cool
Cache side-channel attacks rely on the capability to observe cache hits/misses for a given set. Usually this is done via timing information, e.g. in flush+reload or prime+probe. Why is the performance monitoring function of CPUs, e.g. the … Continue reading Why are performance counters not used for cache attacks?