Paxson Spring 2013 CS 161 Computer Security Discussion 14

(a) What is the difference between side channels and covert channels? Solution: A side channel is a channel that leaks information due to the physical implementation. It's a side channel in the sense that it is not a theoretical weakness in a system, but rather an effect of its physical implementation. Side channels do not involve two cooperating parties; they instead are used by a single party to extract information they are not meant to have. A covert channel is a channel that allows information transfer between two cooperating parties that aren't supposed to be able to communicate. (b) Consider implementing the RSA cryptography algorithm. The typical way is to go through the 'key' bit by bit. The pseudo-code looks something like this: foreach (bit in key) { if (bit) { // do multiplication and all hard work if bit is 1 } // do other simpler stuff that you need to do regardless } Recall the cable box with a tamper resistant private key inside it that Prof. Paxson talked about in the lecture. Can you imagine a side-channel attack on the above implementation to find the private key? Hint: Can you do something with a multimeter? Solution: The length of time the power is at its peak can give you a clear indication of the bit pattern of the key. Multiplication usually requires more power, and this is noticeable in embedded systems. For example, see the graph on Wikipedia [1]. Question 2 Countering Spam (7 min) What technical approaches can you think of to (1) block spam (2) detect spam? Is it possible to completely stop spam? Why or why not?