On 9/13/13 10:02 AM, glen e. p. ropella wrote:
But I'm too ignorant to understand the utility of the side-channel use
case. How would the black hat get the chip into the right place? The
same way? By flooding the target with chips that all contain the
hidden side channel?
Install staff at foundries that provide chips to infrastructure/software
as a service companies, and then use those same companies to listen-in
on the side channels to collect keys..? I've found the instrumentation
underlying IPMI monitoring for monitoring cluster health to be pretty
high variance, but perhaps as voltage regulators get integrated into the
chip (and mobile use-cases make people very sensitive about power
usage), it would be possible to observe a physical compute node's power
draw from one virtual machine vs. a target's virtual machine? Spend
some money signing up for all the popular cloud computing companies and
go fishing for signature power variations..
Marcus
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com