Examples of side channel analysis on real systems I however have never
seen in the field. Any rumors would be highly appreciated.
At Crypto'08 a team from Bochum demonstrated their side-channel attack on
KeeLoq. There were some theoretical attacks before but the SCA really
broke it.
KeeLoq
Wouter Slegers [EMAIL PROTECTED] writes:
Timing analysis is quite possible to pull of in straightforward
implementations as demonstrated over the Internet on OpenSSL prior to their
implementation of blinding (
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf). But frankly, I have
never
On Thu, 2008-10-30 at 16:32 +1300, Peter Gutmann wrote:
Look at the XBox
attacks for example, there's everything from security 101 lack of
checking/validation and 1980s MSDOS-era A20# issues through to Bunnie Huang's
FPGA-based homebrew logic analyser and use of timing attacks to recover
Ben Laurie [EMAIL PROTECTED] writes:
Peter Gutmann wrote:
Given the string of
attacks on crypto in embedded devices (XBox, iPhone, iOpener, Wii, some
not-yet-published ones on HDCP devices :-), etc) this is by far the most
at-risk category because there's a huge incentive to attack them, the
Peter Gutmann wrote:
Ben Laurie [EMAIL PROTECTED] writes:
Peter Gutmann wrote:
Given the string of
attacks on crypto in embedded devices (XBox, iPhone, iOpener, Wii, some
not-yet-published ones on HDCP devices :-), etc) this is by far the most
at-risk category because there's a huge
Peter Gutmann wrote:
In fact none of the people/organisations I queried about this fitted into any
of the proposed categories, it was all embedded devices, typically SCADA
systems, home automation, consumer electronics, that sort of thing, so it was
really a single category which was
Thierry Moreau [EMAIL PROTECTED] writes:
I find the question should be refined.
It could if there was a large enough repondent base to draw samples from :-).
This is one of those surveys that can never be done because no vendor will
publicly talk to you about security measures in their
On Mon, Oct 06, 2008 at 05:51:50PM +1300, Peter Gutmann wrote:
For the past several years I've been making a point of asking users of crypto
on embedded systems (which would be particularly good targets for side-channel
attacks, particularly ones that provide content-protection capabilities)