> Examples of side channel analysis on real systems I however have never
> seen in the field. Any rumors would be highly appreciated.
>
At Crypto'08 a team from Bochum demonstrated their side-channel attack on
KeeLoq. There were some theoretical attacks before but the SCA really
broke it.
KeeLoq
Wouter Slegers <[EMAIL PROTECTED]> writes:
>Timing analysis is quite possible to pull of in straightforward
>implementations as demonstrated over the Internet on OpenSSL prior to their
>implementation of blinding (
>http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf). But frankly, I have
>neve
L.S.,
Peter convinced my to publicly comment on this.
Thierry Moreau <[EMAIL PROTECTED]> wrote:
> >>But they've all been unlocked using easier attacks, surely?
That was also my first response. In evaluation labs specialized in
checking devices (mostly smartcards and other financial devices) the
w
On Thu, 2008-10-30 at 16:32 +1300, Peter Gutmann wrote:
> Look at the XBox
> attacks for example, there's everything from security 101 lack of
> checking/validation and 1980s MSDOS-era A20# issues through to Bunnie Huang's
> FPGA-based homebrew logic analyser and use of timing attacks to recover de
On Wed, 29 Oct 2008 23:41:40 -0500
Thierry Moreau <[EMAIL PROTECTED]> wrote:
> Does SCA protection enter the picture? Marginally at best.
>
You're forgetting the first questions you need to ask: who are your
enemies, what are you trying to protect, and what can you enemy spend?
And regardless of
Peter Gutmann wrote:
Ben Laurie <[EMAIL PROTECTED]> writes:
Peter Gutmann wrote:
Given the string of
attacks on crypto in embedded devices (XBox, iPhone, iOpener, Wii, some
not-yet-published ones on HDCP devices :-), etc) this is by far the most
at-risk category because there's a huge ince
Ben Laurie <[EMAIL PROTECTED]> writes:
>Peter Gutmann wrote:
>> Given the string of
>> attacks on crypto in embedded devices (XBox, iPhone, iOpener, Wii, some
>> not-yet-published ones on HDCP devices :-), etc) this is by far the most
>> at-risk category because there's a huge incentive to attack t
Peter Gutmann wrote:
> In fact none of the people/organisations I queried about this fitted into any
> of the proposed categories, it was all embedded devices, typically SCADA
> systems, home automation, consumer electronics, that sort of thing, so it was
> really a single category which was "Em
Thierry Moreau <[EMAIL PROTECTED]> writes:
>I find the question should be refined.
It could if there was a large enough repondent base to draw samples from :-).
This is one of those surveys that can never be done because no vendor will
publicly talk to you about security measures in their embed
On Mon, Oct 06, 2008 at 05:51:50PM +1300, Peter Gutmann wrote:
> For the past several years I've been making a point of asking users of crypto
> on embedded systems (which would be particularly good targets for side-channel
> attacks, particularly ones that provide content-protection capabilities)
For the past several years I've been making a point of asking users of crypto
on embedded systems (which would be particularly good targets for side-channel
attacks, particularly ones that provide content-protection capabilities)
whether they'd consider enabling side-channel attack (SCA - no, no
11 matches
Mail list logo