Learn How To Improve Confidentiality Of Existing Cryptosystems.
by Lazizi TV · Published · Updated
How Secure is the Secured?
Social networks like Facebook and Twitter produced about 4 bytes and 8 terabytes of new data per day, respectively. Large IBM data research shows that 2.5 trillion quintiles of data are generated worldwide every day – while 90% of today’s data has occurred in the last two years. Information buried in this deluge of valuable data in the community, whether commercial, economic, environmental, governmental, or on the health and privacy of individual statistics. There is an increasing body of evidence showing that regardless of protection programs that are placed on equipment such as powerful cryptographic mechanisms in theory, there are indirect ways to extract information – the so-called hidden and hidden channels. These channels can provide unreliable data access to sensitive and confidential applications to retrieve private information.
A secret channel is formed when two applications that are not supposed to communicate with each other do. For example, application time monitoring on a mobile device can be used to create a secret channel through images that currently edit the image of the application on the same device can filter the Internet and thus expose privacy. In a side channel, malicious application in benign spyware, for example, can steal encryption keys or spy keystrokes.
Read more: Securing Pakistan’s Electronic Space
Channel Side Attacks (SCAs) are a powerful way to break encryption of secure applications in theory. SCA extract the existing hardware information from the measurement of the physical parameters of the account, such as electromagnetic radiation, or acoustic energy issued from a computer. The SCAs based program does not require additional equipment, nor is it able to extract information based solely on the attacker’s software interface with the target device. Time variations Encryption processes (encryption and decryption) and access memory patterns are interesting for SCA-based program information. Figure -01 shows how an unintentional side channel attack can extract information for the normal coding process.
Figure 01: A side channel attack that extracts unintended information
In modern computing, the use of infrastructure as a service (IAAS) is extensive and designed to be on the rise. These sophisticated methods of software-based information theft have raised concerns about security in shared computing environments. Some attacks of the recent side channel, more advanced as flow + update, CacheBleed + flow flow shows that secret keys to high security standards widely used RSA can be recovered with an average accuracy of up to 97%. Just watching the signature of a single routine or encryption / decryption in seconds – limit encryption is not more than a security legend.
The success of these attacks depends mainly on two factors: the ability of the attacker application (malware) to detect and synchronize with the target application (victim) presence of mechanisms. These attacks against a shared software-based policy protection is to ensure that access to memory generated by processes through its hardware and cryptographic machines does not depend on the data being processed. That is, the cache access sequence is independent of the encryption / decryption or user data. These protection mechanisms are based on the assumption that if the sequence of the cache lines of confidential data access depends on the encryption process itself can filter information through caches.
Researchers at the Embedded Computer Laboratory (ECLab) of the University of Information Technology (UIT), Lahore, in collaboration with the STICC Laboratory Laboratory at the University of South Brittany (France), are making efforts to believe that solutions – tools, technical techniques and antimicrobial – Ensure the implementation of encryption standards such attacks. In their latest findings, Joint Anti-Tech has proposed to prevent information theft by one of the more powerful side channel attacks called Flow + Update. Its proposed solution is a fast anti-virus that can be efficiently integrated into existing encryption standards to improve confidentiality. Developers package popular free encryption GnuPG program .