Overview
Explore the world of side-channel attacks in this comprehensive lecture. Delve into various types of attacks, including Spectre and timing attacks, and understand their real-world implications. Learn about techniques to avoid timing attacks, the reasons behind their persistence, and the results of a developer knowledge survey. Discover the roles of crypto developers, compilers, and standardization bodies in addressing these security concerns. Gain insights into software and physical side-channel attacks, covering topics such as laptops, Voice Over IP, and website identification attacks. Conclude with a Q&A session to solidify your understanding of this critical cybersecurity topic.
Syllabus
Intro
SideChannel Attacks
Spectre
Spectre Gadget
Speculative Load Hardening
Real World Example
Speculative Fence
Density Classification
Timing attacks
Techniques of avoiding timing attacks
Why are timing attacks still around
Survey results
Survey focus
Developers knowledge
Why timing attacks
Full and partial resistance
Random delays
Tools
Developers
What can we do
Crypto developers
Compilers
Standardization bodies
Conclusion
QA
Lend Me Your Ear
Software SideChannels
Physical SideChannels
Laptops
Voice Over IP
Website Identification Attack
Taught by
TheIACR