Side-Channel

旁敲侧击 (páng qiāo cè jī): Side-knock

Mi'kail Eli'yah
7 min readOct 5, 2021

Side-channel vulnerabilities can be due to algorithmic or protocol weaknesses, flaws or lacks, implementation bugs, lack of defensive processing or all the mentioned.

Beware of little expenses, a small leak will sink a great ship. — Benjamin Franklin (January 6, 1706 — April 17, 1790), Poor Richard’s Almanack, 1745

Analysis

Attackers exploit covert channels to leak messages across security boundaries. Side channels are covert channels signaling performed unexpectedly.

Oracle

Article on Cryptographic Flaws Exploited has covered several of the oracle attacks.

Countermeasure(s):
1. Discreet error and exception handling should be addressed.

Sniff

Scenario: Attacker as active MITM observing a victim’s complete network communication. The attacker cannot attack the encrypted traffic to the target service or server, but wait for the victim to submit an unencrypted HTTP request to any other web site. Attacker steps in, hijacks the insecure connection, and responds to 1 of the victim’s plaintext HTTP requests by redirecting the browser to the target website on port 80. As any site can issue a redirection to any other site, the browser or application follows. With victim’s session tokens, an attacker proceeds to hijack the session.

Countermeasure(s):
1. Secure channel.

--

--