What are covert channels and what are side channels? What is the difference between the two? I would really appreciate it if you provided examples of each along with your answer.
In computer security, a covert channel is a type of attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy.
A side-channel attack (SCA) is a security exploit that attempts to extract secrets from a chip or a system. This can be achieved by measuring or analyzing various physical parameters. Examples include supply current, execution time, and electromagnetic emission.
Side and Covert Channels in ProcessorsA covert channel is an intentional communication between a sender and a receiver via a medium not designed to be a communication channel. In a side channel, the “sender” in an unsuspecting victim and the “receiver” is the attacker.
An overt channel is a communications path that is not hidden. Anyone can see that Steve connected to Stack Exchange. A covert channel is an intentional communications path that is hidden, using a technique like steganography.
Covert channel is between two parties who want to share some data between them without others knowing that such a communication is happening. The channel they use is in general not meant for communication.
Fro example,a spy process(S1) on a system has access to sensitive data but is restricted from sending emails.
another adversary process(S2) has no access to the sensitive information , but can send emails.
The two agree on a covert channel , say the disk access times. That is , the S1 access some data (any data , not necessarily the sensitive one), that is far from S2's data in the disk. So when S2 accesses its data , it takes higher latency . S2 would interpret this as bit '1'.
To signal bit '0' , S1 would access a nearby data , resulting lesser access latency for S2 , thus interpreted as '0'.Once the entire information is thus transmitted , S2 emails the sensitive data to the enemy.
Side channel , on the other hand , is like a back door through which a spy can gain some secret information pertaining to the victim , without the victim being aware of it.
There is no communication here , only leakage of sensitive information through the channel.
For example, a spy "listening" to the power dissipations of a device can try to guess the secret key used by the device for encryption.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With