February 28, 2021
Hot Topics:

Zen and the Art of Breaking Security - Part I

  • By Razvan Peteanu
  • Send Email »
  • More Articles »

By Razvan Peteanu for SecurityPortal

I'll admit I had double thoughts about creating yet another variation on the "Zen and the Art of..." theme. I myself shiver when I see such titles, but I hope Zen practitioners and Mr. Pirsig [1] will forgive me this time. The Zen quotation is appropriate for what we will describe in this two-part series: alternative, perhaps even unusual, means to induce or exploit security vulnerabilities.

Designing a secure solution, be it a protocol, algorithm or enterprise architecture, is far from trivial. Apart from the technical or scientific difficulties to overcome, there is a mental trap easy to fall into: looking at the picture through the eyes of the designer. The designer often works with concepts, not with the real thing. We look at an algorithm's specifications and we mistake it for its implementation in a particular program. We read several RFCs and we say, this is TCP/IP.

The more we work on a topic, the stronger the identification between the concept and its implementation. We often reduce the implementation to the concept, leaving nothing out of the real thing but the concept that originated it. In Zen, we are often reminded that the finger pointing to the moon is not the moon.

Typical example: because algorithm XYZ is not breakable according to the public research, it must mean that an XYZ encryption program or chip cannot be broken. We have just reduced the actual implementation to the mathematical idea. Not only have we limited ourselves in the scope of what we will defend, but we have also made an implicit assumption that the attack path implies breaking the algorithm.

Side-channel attacks are those which employ (apparently) "unusual" methods that seem to have little to do with the security concepts that underlie a system. For instance, when we think about encryption, we tend to follow the thought to key size, symmetric or public, brute-force attacks and so on. Granted, we should think of them. However, there are other ways to attack a cryptographic system, coming from a totally different direction, addressing not the concept but the implementation as well as the other pieces in the big picture.


One example of side-channel attacks is the TEMPEST technology [2]. The topic will be covered in a different article for SecurityPortal, so we won't go into many details here, but the essence is that today's computing systems are sources of electromagnetic radiation, and this radiation can be intercepted with appropriate equipment.

The radiation is not devoid of significance like a light bulb's, but is modulated by the bits going from one subsystem to another. The keyboard I type my password on, particularly helped by the long cable to the PC, sends around signals that could easily allow an attacker to capture my credentials. The monitor, again linked to the PC with a cable, is another strong source. Even if I work in a shielded room, some radiation is induced into and leaks through the power cable and can be intercepted elsewhere near the building's transformer.

For such cases, it no longer matters that I have a long and random PGP passphrase, that the system is virus-free and firewalled and that the crypto algorithms and their implementation in PGP are flawless. The real world also consists of the hardware PGP runs on, the electromagnetic fields, and the building the computer and myself are in, and it is at this level that a perceptive attacker would strike.

Timing Attacks

A more subtle attempt is the timing attack, which reminds us that, at

Page 1 of 4

This article was originally published on April 13, 2001

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date