According to recent research; a vulnerability has been found in the method used for common online security. What is this vulnerability? In what way does it affect the security and what are its disadvantages?
Hi
It has been found in recent research that Open SSL, the commonly used method for online security, is a victim of an attack called ‘SIDE CHANNEL ATTACK.’ This side channel attack tends to take important information about the software. It achieves this by looking into the physical working of the computer system e.g.: observing changes in time whenever different software is used, slight modification in the power usage, etc. However, for now, this attack has been discovered only in computers with Intel’s Sandy Bridge Processors. This same attack may not be successful on other Intel Processors.
Yes, it is true. According to research led by the University of Adelaide and posted on the ScienceDaily website on March 2, 2016, side channel attack is one of the recent form of attacks which targets the OpenSSL.
OpenSSL is one of the most common security software and used as a foundation of protection for countless web browsers has been discovered to be susceptible to a particular form of attack known as the “side channel attack.”
According to Dr. Yuval Yarom, Research Associate at the University of Adelaide's School of Computer Science, he and his colleagues Dr. Nadia Heninger of the University of Pennsylvania and Daniel Genkin of the Tel Aviv University have discovered that OpenSSL is weak to this type of attack.
In a side channel attack, it allows a hacker to obtain vital information about software by analyzing the physical mechanism of a computer system like for example instant changes in the power usage or monitoring the changes in timing when various applications are being used. OpenSSL offers encryption protection for a variety of applications on most types of computers.
It is similar to BoringSSL which is an encryption package used by the Google Chrome web browser and NSS for Firefox which is Mozilla’s Network Security Service. Dr. Yarom discovered that it is possible to “listen in” to the mechanisms of the OpenSSL encryption software.
