Induction Inquest and Intervention

Induction is the study of the environment's effect on the target. Would the server behave the same in a wireless network environment or would the electromagnetic radiation conflict with the components operation? Does the introduction of another hard drive inside the server upset the flow of air through the system, thereby shortening its functional life?

Inquest is the investigation of emanations from the target. What can you learn about the server from the temporary files it creates or the space it uses in memory? How much traffic does the competitor's server get per hour by measuring nonrandomized increments in the IPID, the fragment identification number in IP packets? The ripping of DVDs has been made possible by the inquest of DVD software for the key to decrypt the DVD content.

Intervention is the manipulation of processes or resources that the target relies on. Would the server accept a change of a value in memory? Buffer overflows, heap overflows, and much of the work on web server cookie manipulation are caused by intervention.

These other three ways to observe or influence the properties of a target are often labeled as side-channel attacks. This is correct in that they refer to indirect contact. However, due to the enormous amount of reliance any person, system, or process has on any other, indirect attacks are quite valid: What good is a data center if it doesn't have electricity? What good is burning the message if the imprint of the message is still left on the pages beneath it? All targets and their processes need to be side-channel tested to discover the implementation's limitations. Following are some of the more extreme examples of side-channel attacks to show what is possible even if it is not probable. Then again, probability is a result of risk calculation and not security.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment