most of the examples in this thread have focused on spycraft type stuff, deliberate signalling via communications channels. know also that covert channels can be an inherent design flaw, not tied to deliberate actions, such as timing channels. they can reveal as much information, if not more. as an example, consider the timing attack on cryptography. you can roughly estimate the size of cryptographic keys by watching processor timings. this is an information leak, because now you have some sensitive information about the characteristics of the encryption keys. see "hevia, a, and kiwi, m, 'strength of two data encryption standard implementations under timing attacks', ACM transactions on information and systems security, november, 1999". consider, also, power consumption analysis of smart cards. ___________________________ jose nazario, ph.d. joseat_private http://www.monkey.org/~jose/
This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 10:18:18 PDT