{"id":32816,"date":"2025-08-28T16:28:25","date_gmt":"2025-08-28T09:28:25","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=32816"},"modified":"2025-08-28T16:28:25","modified_gmt":"2025-08-28T09:28:25","slug":"side-channel-attacks","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/side-channel-attacks\/","title":{"rendered":"Side-channel attacks: C\u00e1ch ho\u1ea1t \u0111\u1ed9ng, H\u1eadu qu\u1ea3 &#038; C\u00e1ch ph\u00f2ng tr\u00e1nh"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Side-channel-attacks-la-gi\" >Side-channel attacks l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Cac-loai-tan-cong-Side-channel\" >C\u00e1c lo\u1ea1i t\u1ea5n c\u00f4ng Side-channel<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Timing-Attack-%E2%80%93-Tan-cong-dua-tren-thoi-gian-xu-ly\" >Timing Attack \u2013 T\u1ea5n c\u00f4ng d\u1ef1a tr\u00ean th\u1eddi gian x\u1eed l\u00fd<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Power-Analysis-Attack-%E2%80%93-Tan-cong-dua-tren-muc-tieu-thu-dien-nang\" >Power Analysis Attack \u2013 T\u1ea5n c\u00f4ng d\u1ef1a tr\u00ean m\u1ee9c ti\u00eau th\u1ee5 \u0111i\u1ec7n n\u0103ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Electromagnetic-Attack-%E2%80%93-Khai-thac-tin-hieu-dien-tu\" >Electromagnetic Attack \u2013 Khai th\u00e1c t\u00edn hi\u1ec7u \u0111i\u1ec7n t\u1eeb<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Acoustic-Cryptanalysis-%E2%80%93-Nghe-am-thanh-phat-ra-tu-thiet-bi\" >Acoustic Cryptanalysis \u2013 Nghe \u00e2m thanh ph\u00e1t ra t\u1eeb thi\u1ebft b\u1ecb<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Cache-Attack-Branch-Prediction-%E2%80%93-Loi-dung-bo-nho-dem-CPU\" >Cache Attack &amp; Branch Prediction \u2013 L\u1ee3i d\u1ee5ng b\u1ed9 nh\u1edb \u0111\u1ec7m CPU<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Cac-bien-the-noi-bat-Spectre-Meltdown-Rowhammer\" >C\u00e1c bi\u1ebfn th\u1ec3 n\u1ed5i b\u1eadt (Spectre, Meltdown, Rowhammer)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Cach-thuc-tan-cong-Side-channel\" >C\u00e1ch th\u1ee9c t\u1ea5n c\u00f4ng Side-channel<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Thu-thap-du-lieu-ro-ri\" >Thu th\u1eadp d\u1eef li\u1ec7u r\u00f2 r\u1ec9<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Phan-tich-va-xu-ly-du-lieu\" >Ph\u00e2n t\u00edch v\u00e0 x\u1eed l\u00fd d\u1eef li\u1ec7u<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Trich-xuat-thong-tin-bi-mat\" >Tr\u00edch xu\u1ea5t th\u00f4ng tin b\u00ed m\u1eadt<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Hau-qua-cua-cuoc-Side-channel-Attack\" >H\u1eadu qu\u1ea3 c\u1ee7a cu\u1ed9c Side-channel Attack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Cac-cong-cu-tan-cong-Side-channel\" >C\u00e1c c\u00f4ng c\u1ee5 t\u1ea5n c\u00f4ng Side-channel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Cach-phong-chong-Side-channel-Attack-hieu-qua\" >C\u00e1ch ph\u00f2ng ch\u1ed1ng Side-channel Attack hi\u1ec7u qu\u1ea3<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Phong-chong-o-cap-phan-mem\" >Ph\u00f2ng ch\u1ed1ng \u1edf c\u1ea5p ph\u1ea7n m\u1ec1m<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Phong-chong-o-cap-phan-cung\" >Ph\u00f2ng ch\u1ed1ng \u1edf c\u1ea5p ph\u1ea7n c\u1ee9ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/side-channel-attacks\/#Best-practices\" >Best practices<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<p>An ninh m\u1ea1ng ng\u00e0y c\u00e0ng tr\u1edf n\u00ean ph\u1ee9c t\u1ea1p, b\u00ean c\u1ea1nh nh\u1eefng cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng tr\u1ef1c ti\u1ebfp nh\u01b0 ransomware hay phishing, m\u1ed9t m\u1ed1i \u0111e d\u1ecda tinh vi h\u01a1n \u0111ang \u00e2m th\u1ea7m t\u1ed3n t\u1ea1i: t\u1ea5n c\u00f4ng Side-channel.\u00a0V\u1eady, t\u1ea5n c\u00f4ng Side-channel l\u00e0 g\u00ec v\u00e0 t\u1ea1i sao ch\u00fang l\u1ea1i nguy hi\u1ec3m \u0111\u1ebfn v\u1eady? B\u00e0i vi\u1ebft n\u00e0y s\u1ebd cung c\u1ea5p m\u1ed9t c\u00e1i nh\u00ecn to\u00e0n di\u1ec7n, t\u1eeb c\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng cho \u0111\u1ebfn c\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ch\u1ed1ng hi\u1ec7u qu\u1ea3, gi\u00fap b\u1ea1n hi\u1ec3u r\u00f5 h\u01a1n v\u1ec1 lo\u1ea1i h\u00ecnh t\u1ea5n c\u00f4ng \u0111\u1eb7c bi\u1ec7t n\u00e0y.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Side-channel-attacks-la-gi\"><\/span><strong>Side-channel attacks l\u00e0 g\u00ec?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>T\u1ea5n c\u00f4ng Side-channel, hay c\u00f2n g\u1ecdi l\u00e0 t\u1ea5n c\u00f4ng k\u00eanh ph\u1ee5,<\/strong> l\u00e0 m\u1ed9t ph\u01b0\u01a1ng ph\u00e1p khai th\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt d\u1ef1a tr\u00ean vi\u1ec7c thu th\u1eadp v\u00e0 ph\u00e2n t\u00edch c\u00e1c th\u00f4ng tin r\u00f2 r\u1ec9 m\u1ed9t c\u00e1ch v\u00f4 t\u00ecnh t\u1eeb h\u1ec7 th\u1ed1ng. Thay v\u00ec t\u1ea5n c\u00f4ng tr\u1ef1c ti\u1ebfp v\u00e0o thu\u1eadt to\u00e1n m\u00e3 h\u00f3a hay ph\u1ea7n m\u1ec1m, k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd quan s\u00e1t c\u00e1c y\u1ebfu t\u1ed1 v\u1eadt l\u00fd c\u1ee7a thi\u1ebft b\u1ecb khi n\u00f3 x\u1eed l\u00fd d\u1eef li\u1ec7u.<\/p>\n<figure id=\"attachment_32817\" aria-describedby=\"caption-attachment-32817\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32817\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Tan-cong-Side-channel-la-gi.jpg\" alt=\"T\u1ea5n c\u00f4ng Side-channel l\u00e0 g\u00ec\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Tan-cong-Side-channel-la-gi.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Tan-cong-Side-channel-la-gi-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Tan-cong-Side-channel-la-gi-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32817\" class=\"wp-caption-text\">T\u1ea5n c\u00f4ng Side-channel l\u00e0 g\u00ec?<\/figcaption><\/figure>\n<p>V\u00ed d\u1ee5, khi m\u1ed9t vi x\u1eed l\u00fd th\u1ef1c hi\u1ec7n ph\u00e9p t\u00ednh, n\u00f3 s\u1ebd ph\u00e1t ra c\u00e1c t\u00edn hi\u1ec7u v\u1eadt l\u00fd nh\u01b0 nhi\u1ec7t \u0111\u1ed9, m\u1ee9c ti\u00eau th\u1ee5 \u0111i\u1ec7n n\u0103ng, hay b\u1ee9c x\u1ea1 \u0111i\u1ec7n t\u1eeb. C\u00e1c y\u1ebfu t\u1ed1 n\u00e0y kh\u00f4ng ph\u1ea3i l\u00e0 \u0111\u1ea7u ra d\u1ef1 ki\u1ebfn c\u1ee7a thu\u1eadt to\u00e1n, nh\u01b0ng l\u1ea1i ch\u1ee9a \u0111\u1ef1ng nh\u1eefng manh m\u1ed1i quan tr\u1ecdng v\u1ec1 d\u1eef li\u1ec7u \u0111ang \u0111\u01b0\u1ee3c x\u1eed l\u00fd.<\/p>\n<p>K\u1ebb t\u1ea5n c\u00f4ng s\u1ebd thu th\u1eadp c\u00e1c th\u00f4ng tin n\u00e0y, sau \u0111\u00f3 s\u1eed d\u1ee5ng c\u00e1c k\u1ef9 thu\u1eadt ph\u00e2n t\u00edch ph\u1ee9c t\u1ea1p \u0111\u1ec3 suy lu\u1eadn ra c\u00e1c d\u1eef li\u1ec7u b\u00ed m\u1eadt nh\u01b0 kh\u00f3a m\u00e3 h\u00f3a, m\u1eadt kh\u1ea9u, hay th\u00f4ng tin nh\u1ea1y c\u1ea3m kh\u00e1c.<\/p>\n<p>Lo\u1ea1i h\u00ecnh t\u1ea5n c\u00f4ng n\u00e0y \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m b\u1edfi n\u00f3 kh\u00f4ng \u0111\u1ec3 l\u1ea1i b\u1ea5t k\u1ef3 d\u1ea5u v\u1ebft n\u00e0o trong nh\u1eadt k\u00fd h\u1ec7 th\u1ed1ng (log), m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh \u0111\u1ed9c h\u1ea1i th\u00f4ng th\u01b0\u1eddng s\u1ebd b\u1ecb c\u00e1c ph\u1ea7n m\u1ec1m di\u1ec7t virus ho\u1eb7c t\u01b0\u1eddng l\u1eeda ph\u00e1t hi\u1ec7n.<\/p>\n<p>Ng\u01b0\u1ee3c l\u1ea1i, vi\u1ec7c thu th\u1eadp th\u00f4ng tin k\u00eanh ph\u1ee5 di\u1ec5n ra b\u00ean ngo\u00e0i h\u1ec7 th\u1ed1ng, gi\u1ed1ng nh\u01b0 m\u1ed9t k\u1ebb nghe l\u00e9n t\u1eeb xa, khi\u1ebfn vi\u1ec7c ph\u00f2ng th\u1ee7 tr\u1edf n\u00ean v\u00f4 c\u00f9ng kh\u00f3 kh\u0103n. C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng Side-channel \u0111\u00e3 cho th\u1ea5y ngay c\u1ea3 nh\u1eefng thu\u1eadt to\u00e1n m\u00e3 h\u00f3a m\u1ea1nh nh\u1ea5t c\u0169ng c\u00f3 th\u1ec3 b\u1ecb ph\u00e1 v\u1ee1 n\u1ebfu c\u00e1ch tri\u1ec3n khai kh\u00f4ng \u0111\u01b0\u1ee3c t\u1ed1i \u01b0u.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-loai-tan-cong-Side-channel\"><\/span><strong>C\u00e1c lo\u1ea1i t\u1ea5n c\u00f4ng Side-channel<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng Side-channel r\u1ea5t \u0111a d\u1ea1ng, m\u1ed7i lo\u1ea1i l\u1ea1i t\u1eadp trung v\u00e0o m\u1ed9t k\u00eanh r\u00f2 r\u1ec9 th\u00f4ng tin kh\u00e1c nhau. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 nh\u1eefng lo\u1ea1i t\u1ea5n c\u00f4ng Side-channel ph\u1ed5 bi\u1ebfn nh\u1ea5t:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Timing-Attack-%E2%80%93-Tan-cong-dua-tren-thoi-gian-xu-ly\"><\/span><strong>Timing Attack \u2013 T\u1ea5n c\u00f4ng d\u1ef1a tr\u00ean th\u1eddi gian x\u1eed l\u00fd<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><strong>C\u01a1 ch\u1ebf khai th\u00e1c<\/strong><\/h4>\n<p>Lo\u1ea1i t\u1ea5n c\u00f4ng n\u00e0y \u0111o l\u01b0\u1eddng th\u1eddi gian c\u1ea7n thi\u1ebft \u0111\u1ec3 m\u1ed9t h\u1ec7 th\u1ed1ng th\u1ef1c hi\u1ec7n m\u1ed9t t\u00e1c v\u1ee5 n\u00e0o \u0111\u00f3. V\u00ed d\u1ee5, th\u1eddi gian \u0111\u1ec3 so s\u00e1nh m\u1ed9t m\u1eadt kh\u1ea9u. N\u1ebfu h\u1ec7 th\u1ed1ng d\u1eebng l\u1ea1i ngay khi ph\u00e1t hi\u1ec7n k\u00fd t\u1ef1 sai, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 \u0111o th\u1eddi gian \u0111\u1ec3 \u0111o\u00e1n t\u1eebng k\u00fd t\u1ef1 m\u1ed9t.<\/p>\n<p>Th\u1eddi gian ph\u1ea3n h\u1ed3i ng\u1eafn h\u01a1n c\u00f3 th\u1ec3 cho bi\u1ebft k\u00fd t\u1ef1 v\u1eeba nh\u1eadp l\u00e0 sai, trong khi th\u1eddi gian l\u00e2u h\u01a1n l\u1ea1i l\u00e0 d\u1ea5u hi\u1ec7u c\u1ee7a k\u00fd t\u1ef1 \u0111\u00fang. K\u1ef9 thu\u1eadt n\u00e0y \u0111\u00e3 \u0111\u01b0\u1ee3c Paul Kocher c\u00f4ng b\u1ed1 v\u00e0o n\u0103m 1996, ch\u1ec9 ra r\u1eb1ng vi\u1ec7c tri\u1ec3n khai thu\u1eadt to\u00e1n m\u00e3 h\u00f3a thi\u1ebfu th\u1eadn tr\u1ecdng c\u00f3 th\u1ec3 l\u00e0m r\u00f2 r\u1ec9 kh\u00f3a b\u00ed m\u1eadt.<\/p>\n<h4><strong>V\u00ed d\u1ee5 th\u1ef1c t\u1ebf<\/strong><\/h4>\n<p>M\u1ed9t v\u00ed d\u1ee5 \u0111i\u1ec3n h\u00ecnh l\u00e0 vi\u1ec7c so s\u00e1nh chu\u1ed7i (string comparison) trong c\u00e1c h\u1ec7 th\u1ed1ng x\u00e1c th\u1ef1c, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 g\u1eedi c\u00e1c chu\u1ed7i k\u00fd t\u1ef1 kh\u00e1c nhau v\u00e0 \u0111o th\u1eddi gian m\u00e1y ch\u1ee7 ph\u1ea3n h\u1ed3i. D\u1ef1a v\u00e0o s\u1ef1 ch\u00eanh l\u1ec7ch nh\u1ecf v\u1ec1 th\u1eddi gian, ch\u00fang c\u00f3 th\u1ec3 d\u1ea7n d\u1ea7n \u0111o\u00e1n \u0111\u01b0\u1ee3c m\u1eadt kh\u1ea9u \u0111\u00fang.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Power-Analysis-Attack-%E2%80%93-Tan-cong-dua-tren-muc-tieu-thu-dien-nang\"><\/span><strong>Power Analysis Attack \u2013 T\u1ea5n c\u00f4ng d\u1ef1a tr\u00ean m\u1ee9c ti\u00eau th\u1ee5 \u0111i\u1ec7n n\u0103ng<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><strong>C\u01a1 ch\u1ebf khai th\u00e1c<\/strong><\/h4>\n<p>Vi x\u1eed l\u00fd ti\u00eau th\u1ee5 \u0111i\u1ec7n n\u0103ng kh\u00e1c nhau khi th\u1ef1c hi\u1ec7n c\u00e1c l\u1ec7nh kh\u00e1c nhau ho\u1eb7c x\u1eed l\u00fd c\u00e1c bit d\u1eef li\u1ec7u kh\u00e1c nhau (bit 0 v\u00e0 bit 1). B\u1eb1ng c\u00e1ch \u0111o l\u01b0\u1eddng s\u1ef1 thay \u0111\u1ed5i c\u1ee7a d\u00f2ng \u0111i\u1ec7n \u0111i v\u00e0o chip, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ph\u00e2n t\u00edch v\u00e0 suy ra c\u00e1c ph\u00e9p to\u00e1n \u0111ang di\u1ec5n ra, t\u1eeb \u0111\u00f3 l\u00e0m l\u1ed9 th\u00f4ng tin nh\u1ea1y c\u1ea3m.<\/p>\n<h4><strong>V\u00ed d\u1ee5 th\u1ef1c t\u1ebf<\/strong><\/h4>\n<p>C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0o th\u1ebb th\u00f4ng minh (smart card) l\u00e0 m\u1ed9t v\u00ed d\u1ee5 r\u00f5 r\u1ec7t. Khi th\u1ebb th\u1ef1c hi\u1ec7n c\u00e1c ph\u00e9p to\u00e1n m\u00e3 h\u00f3a, m\u1ee9c ti\u00eau th\u1ee5 \u0111i\u1ec7n n\u0103ng c\u1ee7a n\u00f3 thay \u0111\u1ed5i. K\u1ebb t\u1ea5n c\u00f4ng d\u00f9ng c\u00e1c thi\u1ebft b\u1ecb chuy\u00ean d\u1ee5ng nh\u01b0 m\u00e1y hi\u1ec7n s\u00f3ng (oscilloscope) \u0111\u1ec3 ghi l\u1ea1i \u0111\u1ed3 th\u1ecb \u0111i\u1ec7n n\u0103ng, sau \u0111\u00f3 ph\u00e2n t\u00edch th\u1ed1ng k\u00ea \u0111\u1ec3 t\u00ecm ra m\u1ed1i li\u00ean h\u1ec7 v\u00e0 tr\u00edch xu\u1ea5t kh\u00f3a m\u00e3 h\u00f3a.<\/p>\n<figure id=\"attachment_32818\" aria-describedby=\"caption-attachment-32818\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32818\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-loai-tan-cong-Side-channel.jpg\" alt=\"C\u00e1c lo\u1ea1i t\u1ea5n c\u00f4ng Side-channel\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-loai-tan-cong-Side-channel.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-loai-tan-cong-Side-channel-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-loai-tan-cong-Side-channel-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32818\" class=\"wp-caption-text\">C\u00e1c lo\u1ea1i t\u1ea5n c\u00f4ng Side-channel<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Electromagnetic-Attack-%E2%80%93-Khai-thac-tin-hieu-dien-tu\"><\/span><strong>Electromagnetic Attack \u2013 Khai th\u00e1c t\u00edn hi\u1ec7u \u0111i\u1ec7n t\u1eeb<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><strong>C\u01a1 ch\u1ebf khai th\u00e1c<\/strong><\/h4>\n<p>M\u1ecdi thi\u1ebft b\u1ecb \u0111i\u1ec7n t\u1eed \u0111\u1ec1u ph\u00e1t ra b\u1ee9c x\u1ea1 \u0111i\u1ec7n t\u1eeb trong qu\u00e1 tr\u00ecnh ho\u1ea1t \u0111\u1ed9ng, b\u1ee9c x\u1ea1 n\u00e0y c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c thu l\u1ea1i b\u1eb1ng c\u00e1c \u0103ng-ten chuy\u00ean d\u1ee5ng. T\u01b0\u01a1ng t\u1ef1 nh\u01b0 t\u1ea5n c\u00f4ng \u0111i\u1ec7n n\u0103ng, t\u00edn hi\u1ec7u \u0111i\u1ec7n t\u1eeb thay \u0111\u1ed5i t\u00f9y thu\u1ed9c v\u00e0o d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c x\u1eed l\u00fd, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng thu th\u1eadp v\u00e0 ph\u00e2n t\u00edch th\u00f4ng tin m\u1eadt.<\/p>\n<h4><strong>V\u00ed d\u1ee5 th\u1ef1c t\u1ebf<\/strong><\/h4>\n<p>M\u1ed9t trong nh\u1eefng cu\u1ed9c t\u1ea5n c\u00f4ng n\u1ed5i ti\u1ebfng nh\u1ea5t l\u00e0 Van Eck Phreaking, s\u1eed d\u1ee5ng c\u00e1c thi\u1ebft b\u1ecb \u0111\u1ec3 t\u00e1i t\u1ea1o h\u00ecnh \u1ea3nh t\u1eeb s\u00f3ng \u0111i\u1ec7n t\u1eeb ph\u00e1t ra t\u1eeb m\u00e0n h\u00ecnh CRT. Ng\u00e0y nay, k\u1ef9 thu\u1eadt n\u00e0y \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng \u0111\u1ec3 khai th\u00e1c c\u00e1c t\u00edn hi\u1ec7u t\u1eeb vi x\u1eed l\u00fd, l\u00e0m l\u1ed9 kh\u00f3a m\u00e3 h\u00f3a.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Acoustic-Cryptanalysis-%E2%80%93-Nghe-am-thanh-phat-ra-tu-thiet-bi\"><\/span><strong>Acoustic Cryptanalysis \u2013 Nghe \u00e2m thanh ph\u00e1t ra t\u1eeb thi\u1ebft b\u1ecb<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><strong>C\u01a1 ch\u1ebf khai th\u00e1c<\/strong><\/h4>\n<p>M\u1ed9t s\u1ed1 th\u00e0nh ph\u1ea7n c\u1ee7a m\u00e1y t\u00ednh nh\u01b0 cu\u1ed9n c\u1ea3m hay t\u1ee5 \u0111i\u1ec7n c\u00f3 th\u1ec3 ph\u00e1t ra \u00e2m thanh khi ho\u1ea1t \u0111\u1ed9ng, \u0111\u1eb7c bi\u1ec7t l\u00e0 khi x\u1eed l\u00fd c\u00e1c t\u00e1c v\u1ee5 n\u1eb7ng. T\u1ea7n s\u1ed1 v\u00e0 c\u01b0\u1eddng \u0111\u1ed9 c\u1ee7a \u00e2m thanh n\u00e0y ph\u1ee5 thu\u1ed9c v\u00e0o d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o.<\/p>\n<h4><strong>V\u00ed d\u1ee5 th\u1ef1c t\u1ebf<\/strong><\/h4>\n<p>Nghi\u00ean c\u1ee9u c\u1ee7a c\u00e1c nh\u00e0 khoa h\u1ecdc \u0111\u00e3 cho th\u1ea5y c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng microphone \u0111\u1ec3 ghi \u00e2m v\u00e0 ph\u00e2n t\u00edch \u00e2m thanh ph\u00e1t ra t\u1eeb b\u00e0n ph\u00edm ho\u1eb7c vi x\u1eed l\u00fd \u0111\u1ec3 suy lu\u1eadn ra c\u00e1c ph\u00edm \u0111\u01b0\u1ee3c g\u00f5 hay d\u1eef li\u1ec7u \u0111ang \u0111\u01b0\u1ee3c x\u1eed l\u00fd.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cache-Attack-Branch-Prediction-%E2%80%93-Loi-dung-bo-nho-dem-CPU\"><\/span><strong>Cache Attack &amp; Branch Prediction \u2013 L\u1ee3i d\u1ee5ng b\u1ed9 nh\u1edb \u0111\u1ec7m CPU<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><strong>C\u01a1 ch\u1ebf khai th\u00e1c<\/strong><\/h4>\n<p>Vi x\u1eed l\u00fd hi\u1ec7n \u0111\u1ea1i s\u1eed d\u1ee5ng b\u1ed9 nh\u1edb \u0111\u1ec7m (cache) v\u00e0 c\u01a1 ch\u1ebf d\u1ef1 \u0111o\u00e1n nh\u00e1nh (branch prediction) \u0111\u1ec3 t\u0103ng t\u1ed1c \u0111\u1ed9. C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng nh\u01b0 Cache Attack l\u1ee3i d\u1ee5ng s\u1ef1 ch\u00eanh l\u1ec7ch th\u1eddi gian khi truy c\u1eadp v\u00e0o d\u1eef li\u1ec7u trong b\u1ed9 nh\u1edb \u0111\u1ec7m so v\u1edbi b\u1ed9 nh\u1edb ch\u00ednh. B\u1eb1ng c\u00e1ch quan s\u00e1t m\u1eabu truy c\u1eadp b\u1ed9 nh\u1edb \u0111\u1ec7m, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 suy lu\u1eadn v\u1ec1 d\u1eef li\u1ec7u \u0111ang \u0111\u01b0\u1ee3c x\u1eed l\u00fd.<\/p>\n<h4><strong>V\u00ed d\u1ee5 th\u1ef1c t\u1ebf<\/strong><\/h4>\n<p>C\u00e1c l\u1ed7 h\u1ed5ng n\u1ed5i ti\u1ebfng nh\u01b0 <strong>Spectre<\/strong> v\u00e0 <strong>Meltdown<\/strong> l\u00e0 minh ch\u1ee9ng r\u00f5 r\u00e0ng cho lo\u1ea1i h\u00ecnh t\u1ea5n c\u00f4ng n\u00e0y. Ch\u00fang khai th\u00e1c c\u01a1 ch\u1ebf th\u1ef1c thi suy \u0111o\u00e1n (speculative execution) c\u1ee7a CPU \u0111\u1ec3 truy c\u1eadp v\u00e0o c\u00e1c v\u00f9ng b\u1ed9 nh\u1edb v\u1ed1n \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7, sau \u0111\u00f3 d\u00f9ng Side-channel \u0111\u1ec3 l\u00e0m r\u00f2 r\u1ec9 d\u1eef li\u1ec7u.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cac-bien-the-noi-bat-Spectre-Meltdown-Rowhammer\"><\/span><strong>C\u00e1c bi\u1ebfn th\u1ec3 n\u1ed5i b\u1eadt (Spectre, Meltdown, Rowhammer)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><strong>Spectre v\u00e0 Meltdown (2018)<\/strong><\/h4>\n<p>Hai l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u00e3 l\u00e0m ch\u1ea5n \u0111\u1ed9ng ng\u00e0nh c\u00f4ng nghi\u1ec7p c\u00f4ng ngh\u1ec7 to\u00e0n c\u1ea7u, c\u1ea3 hai \u0111\u1ec1u khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng trong ki\u1ebfn tr\u00fac CPU \u0111\u1ec3 l\u00e0m r\u00f2 r\u1ec9 d\u1eef li\u1ec7u. Meltdown cho ph\u00e9p \u0111\u1ecdc b\u1ed9 nh\u1edb h\u1ea1t nh\u00e2n (kernel memory), trong khi Spectre l\u00e0m r\u00f2 r\u1ec9 d\u1eef li\u1ec7u gi\u1eefa c\u00e1c \u1ee9ng d\u1ee5ng ri\u00eang bi\u1ec7t. H\u00e0ng tri\u1ec7u m\u00e1y t\u00ednh, m\u00e1y ch\u1ee7 v\u00e0 thi\u1ebft b\u1ecb di \u0111\u1ed9ng \u0111\u00e3 b\u1ecb \u1ea3nh h\u01b0\u1edfng.<\/p>\n<h4><strong>Rowhammer (2014)<\/strong><\/h4>\n<p>\u0110\u00e2y l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng ph\u1ea7n c\u1ee9ng li\u00ean quan \u0111\u1ebfn b\u1ed9 nh\u1edb RAM. Khi m\u1ed9t h\u00e0ng b\u1ed9 nh\u1edb (memory row) b\u1ecb truy c\u1eadp qu\u00e1 nhi\u1ec1u l\u1ea7n, n\u00f3 c\u00f3 th\u1ec3 l\u00e0m thay \u0111\u1ed5i tr\u1ea1ng th\u00e1i c\u1ee7a c\u00e1c bit trong c\u00e1c h\u00e0ng b\u1ed9 nh\u1edb l\u00e2n c\u1eadn, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng thay \u0111\u1ed5i d\u1eef li\u1ec7u ho\u1eb7c chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t h\u1ec7 th\u1ed1ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cach-thuc-tan-cong-Side-channel\"><\/span><strong>C\u00e1ch th\u1ee9c t\u1ea5n c\u00f4ng Side-channel<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>M\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng Side-channel kh\u00f4ng di\u1ec5n ra m\u1ed9t c\u00e1ch ng\u1eabu nhi\u00ean. N\u00f3 th\u01b0\u1eddng tu\u00e2n theo m\u1ed9t quy tr\u00ecnh c\u1ee5 th\u1ec3 v\u1edbi ba b\u01b0\u1edbc ch\u00ednh:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Thu-thap-du-lieu-ro-ri\"><\/span><strong>Thu th\u1eadp d\u1eef li\u1ec7u r\u00f2 r\u1ec9<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 b\u01b0\u1edbc \u0111\u1ea7u ti\u00ean v\u00e0 quan tr\u1ecdng nh\u1ea5t. K\u1ebb t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 chuy\u00ean d\u1ee5ng nh\u01b0 m\u00e1y hi\u1ec7n s\u00f3ng (oscilloscope), b\u1ed9 ph\u00e2n t\u00edch logic (logic analyzer), ho\u1eb7c th\u1eadm ch\u00ed l\u00e0 microphone \u0111\u1ec3 ghi l\u1ea1i c\u00e1c t\u00edn hi\u1ec7u v\u1eadt l\u00fd ph\u00e1t ra t\u1eeb thi\u1ebft b\u1ecb. D\u1eef li\u1ec7u thu th\u1eadp \u0111\u01b0\u1ee3c th\u01b0\u1eddng l\u00e0 m\u1ed9t chu\u1ed7i c\u00e1c gi\u00e1 tr\u1ecb th\u1eddi gian, \u0111i\u1ec7n n\u0103ng, ho\u1eb7c \u00e2m thanh.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Phan-tich-va-xu-ly-du-lieu\"><\/span><strong>Ph\u00e2n t\u00edch v\u00e0 x\u1eed l\u00fd d\u1eef li\u1ec7u<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>D\u1eef li\u1ec7u th\u00f4 thu th\u1eadp \u0111\u01b0\u1ee3c ch\u1ee9a r\u1ea5t nhi\u1ec1u nhi\u1ec5u, k\u1ebb t\u1ea5n c\u00f4ng ph\u1ea3i s\u1eed d\u1ee5ng c\u00e1c thu\u1eadt to\u00e1n x\u1eed l\u00fd t\u00edn hi\u1ec7u v\u00e0 ph\u00e2n t\u00edch th\u1ed1ng k\u00ea \u0111\u1ec3 l\u1ecdc nhi\u1ec5u, t\u00ecm ra m\u1ed1i t\u01b0\u01a1ng quan gi\u1eefa d\u1eef li\u1ec7u r\u00f2 r\u1ec9 v\u00e0 c\u00e1c ho\u1ea1t \u0111\u1ed9ng m\u00e3 h\u00f3a.<\/p>\n<p>C\u00e1c k\u1ef9 thu\u1eadt nh\u01b0 Ph\u00e2n t\u00edch \u0111i\u1ec7n n\u0103ng vi sai (Differential Power Analysis \u2013 DPA) hay Ph\u00e2n t\u00edch th\u1eddi gian vi sai (Differential Timing Analysis) th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong giai \u0111o\u1ea1n n\u00e0y.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Trich-xuat-thong-tin-bi-mat\"><\/span><strong>Tr\u00edch xu\u1ea5t th\u00f4ng tin b\u00ed m\u1eadt<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Khi \u0111\u00e3 x\u00e1c \u0111\u1ecbnh \u0111\u01b0\u1ee3c m\u1ed1i t\u01b0\u01a1ng quan, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 suy lu\u1eadn ng\u01b0\u1ee3c l\u1ea1i \u0111\u1ec3 tr\u00edch xu\u1ea5t th\u00f4ng tin b\u00ed m\u1eadt. V\u00ed d\u1ee5, n\u1ebfu m\u1ed9t m\u00f4 h\u00ecnh t\u1ea5n c\u00f4ng cho th\u1ea5y s\u1ef1 thay \u0111\u1ed5i \u0111i\u1ec7n n\u0103ng khi m\u1ed9t bit c\u1ee7a kh\u00f3a m\u00e3 h\u00f3a c\u00f3 gi\u00e1 tr\u1ecb 1, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 l\u1ea7n l\u01b0\u1ee3t th\u1eed c\u00e1c gi\u00e1 tr\u1ecb bit kh\u00e1c nhau cho \u0111\u1ebfn khi t\u00ecm \u0111\u01b0\u1ee3c s\u1ef1 thay \u0111\u1ed5i t\u01b0\u01a1ng \u1ee9ng, t\u1eeb \u0111\u00f3 t\u00e1i t\u1ea1o l\u1ea1i to\u00e0n b\u1ed9 kh\u00f3a.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Hau-qua-cua-cuoc-Side-channel-Attack\"><\/span><strong>H\u1eadu qu\u1ea3 c\u1ee7a cu\u1ed9c Side-channel Attack<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>H\u1eadu qu\u1ea3 c\u1ee7a cu\u1ed9c Side-channel Attack (t\u1ea5n c\u00f4ng k\u00eanh b\u00ean) l\u00e0 g\u00e2y ra m\u1ed1i \u0111e d\u1ecda nghi\u00eam tr\u1ecdng v\u1ec1 an ninh th\u00f4ng tin, l\u00e0m l\u1ed9 ho\u1eb7c r\u00f2 r\u1ec9 c\u00e1c d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m nh\u01b0 m\u1eadt kh\u1ea9u, kh\u00f3a m\u00e3 h\u00f3a, ho\u1eb7c th\u00f4ng tin b\u00ed m\u1eadt kh\u00e1c c\u1ee7a h\u1ec7 th\u1ed1ng.<\/p>\n<p>C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y c\u00f3 th\u1ec3 cho ph\u00e9p hacker khai th\u00e1c t\u00edn hi\u1ec7u v\u00f4 t\u00ecnh r\u00f2 r\u1ec9 t\u1eeb thi\u1ebft b\u1ecb, nh\u01b0 ti\u00eau th\u1ee5 \u0111i\u1ec7n n\u0103ng, s\u00f3ng \u0111i\u1ec7n t\u1eeb, ho\u1eb7c \u00e2m thanh ph\u00e1t ra trong qu\u00e1 tr\u00ecnh thi\u1ebft b\u1ecb ho\u1ea1t \u0111\u1ed9ng, \u0111\u1ec3 t\u1eeb \u0111\u00f3 m\u1edf kh\u00f3a ho\u1eb7c c\u00f3 \u0111\u01b0\u1ee3c th\u00f4ng tin m\u00e0 kh\u00f4ng c\u1ea7n x\u00e2m nh\u1eadp tr\u1ef1c ti\u1ebfp v\u00e0o h\u1ec7 th\u1ed1ng.<\/p>\n<figure id=\"attachment_32819\" aria-describedby=\"caption-attachment-32819\" style=\"width: 816px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32819\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Hau-qua-cua-cuoc-Side-channel-Attack.jpg\" alt=\"H\u1eadu qu\u1ea3 c\u1ee7a cu\u1ed9c Side-channel Attack\" width=\"816\" height=\"431\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Hau-qua-cua-cuoc-Side-channel-Attack.jpg 816w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Hau-qua-cua-cuoc-Side-channel-Attack-300x158.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Hau-qua-cua-cuoc-Side-channel-Attack-768x406.jpg 768w\" sizes=\"auto, (max-width: 816px) 100vw, 816px\" \/><figcaption id=\"caption-attachment-32819\" class=\"wp-caption-text\">H\u1eadu qu\u1ea3 c\u1ee7a cu\u1ed9c Side-channel Attack<\/figcaption><\/figure>\n<p>C\u00e1c h\u1eadu qu\u1ea3 c\u1ee5 th\u1ec3 g\u1ed3m:<\/p>\n<ul>\n<li>R\u00f2 r\u1ec9 d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m trong qu\u00e1 tr\u00ecnh m\u00e3 h\u00f3a, l\u00e0m suy y\u1ebfu kh\u1ea3 n\u0103ng b\u1ea3o m\u1eadt c\u1ee7a c\u00e1c thu\u1eadt to\u00e1n m\u00e3 h\u00f3a hi\u1ec7n \u0111\u1ea1i, k\u1ec3 c\u1ea3 m\u00e3 h\u00f3a Homomorphic.<\/li>\n<li>H\u00ecnh \u1ea3nh ho\u1eb7c th\u00f4ng tin truy\u1ec1n qua c\u00e1c thi\u1ebft b\u1ecb nh\u01b0 camera c\u00f3 th\u1ec3 b\u1ecb nghe l\u00e9n qua s\u00f3ng \u0111i\u1ec7n t\u1eeb r\u00f2 r\u1ec9, g\u00e2y m\u1ea5t quy\u1ec1n ri\u00eang t\u01b0 nghi\u00eam tr\u1ecdng.<\/li>\n<li>Trong m\u00f4i tr\u01b0\u1eddng \u0111i\u1ec7n to\u00e1n \u0111\u00e1m m\u00e2y, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 \u0111\u1eb7t m\u00e1y \u1ea3o \u0111\u1ed9c h\u1ea1i tr\u00ean m\u00e1y ch\u1ee7 v\u1eadt l\u00fd chung, t\u1eeb \u0111\u00f3 truy xu\u1ea5t th\u00f4ng tin b\u00ed m\u1eadt c\u1ee7a c\u00e1c kh\u00e1ch h\u00e0ng kh\u00e1c tr\u00ean c\u00f9ng h\u1ec7 th\u1ed1ng.<\/li>\n<li>L\u00e0m gi\u00e1n \u0111o\u1ea1n ho\u1eb7c thao t\u00fang ho\u1ea1t \u0111\u1ed9ng c\u1ee7a h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau, t\u1eeb \u0111\u00f3 g\u00e2y m\u1ea5t \u1ed5n \u0111\u1ecbnh v\u00e0 r\u1ee7i ro v\u1ec1 an ninh.<\/li>\n<li>M\u1ea5t an to\u00e0n cho c\u00e1c thi\u1ebft b\u1ecb IoT v\u00e0 c\u00e1c h\u1ec7 th\u1ed1ng nh\u00fang do thi\u1ebfu bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 ch\u1ed1ng l\u1ea1i t\u1ea5n c\u00f4ng k\u00eanh b\u00ean.<\/li>\n<\/ul>\n<p>Side-channel Attack c\u00f3 th\u1ec3 l\u00e0m l\u1ed9 th\u00f4ng tin quan tr\u1ecdng, \u1ea3nh h\u01b0\u1edfng l\u1edbn \u0111\u1ebfn t\u00ednh b\u1ea3o m\u1eadt, quy\u1ec1n ri\u00eang t\u01b0, v\u00e0 an to\u00e0n c\u1ee7a h\u1ec7 th\u1ed1ng m\u00e1y t\u00ednh v\u00e0 thi\u1ebft b\u1ecb \u0111i\u1ec7n t\u1eed.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-cong-cu-tan-cong-Side-channel\"><\/span><strong>C\u00e1c c\u00f4ng c\u1ee5 t\u1ea5n c\u00f4ng Side-channel<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Th\u1ef1c hi\u1ec7n m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng Side-channel \u0111\u00f2i h\u1ecfi s\u1ef1 k\u1ebft h\u1ee3p gi\u1eefa ph\u1ea7n c\u1ee9ng v\u00e0 ph\u1ea7n m\u1ec1m chuy\u00ean d\u1ee5ng. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn:<\/p>\n<ul>\n<li><strong>M\u00e1y hi\u1ec7n s\u00f3ng (Oscilloscope):<\/strong> D\u00f9ng \u0111\u1ec3 \u0111o l\u01b0\u1eddng v\u00e0 hi\u1ec3n th\u1ecb \u0111\u1ed3 th\u1ecb \u0111i\u1ec7n \u00e1p, gi\u00fap ph\u00e2n t\u00edch m\u1ee9c ti\u00eau th\u1ee5 \u0111i\u1ec7n n\u0103ng.<\/li>\n<li><strong>\u0110\u1ea7u d\u00f2 \u0111i\u1ec7n t\u1eeb (EM Probe):<\/strong> Thu th\u1eadp c\u00e1c t\u00edn hi\u1ec7u \u0111i\u1ec7n t\u1eeb ph\u00e1t ra t\u1eeb vi m\u1ea1ch.<\/li>\n<li><strong>B\u1ed9 ph\u00e2n t\u00edch logic (Logic Analyzer):<\/strong> Ghi l\u1ea1i c\u00e1c t\u00edn hi\u1ec7u s\u1ed1, ph\u1ee5c v\u1ee5 cho vi\u1ec7c ph\u00e2n t\u00edch th\u1eddi gian.<\/li>\n<li><strong>C\u00e1c th\u01b0 vi\u1ec7n m\u00e3 ngu\u1ed3n m\u1edf:<\/strong> C\u00e1c th\u01b0 vi\u1ec7n nh\u01b0 ChipWhisperer hay c\u00e1c c\u00f4ng c\u1ee5 tr\u00ean GitHub cung c\u1ea5p khung s\u01b0\u1eddn v\u00e0 m\u00e3 m\u1eabu \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng Side-channel, gi\u00fap c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u v\u00e0 hacker m\u00f4 ph\u1ecfng, th\u1eed nghi\u1ec7m c\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng v\u00e0 ph\u00f2ng th\u1ee7.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Cach-phong-chong-Side-channel-Attack-hieu-qua\"><\/span><strong>C\u00e1ch ph\u00f2ng ch\u1ed1ng Side-channel Attack hi\u1ec7u qu\u1ea3<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ph\u00f2ng ch\u1ed1ng Side-channel Attack l\u00e0 m\u1ed9t th\u00e1ch th\u1ee9c l\u1edbn, nh\u01b0ng kh\u00f4ng ph\u1ea3i l\u00e0 kh\u00f4ng th\u1ec3, c\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ch\u1ed1ng c\u1ea7n \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng \u0111\u1ed3ng b\u1ed9 \u1edf c\u1ea3 c\u1ea5p \u0111\u1ed9 ph\u1ea7n c\u1ee9ng v\u00e0 ph\u1ea7n m\u1ec1m.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Phong-chong-o-cap-phan-mem\"><\/span><strong>Ph\u00f2ng ch\u1ed1ng \u1edf c\u1ea5p ph\u1ea7n m\u1ec1m<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Thu\u1eadt to\u00e1n m\u00e3 h\u00f3a ch\u1ed1ng timing attack:<\/strong> S\u1eed d\u1ee5ng c\u00e1c thu\u1eadt to\u00e1n \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 ho\u1ea1t \u0111\u1ed9ng v\u1edbi th\u1eddi gian th\u1ef1c thi c\u1ed1 \u0111\u1ecbnh, kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o gi\u00fap ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng d\u1ef1a tr\u00ean th\u1eddi gian.<\/li>\n<li><strong>Randomization (Ng\u1eabu nhi\u00ean h\u00f3a):<\/strong> \u0110\u01b0a th\u00eam c\u00e1c y\u1ebfu t\u1ed1 ng\u1eabu nhi\u00ean v\u00e0o qu\u00e1 tr\u00ecnh th\u1ef1c thi \u0111\u1ec3 l\u00e0m nhi\u1ec5u lo\u1ea1n c\u00e1c t\u00edn hi\u1ec7u k\u00eanh ph\u1ee5, k\u1ef9 thu\u1eadt n\u00e0y l\u00e0m cho vi\u1ec7c ph\u00e2n t\u00edch d\u1eef li\u1ec7u tr\u1edf n\u00ean kh\u00f3 kh\u0103n h\u01a1n.<\/li>\n<li><strong>Secure coding:<\/strong> L\u1eadp tr\u00ecnh vi\u00ean c\u1ea7n tu\u00e2n th\u1ee7 c\u00e1c nguy\u00ean t\u1eafc an to\u00e0n, tr\u00e1nh \u0111\u1ec3 l\u1ed9 th\u00f4ng tin qua c\u00e1c lu\u1ed3ng d\u1eef li\u1ec7u kh\u00f4ng mong mu\u1ed1n.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Phong-chong-o-cap-phan-cung\"><\/span><strong>Ph\u00f2ng ch\u1ed1ng \u1edf c\u1ea5p ph\u1ea7n c\u1ee9ng<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Shielding (Che ch\u1eafn):<\/strong> S\u1eed d\u1ee5ng c\u00e1c l\u1edbp v\u1eadt li\u1ec7u \u0111\u1eb7c bi\u1ec7t \u0111\u1ec3 che ch\u1eafn thi\u1ebft b\u1ecb, gi\u1ea3m thi\u1ec3u s\u1ef1 r\u00f2 r\u1ec9 c\u1ee7a t\u00edn hi\u1ec7u \u0111i\u1ec7n t\u1eeb.<\/li>\n<li><strong>Constant Power Design:<\/strong> Thi\u1ebft k\u1ebf m\u1ea1ch sao cho m\u1ee9c ti\u00eau th\u1ee5 \u0111i\u1ec7n n\u0103ng lu\u00f4n \u1ed5n \u0111\u1ecbnh, kh\u00f4ng thay \u0111\u1ed5i theo d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c x\u1eed l\u00fd, t\u1eeb \u0111\u00f3 v\u00f4 hi\u1ec7u h\u00f3a t\u1ea5n c\u00f4ng d\u1ef1a tr\u00ean \u0111i\u1ec7n n\u0103ng.<\/li>\n<li><strong>Cache Partitioning:<\/strong> Ph\u00e2n chia b\u1ed9 nh\u1edb \u0111\u1ec7m \u0111\u1ec3 c\u00e1c ti\u1ebfn tr\u00ecnh kh\u00e1c nhau kh\u00f4ng th\u1ec3 truy c\u1eadp ho\u1eb7c can thi\u1ec7p v\u00e0o b\u1ed9 nh\u1edb \u0111\u1ec7m c\u1ee7a nhau, gi\u1ea3m thi\u1ec3u r\u1ee7i ro t\u1eeb Cache Attack.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Best-practices\"><\/span><strong>Best practices<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>C\u1eadp nh\u1eadt h\u1ec7 th\u1ed1ng th\u01b0\u1eddng xuy\u00ean:<\/strong> C\u00e1c nh\u00e0 s\u1ea3n xu\u1ea5t chip nh\u01b0 Intel, AMD v\u00e0 ARM li\u00ean t\u1ee5c ph\u00e1t h\u00e0nh c\u00e1c b\u1ea3n v\u00e1 ph\u1ea7n m\u1ec1m v\u00e0 firmware \u0111\u1ec3 kh\u1eafc ph\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng Side-channel nh\u01b0 Spectre v\u00e0 Meltdown. Vi\u1ec7c c\u1eadp nh\u1eadt l\u00e0 r\u1ea5t quan tr\u1ecdng \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n.<\/li>\n<li><strong>S\u1eed d\u1ee5ng ph\u1ea7n c\u1ee9ng tin c\u1eady:<\/strong> L\u1ef1a ch\u1ecdn c\u00e1c thi\u1ebft b\u1ecb v\u00e0 chip \u0111\u00e3 \u0111\u01b0\u1ee3c ki\u1ec3m tra v\u00e0 ch\u1ee9ng nh\u1eadn v\u1ec1 b\u1ea3o m\u1eadt.<\/li>\n<li><strong>Ki\u1ec3m th\u1eed b\u1ea3o m\u1eadt \u0111\u1ecbnh k\u1ef3:<\/strong> C\u00e1c t\u1ed5 ch\u1ee9c n\u00ean th\u1ef1c hi\u1ec7n c\u00e1c b\u00e0i ki\u1ec3m tra x\u00e2m nh\u1eadp (penetration testing) v\u00e0 \u0111\u00e1nh gi\u00e1 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u1ecbnh k\u1ef3 \u0111\u1ec3 ph\u00e1t hi\u1ec7n v\u00e0 kh\u1eafc ph\u1ee5c s\u1edbm c\u00e1c \u0111i\u1ec3m y\u1ebfu.<\/li>\n<\/ul>\n<p>T\u1ea5n c\u00f4ng Side-channel l\u00e0 m\u1ed9t l\u1eddi nh\u1eafc nh\u1edf r\u1eb1ng b\u1ea3o m\u1eadt kh\u00f4ng ch\u1ec9 d\u1eebng l\u1ea1i \u1edf m\u00e3 h\u00f3a v\u00e0 t\u01b0\u1eddng l\u1eeda, c\u00e1c th\u00f4ng tin t\u01b0\u1edfng ch\u1eebng v\u00f4 h\u1ea1i nh\u01b0 th\u1eddi gian, \u0111i\u1ec7n n\u0103ng hay nhi\u1ec7t \u0111\u1ed9 c\u0169ng c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh v\u0169 kh\u00ed trong tay k\u1ebb t\u1ea5n c\u00f4ng.<\/p>\n<p>Vi\u1ec7c hi\u1ec3u r\u00f5 v\u1ec1 <strong>t\u1ea5n c\u00f4ng Side-channel l\u00e0 g\u00ec<\/strong> v\u00e0 c\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a n\u00f3 kh\u00f4ng ch\u1ec9 gi\u00fap b\u1ea1n nh\u1eadn bi\u1ebft \u0111\u01b0\u1ee3c m\u1ed1i nguy hi\u1ec3m m\u00e0 c\u00f2n trang b\u1ecb cho b\u1ea1n ki\u1ebfn th\u1ee9c c\u1ea7n thi\u1ebft \u0111\u1ec3 x\u00e2y d\u1ef1ng c\u00e1c h\u1ec7 th\u1ed1ng an to\u00e0n v\u00e0 \u0111\u00e1ng tin c\u1eady h\u01a1n.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An ninh m\u1ea1ng ng\u00e0y c\u00e0ng tr\u1edf n\u00ean ph\u1ee9c t\u1ea1p, b\u00ean c\u1ea1nh nh\u1eefng cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng tr\u1ef1c ti\u1ebfp nh\u01b0 ransomware hay phishing, m\u1ed9t m\u1ed1i \u0111e d\u1ecda tinh vi h\u01a1n \u0111ang \u00e2m th\u1ea7m t\u1ed3n t\u1ea1i: t\u1ea5n c\u00f4ng Side-channel.\u00a0V\u1eady, t\u1ea5n c\u00f4ng Side-channel l\u00e0 g\u00ec v\u00e0 t\u1ea1i sao ch\u00fang l\u1ea1i nguy hi\u1ec3m \u0111\u1ebfn v\u1eady? B\u00e0i vi\u1ebft n\u00e0y s\u1ebd<\/p>\n","protected":false},"author":11,"featured_media":32820,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83],"tags":[],"class_list":["post-32816","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bao-mat-an-ninh-mang"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/32816","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=32816"}],"version-history":[{"count":2,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/32816\/revisions"}],"predecessor-version":[{"id":32822,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/32816\/revisions\/32822"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/32820"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=32816"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=32816"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=32816"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}