1 files changed, 55 insertions, 1 deletions

diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md
index 95e857c..434ace8 100644
--- a/en_GB/Introduction to Information Security/introduction_to_information_security.md
+++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md
@@ -214,6 +214,11 @@ Using a biometric scheme with $\text{FMR} = 0.01\%$ and a database of size $\tex
 
 ## Encryption
 
+### Kerckhoffs' Principle
+
+Do not rely on the secrecy of the algorithm; only the keys have to be secret.  
+*Security by obscurity* is nonsense.
+
 ### Cipher
 
 #### Block Cipher
@@ -337,10 +342,59 @@ Infrastructure providing the service of public key distribution.
 - Extended Validation SSL Certificate (EV cert)  
   Expensive. CA checks same as *OV* + official record matching.
 
+## Crypto Analysis
+
+### Side Channel Analysis
+
+*Side Channel Analysis* focuses on analyzing unintended *side-channels*, which might not have respected enough in security design.  
+*Side-channels* are all communication channels not used for main communication.
+In many embedded devices, IO pins are the main channel of communication. Any other channel is a *side-channel*.  
+The attack focus moves from the logical layer (algorithms) to the physical layer (time, power etc.).
+
+### Simple Power Analysis (SPA)
+
+Every instruction/data consumes a specific amount of power. This power is measurable in execution time.
+So measuring current power consumption allows the attacker to conclude to the currently executed instruction / accessed data!
+
+#### Defences
+
+- Execute leaking instructions on full time anyways, even if they are not needed.
+- Make executions input-independent
+
+### Differential Power Analysis (DPA)
+
+Similar to *SPA*, but *DPA* focuses on the change of values. Precisely, is analyzes the effects correlated to the change of values.  
+Data depends on inputs. Now the attacker tries different inputs and observes data changes by constantly measuring the power.
+
+### Timing Analysis
+
+Runtime of algorithms might depend on input data. If the data can be split into chunks, currect chunks might take a different time
+than incorrect ones. Also, the time it takes might depend on the number of correct chunks, (e.g. n correct chunks and k incorrect chunks
+may take a different time to process than n-1 correct and k+1 incorrect ones).  
+
+#### Example
+
+The algorithm that checks a password checks the input char by char, from left to right. *It stops checking the rest of the characters, if one character is wrong.*
+The password is `IntroSec`.
+
+1. The attacker guesses `testtest`. The algorithm takes 100 ns to process.
+2. The attacker guesses `Iesttest`. The algorithm takes 110 ns to process. Now the attacker learned that the first character is likely to be correct.
+3. The attacker guesses `Itsttest`. The alogrithm takes 110 ns to process. The attacker detects no significant change in processing time,
+   so it is likely that there is no new correct char.
+4. The attacker continues, learning char by char for each processing time increase, until he got the full password.
+
 ## Threat scenarios
 
 No security issues without threat models! E.g. a password is considered safe without any provided threat model.
 
+### Passive Attack
+
+Attacker only reads data from a communication channel.
+
+### Active Attack
+
+Attacker inserts, alters or deletes data on a communication channel.
+
 ### Smurf attack
 
 Attacker sends out ICMP ping request with spoofed sender IP address of the victim to the broadcast of some network.
@@ -377,7 +431,7 @@ Victim enters his password and the attacker captures the data forwarded by the f
 1. Session begins, server issues session ID (SID), which gets stored as a client cookie.
 2. A client changes his own SID cookie according to a SID of another client, therefore hijacking the session and being able to do everything the other client can do.  
    He can do this by  
-2.1 Brute-force.
+2.1 Brute-force.  
 2.2 Having access to the cookie and simply reading it out (security failure).
 
 #### Countermeasures