Month: June 2024

React QR Code Generator

React QR Code Generator in use.
React QR Code generator in action.

As a side project to keep my mind sharp while on break, I decided to work with React some more. Most of the work I have done so far was with plain react not using external libraries. I decided to work with some external packages on this project. I am also avoiding the use of APIs as they create latency and I wanted to dynamically create the QR code.

First I created a plain JS Vite project using:

npm create vite@latest

React-colorful

I found two useful libraries for this project, qr-code and colorful, which will allow me to create the QR codes and pick their colours visually. React-colorful outputs a hex value of the colour which works well with react-qr-code. React-colorful works by having the colour value as a state and the onChange as the set function. This allows my site to dynamically update the QR code when the colour values are changed.

QR Codes

The qr-code library uses a fairly simple format for generating QR codes as shown above. As the three middle variables are states any time any of them are updated the element is re-rendered. This means any time the user changes any of the three the page will dynamically update the QR code. QR codes are output as SVG tags within the HTML DOM and therefore you cannot save by right-clicking. This would be an issue if I wanted to host this site publically but the current format is fine for my learning.

Conclusion

I made a few small HTML and CSS changes that cleaned up the look of the web app and I am pretty happy with how It has turned out. React has certainly been a great tool to add to my repertoire this year. It has made the development of web applications significantly easier than the traditional PHP method that I initially learnt. It makes prototypes such as this much quicker to produce and the variety of packages and APIs available are great assets.

Side-Channel Attack on LLC

Introduction

This semester I am taking a Cyber Security class and for the final assignment, I was tasked with performing a side-channel attack on a computer’s LLC(Last Level Cache).

Much like the last assignment to simulate quantum key encryption, there are two parts to the assignment. I was to create both a program and write a short report on the assignment. My report should cover both the theory behind the attack and the effectiveness of the program I created. To write the report I used LaTeX as I have found it to be a very effective tool this semester. I am writing the program for this assignment in Java though most languages should be effective.

What is a Side-Channel Attack?

First off I should explain what a side channel attack is. A side-channel attack is a method by which one can infer information about a computer or a program using indirect methods. If you want to learn more about side-channel attacks I would highly recommend reading about the Meltdown and Spectre vulnerabilities. The example for this assignment is inferring the size of the LLC of a computer’s CPU. Therefore to perform a side channel attack I must find an indirect way to infer the size of a computer’s LLC.

My Side-Channel Attack

After reading the article we were provided with when given the assignment I then decided on using differently sized arrays. I will measure the time needed to access data in the array and this should allow me to infer the cache size. I will step through the different sizes of arrays and measure a value for each. Plotting these values should allow me to see a spike in time which means we are having cache misses.

I used arrays from 1Kb in size up to 64Mb doubling at each step. For each size I will run 100 tests, each test will consist of incrementing values in the array 1 million times. Each test will be timed and the times for each size will be averaged. This should allow us to get an accurate value for each size without running into any outliers.

We will use two different methods to determine which element of an array we access. A random method, and a sequential method. This is another requirement of the assignment is that I test multiple methods for my attack.

Side-Channel Attack output
Output of Random Access Side-Channel Attack

The Report

I wrote a short report (5-page limit) on my methodology for the attack and the results I got from said attacks. I wrote this report using LaTeX as I have found it to be a very useful tool this semester. Included in the report were graphs of my results and an analysis of my results for each method. If you wish to read it in full the PDF is available below.

main.pdfDownload

Disclaimer

Though it should go without saying I will say. This is all for purely educational purposes. Do not run software of this kind on any systems you do not have permission to use. Also, ensure when testing software of this kind you are doing so in a secure environment and are in compliance with all local laws and regulations.