ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company's code-signing service runs in a self-managed hardware security module (HSM). Monitoring shows an external actor is collecting fine-grained measurements of how long the HSM takes to perform 2048-bit RSA private-key operations on different inputs, likely to derive key bits. Which mitigation is most effective against this side-channel attack without changing the cryptographic algorithm or key length?
Prepend a random salt to each message before signing to randomize the input data.
Modify the HSM firmware so all RSA private-key operations run in constant time, removing timing variability.
Rotate the RSA key every 24 hours to limit the window of exposure if a key is compromised.
Increase the RSA key size from 2048 bits to 4096 bits to make brute-force attacks impractical.
Timing attacks exploit the fact that some cryptographic implementations take variable time to process different inputs, allowing an attacker to infer secret information such as private-key bits. The most effective countermeasure is to make every operation take the same amount of time, eliminating the timing signal. Implementing constant-time algorithms or applying techniques like RSA blinding forces the HSM to perform computations in a uniform manner, preventing attackers from correlating execution time with key material. Simply lengthening the key or rotating it does not remove the underlying timing leakage, and salting the data before signing affects the message digest, not the private-key operation whose timing is being measured.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a side-channel attack?
Open an interactive chat with Bash
What does constant-time computation mean in cryptography?
Open an interactive chat with Bash
How does RSA blinding help prevent timing attacks?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .