Filters








11 Hits in 1.8 sec

CacheBleed: A Timing Attack on OpenSSL Constant Time RSA [chapter]

Yuval Yarom, Daniel Genkin, Nadia Heninger
2016 Lecture Notes in Computer Science  
The scatter-gather technique is a commonly-implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant-time.  ...  We implement a cache timing attack against the scatter-gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f.  ...  Acknowledgements We would like to thank Dan Bernstein for suggesting the name CacheBleed.  ... 
doi:10.1007/978-3-662-53140-2_17 fatcat:3xgfqb3ivvbyddzlepubwtuubq

CacheBleed: a timing attack on OpenSSL constant-time RSA

Yuval Yarom, Daniel Genkin, Nadia Heninger
2017 Journal of Cryptographic Engineering  
The scatter-gather technique is a commonly-implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant-time.  ...  We implement a cache timing attack against the scatter-gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f.  ...  Acknowledgements We would like to thank Dan Bernstein for suggesting the name CacheBleed.  ... 
doi:10.1007/s13389-017-0152-y fatcat:hz6rxityondvlcxzrzgaotjpri

Special Issue on "Side Channel Attacks"

Seokhie Hong
2019 Applied Sciences  
Cryptosystems are widely used in a growing number of embedded applications, such as smart cards, smart phones, Internet of Things (IoT) devices, and so on [...]  ...  CacheBleed: A timing attack on OpenSSL constant-time RSA. J. Cryptogr. Eng. 2017, 7, 99-112. [CrossRef] 30. Doychev, G.; Köpf, B.; Mauborgne, L.; Reineke, J.  ...  Cache-Timing Attacks on RSA Key Generation. IACR Cryptol. ePrint Arch. 2018, 2018, 367. 34. Deng, S.; Xiong, W.; Szefer, J. Analysis of Secure Caches and Timing-Based Side-Channel Attacks.  ... 
doi:10.3390/app9091881 fatcat:uo7wiucsufbv3n4kusbzfyo7ue

Introduction to the CHES 2016 special issue

Benedikt Gierlichs, Axel Y. Poschmann
2017 Journal of Cryptographic Engineering  
CacheBleed: A Timing Attack on OpenSSL Constant Time RSA is an example for a local attack vector that is used to remotely attack a cloud instance.  ...  A by-product of the merger of these two domains is an ever-growing cross-fertilization of attack vectors previously only applied in one domain, which are now applied to the other domain.  ... 
doi:10.1007/s13389-017-0158-5 fatcat:3v7bwqafjnhvxfswnv33mtewfi

A survey of microarchitectural timing attacks and countermeasures on contemporary hardware

Qian Ge, Yuval Yarom, David Cock, Gernot Heiser
2016 Journal of Cryptographic Engineering  
We classify types of attacks according to a taxonomy of the shared resources leveraged for such attacks. Moreover, we take a detailed look at attacks used against shared caches.  ...  Microarchitectural timing channels expose hidden hardware state though timing.  ...  The attack is able to identify the cache bank that stores each of the multipliers used during the exponentiation in the OpenSSL "constant time" RSA implementation [34, 68] , allowing a complete private  ... 
doi:10.1007/s13389-016-0141-6 fatcat:7fvkr7h54rbl5mx6vrochsgtkm

Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for RSA

Maria Mushtaq, Muhammad Asim Mukhtar, Vianney Lapotre, Muhammad Khurram Bhatti, Guy Gogniat
2020 Information Systems  
It provides a detailed taxonomy of attacks on RSA cryptosystems and discusses their strengths and weaknesses while attacking different algorithmic implementations of RSA.  ...  J o u r n a l P r e -p r o o f Abstract-Timing-based side-channels play an important role in exposing the state of a process execution on underlying hardware by revealing information about timing and access  ...  This technique describes the fact that scatter-gather technique is not time constant and it is exploited in CacheBleed [7] .  ... 
doi:10.1016/j.is.2020.101524 fatcat:odegutokz5hrhmwsznlc7px6qm

Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend [article]

Ivan Puddu, Moritz Schneider, Miro Haller, Srdjan Čapkun
2021 arXiv   pre-print
We introduce a new timing side-channel attack on Intel CPU processors.  ...  In particular, we observe that in modern Intel CPUs, some instructions' execution times will depend on which operations precede and succeed them, and on their virtual addresses.  ...  Acknowledgements We would like to thank Kaveh Razavi for insightful discussions about the root causes of the Frontal attack and Kari Kostiainen for his feedback on early drafts of this paper.  ... 
arXiv:2005.11516v4 fatcat:2zgok2qltbcoji3v2uixdkrvgu

MemJam: A False Dependency Attack against Constant-Time Crypto Implementations [article]

Ahmad Moghimi, Thomas Eisenbarth, Berk Sunar
2017 pre-print
As a proof of concept, we demonstrate the first key recovery attacks on a constant-time implementation of AES, and a SM4 implementation with cache protection in the current Intel Integrated Performance  ...  Further, we demonstrate the first intra cache level timing attack on SGX by reproducing the AES key recovery results on an enclave that performs encryption using the aforementioned constant-time implementation  ...  A great example is the cache bank conflicts attack on OpenSSL RSA scatter-gather implementation: it shows that adversaries with intra cache level resolution can successfully bypass constant-time techniques  ... 
doi:10.1007/s10766-018-0611-9 arXiv:1711.08002v1 fatcat:hdc47f52wrh73nv7wjfsow472y

Secure Multiparty Computation from SGX [chapter]

Raad Bahmani, Manuel Barbosa, Ferdinand Brasser, Bernardo Portela, Ahmad-Reza Sadeghi, Guillaume Scerri, Bogdan Warinschi
2017 Lecture Notes in Computer Science  
Furthermore, we show the cost induced by using constant-time, i.e., timing side channel resilient, code in our implementation.  ...  The communication and computational load for a user comprises a standard key exchange, a constant number of public key signature verifications, and the secure transfer of inputs/outputs to/from the functionality  ...  good description of this model is available on the web site of the recent CacheBleed attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/).  ... 
doi:10.1007/978-3-319-70972-7_27 fatcat:wunetkom2fbatjfy4ebzadb2d4

Enclave Computing Paradigm: Hardware-assisted Security Architectures & Applications

Franz Ferdinand Peter Brasser
2020
TEEs provide isolated compartments within a single system, allowing isolated operation of a system's individual components and applications.  ...  The Trusted Execution Environment (TEE) concept overcomes the dependence of security critical components on the systems overall security.  ...  RSA Attack. The first target for our attack was the RSA algorithm.  ... 
doi:10.25534/tuprints-00011912 fatcat:2xf7ax7tcvbhrn76cdvcesfj6e

Μελέτη και αξιολόγηση μηχανισμών προστασίας από επιθέσεις παράπλευρων καναλιών υποθετικής εκτέλεσης [article]

Theodoros Trochatos, National Technological University Of Athens
2022
Cachebleed: A timing attack on openssl constant time rsa. In CHES, 2016. [37] Yuval Yarom and Katrina Falkner.  ...  This stall time depends on the frequency of squashes and the stall-time per squash.  ... 
doi:10.26240/heal.ntua.21984 fatcat:t3cnbxtvcnbyni3oy766balv6a