Filters








30 Hits in 5.0 sec

Verifiable Side-Channel Security of Cryptographic Implementations: Constant-Time MEE-CBC [chapter]

José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir
2016 Lecture Notes in Computer Science  
To solve this problem, we define a methodology for proving security of implementations in the presence of timing attackers: first, prove black-box security of an algorithmic description of a cryptographic  ...  This bug (now fixed) allowed bypassing the balancing countermeasures against timing attacks deployed in the implementation of the MAC-then-Encode-then-CBC-Encrypt (MEE-CBC) component, creating a timing  ...  The figures for our verified implementation of MEE-CBC show both the cost of formal verification and the cost of full constant-time guarantees.  ... 
doi:10.1007/978-3-662-52993-5_9 fatcat:w63ll54mvbefrkl36eij3fhf5a

Verifying Constant-Time Implementations

José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Michael Emmi
2016 USENIX Security Symposium  
This makes automated verification of constant-time code an essential component for building secure software. We propose a novel approach for verifying constanttime security of real-world code.  ...  Our approach is based on a simple reduction of constant-time security of a program P to safety of a product program Q that simulates two executions of P.  ...  Acknowledgements The first two authors were funded by Project "TEC4Growth -Pervasive Intelligence, Enhancers and Proofs of Concept with Industrial Impact/NORTE-01-0145-FEDER-000020", which is financed  ... 
dblp:conf/uss/AlmeidaBBDE16 fatcat:7mhfdhrxrfhrrgr3atqbjerb3a

Verifying constant-time implementations by abstract interpretation

Sandrine Blazy, David Pichardie, Alix Trieu
2019 Journal of Computer Security  
Constant-time programming is an established discipline to secure programs against timing attackers.  ...  We present verification results on various real-world constant-time programs and report on a successful verification of a challenging SHA-256 implementation that was out of scope of previous tool-assisted  ...  The authors also implemented a verified analyzer to ensure absence of timing and cache based side channels.  ... 
doi:10.3233/jcs-181136 fatcat:bwmih55tzravnath74fwwi3tpy

Verifying Constant-Time Implementations by Abstract Interpretation [chapter]

Sandrine Blazy, David Pichardie, Alix Trieu
2017 Lecture Notes in Computer Science  
Constant-time programming is an established discipline to secure programs against timing attackers.  ...  We present verification results on various real-world constant-time programs and report on a successful verification of a challenging SHA-256 implementation that was out of scope of previous tool-assisted  ...  The authors also implemented a verified analyzer to ensure absence of timing and cache based side channels.  ... 
doi:10.1007/978-3-319-66402-6_16 fatcat:skkbqsdq2neohd3uxscudvdq4a

Enforcing fine-grained constant-time policies [article]

Basavesh Ammanaghatta Shivakumar, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Swarn Priya
2022 IACR Cryptology ePrint Archive  
Cryptographic constant-time (CT) is a popular programming discipline used by cryptographic libraries to protect themselves against timing attacks.  ...  We found a bug in OpenSSL and provided a formally verified fix.  ...  We would then use this extension to prove preservation of constant-time and to formally verify constanttime of a broad corpus of cryptographic implementations.  ... 
dblp:journals/iacr/ShivakumarBGLP22 fatcat:wkrzckmqbvgnxmrlowmqutkkq4

Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS [chapter]

Martin R. Albrecht, Kenneth G. Paterson
2016 Lecture Notes in Computer Science  
At the time of its release, Amazon announced that s2n had undergone three external security evaluations and penetration tests.  ...  Our work highlights the challenges of protecting implementations against sophisticated timing attacks.  ...  of this work.  ... 
doi:10.1007/978-3-662-49890-3_24 fatcat:lv4a4ukxeradpcy53iwoawbfda

FaCT: a DSL for timing-sensitive computation

Sunjay Cauligi, Deian Stefan, Gary Soeller, Brian Johannesmeyer, Fraser Brown, Riad S. Wahby, John Renner, Benjamin Grégoire, Gilles Barthe, Ranjit Jhala
2019 Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation - PLDI 2019  
We thank the participants of the Dagstuhl Seminar on Secure Compilation for early feedback on this work, especially Tamara Rezk.  ...  curve implementations.  ...  Almeida et. al [4] verify AWS Lab's s2n MEE-CBC implementation (after identifying a vulnerability); they also verify security properties of NaCl libraries [6] .  ... 
doi:10.1145/3314221.3314605 dblp:conf/pldi/CauligiSJBWRGBJ19 fatcat:2ildtv2lx5fh5plm7vt2hwwit4

Machine-Checked Proofs for Cryptographic Standards

José Bacelar Almeida, Pierre-Yves Strub, Cécile Baritel-Ruet, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Alley Stoughton
2019 Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security - CCS '19  
Our implementation is the first to achieve simultaneously the four desirable properties (efficiency, correctness, provable security, and side-channel protection) for a non-trivial cryptographic primitive  ...  Our implementation is written in the Jasmin programming language, and is formally verified for functional correctness, provable security and timing attack resistance in the EasyCrypt proof assistant.  ...  to prove the INT-PTXT security of a compiled executable implementation of TLS 1.2's notorious MAC-then-Encode-then-CBC-Encrypt (TLS-MEE-CBC) against timing-aware attackers.  ... 
doi:10.1145/3319535.3363211 dblp:conf/ccs/AlmeidaBBBDGL0S19 fatcat:ywk5fizlmrcoti6g3uhph7s7h4

Lucky 13 Strikes Back

Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar
2015 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15  
Our version of the attack exploits distinguishable cache access times enabled by VM deduplication to detect dummy function calls that only happen in case of an incorrectly CBC-padded TLS packet.  ...  In fact, the new side channel is significantly more accurate, thus yielding a much more effective attack. We briefly survey prominent cryptographic libraries for this vulnerability.  ...  In essence, all libraries were fixed to remove the timing side channel exploited by Lucky 13, i.e. implementations were updated to handle different CBC-paddings in constant time.  ... 
doi:10.1145/2714576.2714625 dblp:conf/ccs/ApececheaIES15 fatcat:wdfl4jazofas7j5vp2chs7jjcq

Lucky Thirteen: Breaking the TLS and DTLS Record Protocols

N. J. Al Fardan, K. G. Paterson
2013 2013 IEEE Symposium on Security and Privacy  
The attacks are based on a delicate timing analysis of decryption processing in the two protocols.  ...  Finally, we discuss the wider implications of our attacks for the cryptographic design used by TLS and DTLS.  ...  Careful implementation of MEE-TLS-CBC decryption: Our final option is to encourage more careful implementation of MEE-TLS-CBC decryption.  ... 
doi:10.1109/sp.2013.42 dblp:conf/sp/AlFardanP13 fatcat:uipdsa4jxzafjgy3kltnzgifie

STACCO

Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks.  ...  We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave  ...  Security Analysis of TLS Implementations There has been work on verifying constant-time implementation for SSL/TLS libraries [14, 15] .  ... 
doi:10.1145/3133956.3134016 dblp:conf/ccs/XiaoLCZ17 fatcat:smeafct6pjhyzka23kxg57ej5e

Jasmin

José Bacelar Almeida, Pierre-Yves Strub, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
Moreover, the framework includes highly automated tools for proving memory safety and constant-time security (for protecting against cache-based timing attacks).  ...  We also demonstrate the effectiveness of the verification tools on a large set of cryptographic routines.  ...  ONR Grants N000141210914 and N000141512750, by Google Chrome University, by Cátedra PT-FLAD em Smart Cities & Smart Governance, and by Project "TEC4Growth -Pervasive Intelligence, Enhancers and Proofs of  ... 
doi:10.1145/3133956.3134078 dblp:conf/ccs/AlmeidaBBBGLOPS17 fatcat:vyxyeu3mtvff7bsios5hdfj5se

Reactive and Proactive Standardisation of TLS [chapter]

Kenneth G. Paterson, Thyla van der Merwe
2016 Lecture Notes in Computer Science  
governing relevant stakeholders at the time of standardisation.  ...  In an attempt to place TLS within the broader realm of standardisation, we perform a comparative analysis of standardisation models and discuss the standardisation of TLS within this context.  ...  Van der Merwe was supported by the EPSRC as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London.  ... 
doi:10.1007/978-3-319-49100-4_7 fatcat:33ngau3bv5a5lb3purmdqqtmxe

Spectre Declassified: Reading from the Right Place at the Wrong Time [article]

Basavesh Ammanaghatta Shivakumar, Jack Barnes, Gilles Barthe, Sunjay Cauligi, Chitchanok Chuengsatiansup, Daniel Genkin, Sioli O'Connell, Peter Schwabe, Rui Qi Sim, Yuval Yarom
2022 IACR Cryptology ePrint Archive  
Concretely, we present a PoC that recovers the AES key of an implementation of AES written in FaCT, a domain-specific language for constant-time programming.  ...  Third, we implement one of our countermeasures in the FaCT compiler and evaluate performance overhead for core cryptographic routines from several open-source projects.  ...  ACKNOWLEDGEMENTS This research was supported by the Air Force Office of Scientific Research (AFOSR) under award number FA9550-  ... 
dblp:journals/iacr/ShivakumarBBCCG22 fatcat:enmmmqbaqvht3j2gxpr7flckti

Taxonomy of SSL/TLS Attacks

Keerthi Vasan K., Arun Raj Kumar P.
2016 International Journal of Computer Network and Information Security  
Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols use cryptographic algorithms to secure data and ensure security goals such as Data Confidentiality and Integrity in networking.  ...  The existing versions of the protocols as well as the cryptographic algorithms they use have vulnerabilities and is not resistant towards Man-In-The-Middle (MITM) attacks.  ...  The server uses Message Encode-then-Encrypt (MEE) policy to achieve a constant response time for both correct and incorrect encryptions.  ... 
doi:10.5815/ijcnis.2016.02.02 fatcat:uwdcva2fq5c5xcgqpuqhocanyy
« Previous Showing results 1 — 15 out of 30 results