A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
ARM System-on-Chip Architecture
ARM System-on-Chip Architecture
The Design of Rijndael
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Securing Elliptic Curve Point Multiplication against Side-Channel Attacks
ISC '01 Proceedings of the 4th International Conference on Information Security
Weierstraß Elliptic Curves and Side-Channel Attacks
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Efficient Software Implementation of AES on 32-Bit Platforms
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Secure Elliptic Curve Implementations: An Analysis of Resistance to Power-Attacks in a DSP Processor
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Guide to Elliptic Curve Cryptography
Guide to Elliptic Curve Cryptography
Security as a new dimension in embedded system design
Proceedings of the 41st annual Design Automation Conference
Security in embedded systems: Design challenges
ACM Transactions on Embedded Computing Systems (TECS)
AES Power Attack Based on Induced Cache Miss and Countermeasure
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
On the power of simple branch prediction analysis
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Micro-Architectural Cryptanalysis
IEEE Security and Privacy
Yet another MicroArchitectural Attack:: exploiting I-Cache
Proceedings of the 2007 ACM workshop on Computer security architecture
Exponent Recoding and Regular Exponentiation Algorithms
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Predicting secret keys via branch prediction
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Compiler mitigations for time attacks on modern x86 processors
ACM Transactions on Architecture and Code Optimization (TACO) - HIPEAC Papers
Hardware trojans for inducing or amplifying side-channel leakage of cryptographic software
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Hi-index | 0.00 |
The design of embedded processors demands a careful trade-off between many conflicting objectives such as performance, silicon area and power consumption. Finding such a trade-off often ignores the issue of security, which can cause, otherwise secure, cryptographic software to leak information through so-called micro-architectural side channels. In this paper we show that early-terminating integer multipliers found in various embedded processors (e.g., ARM7TDMI) represent an instance of this problem. The early-termination mechanism causes differences in the time taken to execute a multiply instruction depending on the magnitude of the operands (e.g., up to three clock cycles on an ARM7TDMI processor), which are observable via variations in execution time and power consumption. Exploiting the early-termination mechanism makes Simple Power Analysis (SPA) attacks relatively straightforward to conduct, and may even allow one to attack implementations with integrated countermeasures that would not leak any information when executed on a processor with a constant-latency multiplier. We describe several case studies, including both secret-key (RC6, AES) and public-key algorithms (RSA, ECIES) to demonstrate the threat posed by embedded processors with early-terminating multipliers.