Strength of two data encryption standard implementations under timing attacks
ACM Transactions on Information and System Security (TISSEC)
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Security in Computing
A Practical Implementation of the Timing Attack
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Timing Attack against RSA with the Chinese Remainder Theorem
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
The Montgomery Powering Ladder
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Computer
Computer Architecture: A Quantitative Approach
Computer Architecture: A Quantitative Approach
Lattice Scheduling and Covert Channels
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity
IEEE Transactions on Computers
The Unabridged Pentium 4: IA32 Processor Genealogy
The Unabridged Pentium 4: IA32 Processor Genealogy
ACM Transactions on Embedded Computing Systems (TECS)
Trusted Computing Platforms: Design and Applications
Trusted Computing Platforms: Design and Applications
Microbenchmarks for determining branch predictor organization
Software—Practice & Experience - Research Articles
Intel Virtualization Technology
Computer
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Advances on access-driven cache attacks on AES
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Drm to counter side-channel attacks?
Proceedings of the 2007 ACM workshop on Digital Rights Management
Opportunities and Limits of Remote Timing Attacks
ACM Transactions on Information and System Security (TISSEC)
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Execution leases: a hardware-supported mechanism for enforcing strong non-interference
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Cryptographic side-channels from low-power cache memory
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
New branch prediction vulnerabilities in openSSL and necessary software countermeasures
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
Side-channel analysis of cryptographic software via early-terminating multiplications
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Caisson: a hardware description language for secure information flow
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 38th annual international symposium on Computer architecture
Information flow isolation in I2C and USB
Proceedings of the 48th Design Automation Conference
Compiler mitigations for time attacks on modern x86 processors
ACM Transactions on Architecture and Code Optimization (TACO) - HIPEAC Papers
Fast elliptic curve cryptography in OpenSSL
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Plugging side-channel leaks with timing information flow control
HotCloud'12 Proceedings of the 4th USENIX conference on Hot Topics in Cloud Ccomputing
Automatic quantification of cache side-channels
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Are AES x86 cache timing attacks still feasible?
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Improvement of trace-driven I-Cache timing attack on the RSA algorithm
Journal of Systems and Software
Simultaneous information flow security and circuit redundancy in Boolean gates
Proceedings of the International Conference on Computer-Aided Design
Position paper: Sapper -- a language for provable hardware policy enforcement
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
SurfNoC: a low latency and provably non-interfering approach to secure networks-on-chip
Proceedings of the 40th Annual International Symposium on Computer Architecture
Unraveling timewarp: what all the fuzz is about?
Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
Sapper: a language for hardware-level security policy enforcement
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Security-Preserving Live Migration of Virtual Machines in the Cloud
Journal of Network and Systems Management
Hi-index | 0.00 |
This paper announces a new software side-channel attack — enabled by the branch prediction capability common to all modern high-performance CPUs. The penalty paid (extra clock cycles) for a mispredicted branch can be used for cryptanalysis of cryptographic primitives that employ a data-dependent program flow. Analogous to the recently described cache-based side-channel attacks our attacks also allow an unprivileged process to attack other processes running in parallel on the same processor, despite sophisticated partitioning methods such as memory protection, sandboxing or even virtualization. In this paper, we will discuss several such attacks for the example of RSA, and experimentally show their applicability to real systems, such as OpenSSL and Linux. Moreover, we will also demonstrate the strength of the branch prediction side-channel attack by rendering the obvious countermeasure in this context (Montgomery Multiplication with dummy-reduction) as useless. Although the deeper consequences of the latter result make the task of writing an efficient and secure modular exponentiation (or scalar multiplication on an elliptic curve) a challenging task, we will eventually suggest some countermeasures to mitigate branch prediction side-channel attacks.