Handbook of Applied Cryptography
Handbook of Applied Cryptography
A Practical Implementation of the Timing Attack
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Combined Timing and Power Attack
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A Fault-Injection Attack on Fiat-Shamir Cryptosystems
ICDCSW '04 Proceedings of the 24th International Conference on Distributed Computing Systems Workshops - W7: EC (ICDCSW'04) - Volume 7
ACM Transactions on Information and System Security (TISSEC)
On authenticated computing and RSA-based authentication
Proceedings of the 12th ACM conference on Computer and communications security
Improving Brumley and Boneh timing attack on unprotected SSL implementations
Proceedings of the 12th ACM conference on Computer and communications security
10 Networking Papers: readings for protocol design
ACM SIGCOMM Computer Communication Review
Message authentication by integrity with public corroboration
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Using visual motifs to classify encrypted traffic
Proceedings of the 3rd international workshop on Visualization for computer security
Countering targeted file attacks using locationguard
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
On the power of simple branch prediction analysis
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Proceedings of the 44th annual Design Automation Conference
RIJID: random code injection to mask power analysis based side channel attacks
Proceedings of the 44th annual Design Automation Conference
Tracing back attacks against encrypted protocols
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
Proceedings of the 9th workshop on Multimedia & security
A smart random code injection to mask power analysis based side channel attacks
CODES+ISSS '07 Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis
Cryptographic strength of ssl/tls servers: current and recent practices
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Yet another MicroArchitectural Attack:: exploiting I-Cache
Proceedings of the 2007 ACM workshop on Computer security architecture
An information-theoretic model for adaptive side-channel attacks
Proceedings of the 14th ACM conference on Computer and communications security
The ND2DB attack: database content extraction using timing attacks on the indexing algorithms
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Minimality attack in privacy preserving data publishing
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
The security of the Fiat--Shamir scheme in the presence of transient hardware faults
ACM Transactions on Embedded Computing Systems (TECS)
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
A Timing Attack on Blakley's Modular Multiplication Algorithm, and Applications to DSA
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
TOCTOU, Traps, and Trusted Computing
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Fault Attacks on Public Key Elements: Application to DLP-Based Schemes
EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
Opportunities and Limits of Remote Timing Attacks
ACM Transactions on Information and System Security (TISSEC)
Deconstructing new cache designs for thwarting software cache-based side channel attacks
Proceedings of the 2nd ACM workshop on Computer security architectures
Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
The Long-Short-Key Primitive and Its Applications to Key Security
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Workload Characterization of a Lightweight SSL Implementation Resistant to Side-Channel Attacks
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Proceedings of the 2008 IEEE/ACM International Conference on Computer-Aided Design
Anonymization-based attacks in privacy-preserving data publishing
ACM Transactions on Database Systems (TODS)
Accelerating the AES encryption function in OpenSSL for embedded systems
International Journal of Information and Communication Technology
Securing Statically-verified Communications Protocols Against Timing Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Mobile user location-specific encryption (MULE): using your office as your password
Proceedings of the third ACM conference on Wireless network security
A cryptographic method for secure watermark detection
IH'06 Proceedings of the 8th international conference on Information hiding
New branch prediction vulnerabilities in openSSL and necessary software countermeasures
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Peeping tom in the neighborhood: keystroke eavesdropping on multi-user systems
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Survivable key compromise in software update systems
Proceedings of the 17th ACM conference on Computer and communications security
Determinating timing channels in compute clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Fault-based attack of RSA authentication
Proceedings of the Conference on Design, Automation and Test in Europe
DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis
IEEE/ACM Transactions on Networking (TON)
Application-level reconnaissance: timing channel attacks against antivirus software
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Remote timing attacks are still practical
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Exploitation as an inference problem
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Protecting consumer privacy from electric load monitoring
Proceedings of the 18th ACM conference on Computer and communications security
Batch decryption of encrypted short messages and its application on concurrent SSL handshakes
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Trace-driven cache attacks on AES (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Securing sensitive data with the ingrian datasecure platform
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
On the optimization of side-channel attacks by advanced stochastic methods
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Timing-sensitive information flow analysis for synchronous systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
W3Bcrypt: encryption as a stylesheet
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Predicting secret keys via branch prediction
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Cache based remote timing attack on the AES
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Secret key leakage from public key perturbation of DLP-Based cryptosystems
Cryptography and Security
A qualitative security analysis of a new class of 3-d integrated crypto co-processors
Cryptography and Security
Plugging side-channel leaks with timing information flow control
HotCloud'12 Proceedings of the 4th USENIX conference on Hot Topics in Cloud Ccomputing
Randomized Instruction Injection to Counter Power Analysis Attacks
ACM Transactions on Embedded Computing Systems (TECS)
k-indistinguishable traffic padding in web applications
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Are AES x86 cache timing attacks still feasible?
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
The most dangerous code in the world: validating SSL certificates in non-browser software
Proceedings of the 2012 ACM conference on Computer and communications security
Scriptless attacks: stealing the pie without touching the sill
Proceedings of the 2012 ACM conference on Computer and communications security
On the robustness of applications based on the SSL and TLS security protocols
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Improvement of trace-driven I-Cache timing attack on the RSA algorithm
Journal of Systems and Software
QoS2: a framework for integrating quality of security with quality of service
Security and Communication Networks
Four-Dimensional gallant-lambert-vanstone scalar multiplication
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Timing attack against protected RSA-CRT implementation used in PolarSSL
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Implementing side-channel attacks on suggest boxes in web applications
Proceedings of the First International Conference on Security of Internet of Things
Practical information flow for legacy web applications
Proceedings of the 8th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems
AUTOCRYPT: enabling homomorphic computation on servers to protect sensitive web content
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Predictability of Android OpenSSL's pseudo random number generator
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them.