Computer architecture: a quantitative approach
Computer architecture: a quantitative approach
Trace cache: a low latency approach to high bandwidth instruction fetching
Proceedings of the 29th annual ACM/IEEE international symposium on Microarchitecture
The cache memory book (2nd ed.): the authoritative reference on cache design
The cache memory book (2nd ed.): the authoritative reference on cache design
Lattice Attacks on Digital Signature Schemes
Designs, Codes and Cryptography
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Security in Computing
A Practical Implementation of the Timing Attack
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
The Montgomery Powering Ladder
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Computer
Lattice Scheduling and Covert Channels
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces
Designs, Codes and Cryptography
Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity
IEEE Transactions on Computers
The Unabridged Pentium 4: IA32 Processor Genealogy
The Unabridged Pentium 4: IA32 Processor Genealogy
ACM Transactions on Embedded Computing Systems (TECS)
Trusted Computing Platforms: Design and Applications
Trusted Computing Platforms: Design and Applications
Microbenchmarks for determining branch predictor organization
Software—Practice & Experience - Research Articles
Intel Virtualization Technology
Computer
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Operating Systems Concepts
A protected division algorithm
CARDIS'02 Proceedings of the 5th conference on Smart Card Research and Advanced Application Conference - Volume 5
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Yet another MicroArchitectural Attack:: exploiting I-Cache
Proceedings of the 2007 ACM workshop on Computer security architecture
Deconstructing new cache designs for thwarting software cache-based side channel attacks
Proceedings of the 2nd ACM workshop on Computer security architectures
Security extensions for integrity and confidentiality in embedded processors
Microprocessors & Microsystems
New branch prediction vulnerabilities in openSSL and necessary software countermeasures
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Security audits of multi-tier virtual infrastructures in public infrastructure clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
New results on instruction cache attacks
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Side-channel analysis of cryptographic software via early-terminating multiplications
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Compiler mitigations for time attacks on modern x86 processors
ACM Transactions on Architecture and Code Optimization (TACO) - HIPEAC Papers
Language-based control and mitigation of timing channels
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Shadow attacks: automatically evading system-call-behavior based malware detection
Journal in Computer Virology
Cross-VM side channels and their use to extract private keys
Proceedings of the 2012 ACM conference on Computer and communications security
Improvement of trace-driven I-Cache timing attack on the RSA algorithm
Journal of Systems and Software
Formal verification of side-channel countermeasures using self-composition
Science of Computer Programming
SurfNoC: a low latency and provably non-interfering approach to secure networks-on-chip
Proceedings of the 40th Annual International Symposium on Computer Architecture
Side channel vulnerability metrics: the promise and the pitfalls
Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
PRIME: private RSA infrastructure for memory-less encryption
Proceedings of the 29th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Very recently, a new software side-channel attack, called Branch Prediction Analysis (BPA) attack, has been discovered and also demonstrated to be practically feasible on popular commodity PC platforms. While the above recent attack still had the flavor of a classical timing attack against RSA, where one uses many execution-time measurements under the same key in order to statistically amplify some small but key-dependent timing differences, we dramatically improve upon the former result. We prove that a carefully written spy-process running simultaneously with an RSA-process, is able to collect during one single RSA signing execution almost all of the secret key bits. We call such an attack, analyzing the CPU's Branch Predictor states through spying on a single quasi-parallel computation process, a Simple Branch Prediction Analysis (SBPA) attack --- sharply differentiating it from those one relying on statistical methods and requiring many computation measurements under the same key. The successful extraction of almost all secret key bits by our SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless. Additional to that very crucial security implication, targeted at such implementations which are assumed to be at least statistically secure, our successful SBPA attack also bears another equally critical security implication. Namely, in the context of simple side-channel attacks, it is widely believed that equally balancing the operations after branches is a secure countermeasure against such simple attacks. Unfortunately, this is not true, as even such "balanced branch" implementations can be completely broken by our SBPA attacks. Moreover, despite sophisticated hardware-assisted partitioning methods such as memory protection, sandboxing or even virtualization, SBPA attacks empower an unprivileged process to successfully attack other processes running in parallel on the same processor. Thus, we conclude that SBPA attacks are much more dangerous than previously anticipated, as they obviously do not belong to the same category as pure timing attacks.