Open AccessProceedings Article
Remote timing attacks are practical
David Brumley,Dan Boneh +1 more
- pp 1-1
TLDR
This work devise a timing attack against OpenSSL that can extract private keys from an OpenSSL-based web server running on a machine in the local network.Abstract:
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them.read more
Citations
More filters
Book
Guide to Elliptic Curve Cryptography
TL;DR: This guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment, as well as side-channel attacks and countermeasures.
Proceedings ArticleDOI
Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
TL;DR: In this article, the authors introduce controlled channel attacks, a new type of sidechannel attack that allows an untrusted operating system to extract large amounts of sensitive information from protected applications on systems like Overshadow, Ink Tag or Haven.
Proceedings ArticleDOI
The most dangerous code in the world: validating SSL certificates in non-browser software
TL;DR: It is demonstrated that SSL certificate validation is completely broken in many security-critical applications and libraries and badly designed APIs of SSL implementations and data-transport libraries which present developers with a confusing array of settings and options are analyzed.
Proceedings ArticleDOI
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow
TL;DR: It is found that surprisingly detailed sensitive information is being leaked out from a number of high-profile, top-of-the-line web applications in healthcare, taxation, investment and web search, suggesting the scope of the problem seems industry-wide.
Proceedings Article
Inferring fine-grained control flow inside SGX enclaves with branch shadowing
TL;DR: A new, yet critical, side-channel attack, branch shadowing, that reveals fine-grained control flows (branch granularity) in an enclave and develops two novel exploitation techniques, a last branch record (LBR)-based history-inferring technique and an advanced programmable interrupt controller (APIC)-based technique to control the execution of an enclave in a finegrained manner.
References
More filters
Book
Handbook of Applied Cryptography
TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Book ChapterDOI
Differential Power Analysis
TL;DR: In this paper, the authors examine specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. And they also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
Book ChapterDOI
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
TL;DR: By carefully measuring the amount of time required to perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Journal ArticleDOI
Modular multiplication without trial division
TL;DR: A method for multiplying two integers modulo N while avoiding division by N, a representation of residue classes so as to speed modular multiplication without affecting the modular addition and subtraction algorithms.
Book ChapterDOI
On the importance of checking cryptographic protocols for faults
TL;DR: In this article, the authors present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults, including RSA and Rabin signatures, and also show how various authentication protocols, such as Fiat-Shamir and Schnorr, can be broken using hardware faults.