scispace - formally typeset
Search or ask a question

Showing papers on "Timing attack published in 2015"


Proceedings ArticleDOI
17 May 2015
TL;DR: This work presents an effective implementation of the Prime+Probe side-channel attack against the last-level cache of GnuPG, and achieves a high attack resolution without relying on weaknesses in the OS or virtual machine monitor or on sharing memory between attacker and victim.
Abstract: We present an effective implementation of the Prime Probe side-channel attack against the last-level cache. We measure the capacity of the covert channel the attack creates and demonstrate a cross-core, cross-VM attack on multiple versions of GnuPG. Our technique achieves a high attack resolution without relying on weaknesses in the OS or virtual machine monitor or on sharing memory between attacker and victim.

950 citations


Proceedings ArticleDOI
17 May 2015
TL;DR: A fine-grain cross-core cache attack that exploits access time variations on the last level cache and can be customized to work virtually at any cache level/size is introduced.
Abstract: The cloud computing infrastructure relies on virtualized servers that provide isolation across guest OS's through sand boxing. This isolation was demonstrated to be imperfect in past work which exploited hardware level information leakages to gain access to sensitive information across co-located virtual machines (VMs). In response virtualization companies and cloud services providers have disabled features such as deduplication to prevent such attacks. In this work, we introduce a fine-grain cross-core cache attack that exploits access time variations on the last level cache. The attack exploits huge pages to work across VM boundaries without requiring deduplication. No configuration changes on the victim OS are needed, making the attack quite viable. Furthermore, only machine co-location is required, while the target and victim OS can still reside on different cores of the machine. Our new attack is a variation of the prime and probe cache attack whose applicability at the time is limited to L1 cache. In contrast, our attack works in the spirit of the flush and reload attack targeting the shared L3 cache instead. Indeed, by adjusting the huge page size our attack can be customized to work virtually at any cache level/size. We demonstrate the viability of the attack by targeting an Open SSL1.0.1f implementation of AES. The attack recovers AES keys in the cross-VM setting on Xen 4.1 with deduplication disabled, being only slightly less efficient than the flush and reload attack. Given that huge pages are a standard feature enabled in the memory management unit of OS's and that besides co-location no additional assumptions are needed, the attack we present poses a significant risk to existing cloud servers.

344 citations


Proceedings ArticleDOI
12 Oct 2015
TL;DR: In this article, the authors present a micro-architectural side-channel attack that runs entirely in the browser and does not require the attacker to install software on the victim's machine; to facilitate the attack, the victim needs only browse to an untrusted webpage that contains attacker-controlled content.
Abstract: We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast to previous work in this genre, our attack does not require the attacker to install software on the victim's machine; to facilitate the attack, the victim needs only to browse to an untrusted webpage that contains attacker-controlled content. This makes our attack model highly scalable, and extremely relevant and practical to today's Web, as most desktop browsers currently used to access the Internet are affected by such side channel threats. Our attack, which is an extension to the last-level cache attacks of Liu et al., allows a remote adversary to recover information belonging to other processes, users, and even virtual machines running on the same physical host with the victim web browser. We describe the fundamentals behind our attack, and evaluate its performance characteristics. In addition, we show how it can be used to compromise user privacy in a common setting, letting an attacker spy after a victim that uses private browsing. Defending against this side channel is possible, but the required countermeasures can exact an impractical cost on benign uses of the browser.

235 citations


Posted Content
TL;DR: This attack, which is an extension to the last-level cache attacks of Liu et al., allows a remote adversary to recover information belonging to other processes, users, and even virtual machines running on the same physical host with the victim web browser.
Abstract: We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim’s machine ‐ to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today’s web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al. [23], allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser. We describe the fundamentals behind our attack, evaluate its performance using a high bandwidth covert channel and finally use it to construct a system-wide mouse/network activity logger. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on other benign uses of the web browser and of the computer.

184 citations


Proceedings ArticleDOI
05 May 2015
TL;DR: This work shows how neural networks can be used to both identify the mask value, and to subsequently identify the secret key value with a single attack trace with high probability, and proposes the use of a pre-processing step using principal component analysis (PCA) to significantly increase the success of the attack.
Abstract: Masked implementations of cryptographic algorithms are often used in commercial embedded cryptographic devices to increase their resistance to side channel attacks. In this work we show how neural networks can be used to both identify the mask value, and to subsequently identify the secret key value with a single attack trace with high probability. We propose the use of a pre-processing step using principal component analysis (PCA) to significantly increase the success of the attack. We have developed a classifier that can correctly identify the mask for each trace, hence removing the security provided by that mask and reducing the attack to being equivalent to an attack against an unprotected implementation. The attack is performed on the freely available differential power analysis (DPA) contest data set to allow our work to be easily reproducible. We show that neural networks allow for a robust and efficient classification in the context of side-channel attacks.

115 citations


Proceedings ArticleDOI
12 Oct 2015
TL;DR: It is shown that modern browsers expose new side-channels that can be used to acquire accurate timing measurements, regardless of network conditions, and it is demonstrated that the nature of the attacks renders traditional defenses, i.e., those based on randomly delaying responses, moot.
Abstract: Web-based timing attacks have been known for over a decade, and it has been shown that, under optimal network conditions, an adversary can use such an attack to obtain information on the state of a user in a cross-origin website. In recent years, desktop computers have given way to laptops and mobile devices, which are mostly connected over a wireless or mobile network. These connections often do not meet the optimal conditions that are required to reliably perform cross-site timing attacks. In this paper, we show that modern browsers expose new side-channels that can be used to acquire accurate timing measurements, regardless of network conditions. Using several real-world examples, we introduce four novel web-based timing attacks against modern browsers and describe how an attacker can use them to obtain personal information based on a user's state on a cross-origin website. We evaluate our proposed attacks and demonstrate that they significantly outperform current attacks in terms of speed, reliability, and accuracy. Furthermore, we show that the nature of our attacks renders traditional defenses, i.e., those based on randomly delaying responses, moot and discuss possible server-side defense mechanisms.

86 citations


Journal ArticleDOI
TL;DR: An improved method of attack on an asymmetric cryptosystem based on a phase-truncated Fourier transform is proposed, which not only enhances the security of the system but also does not require truncated phases.
Abstract: We propose an improved method of attack on an asymmetric cryptosystem based on a phase-truncated Fourier transform. With the proposed method of attack, an attacker is able to access the exact decryption keys and obtain precise attack results. The method is based on a novel median-filtering phase-retrieval algorithm. Compared with existing attacks, the proposed attack has the following advantages: (1) exact information of the original image can be obtained in gray-scale and binary forms; (2) better computing efficiency; (3) more robust against noise and occlusion contaminations. Numerical simulation results show the effectiveness and robustness of the proposed method. Based on the proposed method of attack, we further propose a new cryptosystem, which not only enhances the security of the system but also does not require truncated phases.

52 citations


Journal ArticleDOI
TL;DR: A general statistical model for side-channel attack analysis that takes characteristics of both the physical implementation and cryptographic algorithm into consideration is proposed and expected to be extendable to other SCAs, like timing attacks, and would provide valuable tools for evaluating cryptographic system’s resistance to those SCAs.
Abstract: Side-channel attacks (SCAs) exploit leakage from the physical implementation of cryptographic algorithms to recover the otherwise secret information. In the last decade, popular SCAs like differential power analysis (DPA) and correlation power analysis (CPA) have been invented and demonstrated to be realistic threats to many critical embedded systems. However, there is still no sound and provable theoretical model that illustrates precisely what the success of these attacks depends on and how. Based on the maximum likelihood estimation theory, this paper proposes a general statistical model for side-channel attack analysis that takes characteristics of both the physical implementation and cryptographic algorithm into consideration. The model establishes analytical relations between the success rate of attacks and the cryptographic system. For power analysis attacks, the side-channel characteristic of the physical implementation is modeled as signal-to-noise ratio (SNR), which is the ratio between the single-bit unit power consumption and the standard deviation of power distribution. The side-channel property of the cryptographic algorithm is extracted by a novel algorithmic confusion analysis. Experimental results of DPA and CPA on both DES and AES verify this model with high accuracy and demonstrate effectiveness of the algorithmic confusion analysis and SNR extraction. We expect the model to be extendable to other SCAs, like timing attacks, and would provide valuable tools for evaluating cryptographic system’s resistance to those SCAs.

39 citations


Journal ArticleDOI
04 Nov 2015
TL;DR: This work shows that Curve25519 is likewise competitive on FPGAs even when countermeasures to thwart side-channel power analysis are included, and achieves a maximal performance of more than 32,000 point multiplications per second on a Xilinx Zynq 7020 FPGA.
Abstract: For security-critical embedded applications Elliptic Curve Cryptography (ECC) has become the predominant cryptographic system for efficient key agreement and digital signatures. However, ECC still involves complex modular arithmetic that is a particular burden for small processors. In this context, Bernstein proposed the highly efficient ECC instance Curve25519 that particularly enables efficient software implementations at a security level comparable to AES-128 with inherent resistance to simple power analysis (SPA) and timing attacks. In this work, we show that Curve25519 is likewise competitive on FPGAs even when countermeasures to thwart side-channel power analysis are included. Our basic multicore DSP-based architectures achieves a maximal performance of more than 32,000 point multiplications per second on a Xilinx Zynq 7020 FPGA. Including a mix of side-channel countermeasures to impede simple and differential power analysis, we still achieve more than 27,500 point multiplications per second with a moderate increase in logic resources.

30 citations


Posted Content
TL;DR: In this paper, Bos, Costello, Naehrig, and Stebila proposed an instantiation of Peikert's ring-learning-with-errors-based (Ring-LWE) key exchange protocol (PQCrypto 2014), together with an implementation integrated into OpenSSL, with the affirmed goal of providing postquantum security for TLS.
Abstract: At IEEE Security & Privacy 2015, Bos, Costello, Naehrig, and Stebila proposed an instantiation of Peikert’s ring-learning-with-errors–based (Ring-LWE) keyexchange protocol (PQCrypto 2014), together with an implementation integrated into OpenSSL, with the affirmed goal of providing post-quantum security for TLS. In this work we revisit their instantiation and stand-alone implementation. Specifically, we propose new parameters and a better suited error distribution, analyze the scheme’s hardness against attacks by quantum computers in a conservative way, introduce a new and more efficient error-reconciliation mechanism, and propose a defense against backdoors and all-for-the-price-of-one attacks. By these measures and for the same lattice dimension, we more than double the security parameter, halve the communication overhead, and speed up computation by more than a factor of 9 in a portable C implementation and by more than a factor of 24 in an optimized implementation targeting current Intel CPUs. These speedups are achieved with comprehensive protection against timing attacks.

29 citations


Journal ArticleDOI
TL;DR: This paper shows successful passive side-channel timing attacks on two cognitive authentication schemes, a well-known Hopper-Blum (HB) protocol and a U.S. patent Mod10 method, previously believed to be secure against observation attacks, and proposes security enhancements of these schemes aimed to mitigate the timing side- channel attacks.
Abstract: Classical password/PIN-based authentication methods have proven to be vulnerable to a broad range of observation attacks (such as key-logging, video-recording or shoulder surfing attacks). In order to mitigate these attacks, a number of solutions have been proposed, most of them being cognitive authentication schemes (challenge-response protocols that require users to perform some kind of cognitive operations). In this paper, we show successful passive side-channel timing attacks on two cognitive authentication schemes, a well-known Hopper–Blum (HB) protocol and a U.S. patent Mod10 method, previously believed to be secure against observation attacks. As we show, the main security weakness of these methods comes from detectable variations in the user’s cognitive load that results from cognitive operations during the authentication procedure. We carried out theoretical analysis of both Mod10 and HB methods, as well as an experimental user study of Mod10 method with 58 participants to validate the results of our timing attacks. We also propose security enhancements of these schemes aimed to mitigate the timing side-channel attacks. The proposed enhancements show the existence of a strong tradeoff between security and usability, indicating that the security of cognitive authentication schemes comes at a non-negligible usability cost (e.g., increased overall login time). For this reason, the designers of new cognitive authentication schemes should not ignore possible threats induced by side-channel timing attacks.

Book ChapterDOI
13 Sep 2015
TL;DR: This paper extends the before-mentioned attacks to RSA with CRT when Montgomery’s multiplication algorithm and exponent blinding are applied, and finds the attack efficiency is higher than in the previous version [12] while large parts of both papers coincide.
Abstract: The references [1, 3, 9] treat timing attacks on RSA with CRT and Montgomery’s multiplication algorithm in unprotected implementations. It has been widely believed that exponent blinding would prevent any timing attack on RSA. At cost of significantly more timing measurements this paper extends the before-mentioned attacks to RSA with CRT when Montgomery’s multiplication algorithm and exponent blinding are applied. Simulation experiments are conducted, which confirm the theoretical results. Effective countermeasures exist. In particular, the attack efficiency is higher than in the previous version [12] while large parts of both papers coincide.

Posted Content
TL;DR: This paper presents an automatic and generic method to reverse engineer DRAM addressing functions merely from performing a timing attack, and demonstrates the power of such attacks by implementing a high speed covert channel that achieves transmission rates of up to 1.5 Mb/s, three orders of magnitude faster than current covert channels on main memory.
Abstract: In this paper, we present a method to reverse engineer DRAM addressing functions based on a physical bus probing. Second, we present an automatic and generic method to reverse engineer DRAM addressing functions merely from performing a timing attack. This timing attack can be performed on any system without privileges and even in virtual machines to derive information about the mapping to physical DRAM channels, ranks and banks. We reversed the complex adressing functions on a diverse set of Intel processors and DRAM configurations. Our work enables side-channel attacks and covert channels based on inner-bank row conflicts and overlaps. Thus, our attack does not exploit the CPU as a shared resource, but only the DRAM that might even be shared across multiple CPUs. We demonstrate the power of such attacks by implementing a high speed covert channel that achieves transmission rates of up to 1.5 Mb/s, which is three orders of magnitude faster than current covert channels on main memory. Finally, we show how our results can be used to increase the efficiency of the Rowhammer attack significantly by reducing the search space by a factor of up to 16384.

Book ChapterDOI
11 Apr 2015
TL;DR: It is deduced from a previous decidability result for length equivalence that time trace equivalence is decidable for bounded processes and the standard cryptographic primitives, and actually, considering timing attacks does not add any complexity.
Abstract: We propose a framework for timing attacks, based on a variant of the applied-pi calculus. Since many privacy properties, as well as strong secrecy and game-based security properties, are stated as process equivalences, we focus on time trace equivalence. We show that actually, considering timing attacks does not add any complexity: time trace equivalence can be reduced to length trace equivalence, where the attacker no longer has access to execution times but can still compare the length of messages. We therefore deduce from a previous decidability result for length equivalence that time trace equivalence is decidable for bounded processes and the standard cryptographic primitives. As an application, we study several protocols that aim for privacy. In particular, we automatically detect an existing timing attack against the biometric passport and new timing attacks against the Private Authentication protocol.

DOI
01 Jan 2015
TL;DR: An overview of the problem space with respect to BAS is presented, and it is suggested that state aware machine learning techniques could be used to discover threats that comprise a collection of legitimate commands.
Abstract: Building Automation Systems (BAS), alternatively known as Building Management Systems (BMS), which centralise the management of building services, are often connected to corporate networks and are routinely accessed remotely for operational management and emergency purposes. The protocols used in BAS, in particular BACnet, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations. As intrusion is thus likely easy to achieve, intrusion detection systems should be put in place to ensure they can be detected and mitigated. Existing intrusion detection systems typically deal only with known threats (signature-based approaches) or suffer from a high false positive rate (anomaly-based approaches). In this paper we present an overview of the problem space with respect to BAS, and suggest that state aware machine learning techniques could be used to discover threats that comprise a collection of legitimate commands. We provide a first step showing that the concept can be used to detect an attack where legitimate write commands being sent in rapid succession may cause system failure. We capture the state as a ‘time since last write’ event and use a basic artificial neural network classifier to detect attacks.

Proceedings ArticleDOI
Goran Doychev1, Boris Köpf1
13 Jul 2015
TL;DR: A systematic approach for determining the optimal protection against timing attacks, on the example of cryptosystems based on discrete logarithms, that includes a resource-bounded timing adversary, and a defender who strives to reduce the cost while maintaining a certain degree of security.
Abstract: Timing attacks can effectively recover keys from cryptosystems. While they can be defeated using constant-time implementations, this defensive approach comes at the price of a performance penalty. One is hence faced with the problem of striking a balance between performance and security against timing attacks. In this paper, we propose a systematic approach for determining the optimal protection against timing attacks, on the example of cryptosystems based on discrete logarithms. Our model includes a resource-bounded timing adversary who strives to maximize the probability of key recovery, and a defender who strives to reduce the cost while maintaining a certain degree of security. We obtain the optimal protection as an equilibrium in a game between the defender and the adversary. At the heart of the equilibrium computation are novel bounds for the probability of key recovery, which are expressed as a function of the applied protection and the attack strategy of a timing adversary. We put our techniques to work in a case study in which we identify optimal protections for libgcrypt's ElGamal implementation. We determine situations in which the optimal choice is to use a defensive, constant-time implementation and a small key, and situations in which the optimal choice is a more aggressively tuned (but leaky) implementation with a longer key.

Proceedings ArticleDOI
04 May 2015
TL;DR: An algorithm for an computing attack policy that maximizes attacker's expected reward is presented and empirical results demonstrating the methods are demonstrated on a case study network.
Abstract: In network security hardening a network administrator may need to use limited resources (such as honeypots) to harden a network against possible attacks Attack graphs are a common formal model used to represent possible attacks However, most existing works on attack graphs do not consider the reactions of attackers to different defender strategies We introduce a game-theoretic model of the joint problem where attacker's strategies are represented using attack graphs, and defender's strategies are represented as modifications of the attack graph The attack graphs we use allow for sequential attack actions with associated costs and probabilities of success/failure We present an algorithm for an computing attack policy that maximizes attacker's expected reward and empirical results demonstrating our methods on a case study network

Book ChapterDOI
TL;DR: In this article, the authors improved the Big Mac attack presented by Bauer et alii to considerably increase the success rate, instead of comparing only two multiplications, the targeted implementation permits to compare many multiplications and give experiment results with traces taken from a real target to prove the soundness of their attack.
Abstract: At CHES 2001, Walter introduced the Big Mac attack against an implementation of rsa. It is an horizontal collision attack, based on the detection of common operands in two multiplications. The attack is very powerful since one single power trace of an exponentiation permits to recover all bits of the secret exponent. Moreover, the attack works with unknown or blinded input. The technique was later studied and improved by Clavier et alii and presented at INDOCRYPT 2012. At SAC 2013, Bauer et alii presented the first attack based on the Big Mac principle on implementations based on elliptic curves with simulation results. In this work, we improve the attack presented by Bauer et alii to considerably increase the success rate. Instead of comparing only two multiplications, the targeted implementation permits to compare many multiplications. We give experiment results with traces taken from a real target to prove the soundness of our attack. In fact, the experimental results show that the original Big Mac technique given by Walter was better that the technique given by Clavier et alii. With our experiments on a real target, we show that the theoretical improvements are not necessarily the more suitable methods depending on the targeted implementations.

01 Jan 2015
TL;DR: In this article, the authors introduce a game-theoretic model of the joint problem where attacker's strategies are represented using attack graphs, and defender's strategies were represented as modications of the attack graph.
Abstract: In network security hardening a network administrator may need to use limited resources (such as honeypots) to harden a network against possible attacks. Attack graphs are a common formal model used to represent possible attacks. However, most existing works on attack graphs do not consider the reactions of attackers to dierent defender strategies. We introduce a game-theoretic model of the joint problem where attacker’s strategies are represented using attack graphs, and defender’s strategies are represented as modications of the attack graph. The attack graphs we use allow for sequential attack actions with associated costs and probabilities of success/failure. We present an algorithm for an computing attack policy that maximizes attacker’s expected reward and empirical results demonstrating our methods on a case study network.

Journal ArticleDOI
TL;DR: An optimized cross correlation power attack for message blinding exponentiation algorithms that can select the more correlative power points of share one operation in the modular multiplication by comparing variances between correlation coefficients is proposed.
Abstract: The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA). Although cross correlation attacks(CCAs) were given for defeating message blinding methods, however searching for correlation points is difficult for noise, misalignment in practical environment. In this paper, we propose an optimized cross correlation power attack for message blinding exponentiation algorithms. The attack method can select the more correlative power points of share one operation in the modular multiplication by comparing variances between correlation coefficients. Further we demonstrate that the attack method is more efficient in experiments with hardware implementation of RSA on a crypto chip card. In addition to the proposed CCA method can recovery all 1024bits secret key and recognition rate increases to 100% even when the recorded signals are noisy.

Posted Content
TL;DR: The proposed hypervisor-enforced timing mitigation to control timing channels in cloud environments is the first system that can mitigate timing-channel leakage across full-scale existing operating systems such as Linux and applications written in arbitrary languages.
Abstract: The massive parallelism and resource sharing embodying today's cloud business model not only exacerbate the security challenge of timing channels, but also undermine the viability of defenses based on resource partitioning. This paper proposes hypervisor-enforced timing mitigation to control timing channels in cloud environments. This approach closes "reference clocks" internal to the cloud by imposing a deterministic view of time on guest code, and uses timing mitigators to pace I/O and rate-limit potential information leakage to external observers. Our prototype hypervisor implementation is the first system that can mitigate timing-channel leakage across full-scale existing operating systems such as Linux and applications written in arbitrary languages. Mitigation incurs a varying performance cost, depending on workload and tunable leakage-limiting parameters, but this cost may be justified for security-critical cloud applications and data.

Journal ArticleDOI
TL;DR: A new analytic approach to a known-plaintext attack (KPA) on an optical cryptosystem based on the phase-shifting interferometry (PSI) technique is demonstrated.
Abstract: We demonstrate a new analytic approach to a known-plaintext attack (KPA) on an optical cryptosystem based on the phase-shifting interferometry (PSI) technique. With the proposed analytic attack method, an opponent can access the exact decryption keys and obtain perfect attack results. This demonstration, to the best of our knowledge, shows for the first time that the optical cryptosystem based on the PSI technique is vulnerable to KPA.

Book ChapterDOI
20 Apr 2015
TL;DR: This paper introduces a new storage channel made available through cache debug facilities on some embedded microprocessors and is then extended to a cryptanalytic side-channel attack on AES software.
Abstract: Covert channels are a fundamental concept for cryptanalytic side-channel attacks. Covert timing channels use latency to carry data, and are the foundation for timing and cache-timing attacks. Covert storage channels instead utilize existing system bits to carry data, and are not historically used for cryptanalytic side-channel attacks. This paper introduces a new storage channel made available through cache debug facilities on some embedded microprocessors. This channel is then extended to a cryptanalytic side-channel attack on AES software.

Book ChapterDOI
01 Jan 2015
TL;DR: This chapter introduces side-channel attacks and timing attacks on implementations of cryptographic ciphers, and classifies timing attacks, and presents the essential requirements for the attack to succeed, and discusses the attackers success.
Abstract: This chapter introduces side-channel attacks and timing attacks on implementations of cryptographic ciphers. It classifies timing attacks, presents the essential requirements for the attack to succeed, and discusses the attackers success. The chapter also outlines the contents of the book.

Proceedings ArticleDOI
01 Aug 2015
TL;DR: This work exploits the fact that when attack is happening, the entropies of the query packet IP addresses of the cache server will have a decrease, to detect the cache poisoning attack.
Abstract: Detection for Domain Name Systems cache poisoning attack is investigated. We exploit the fact that when attack is happening, the entropies of the query packet IP addresses of the cache server will have a decrease, to detect the cache poisoning attack. We pay attention to the detection method for the case that the entropy sequence has nonstationary dynamic at normal cases. In order to handle the nonstationarity, we first model the entropy sequence by a state space equation, and then we utilize Kalman filter to implement the attack detection. The problem is discussed for single and distributed cache poisoning attack, respectively. For the single one, we use the measurement errors to detect the anomaly. Under distributed attack, we utilize the correlation variation of the prediction errors to detect the attack event and identify the attacked cache servers. An experiment is illustrated to verify the effectiveness of our presented method.

Book ChapterDOI
13 Apr 2015
TL;DR: In this paper, a single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multipliers and an experimental result to successfully analyze an FPGA implementation of RSA with the multiply always method is also presented.
Abstract: The single-shot collision attack on RSA proposed by Hanleyi¾?eti¾?al. is studied focusing on the difference between two operands of multipliers. There are two consequences. Firstly, designing order of operands can be a cost-effective countermeasure.We show a concrete example in which operand order determines success and failure of the attack. Secondly, countermeasures can be ineffective if the asymmetric leakage is considered. In addition to the main results, the attack by Hanley et al. is extended using the signal-processing technique of the big mac attack. An experimental result to successfully analyze an FPGA implementation of RSA with the multiply-always method is also presented.

Journal ArticleDOI
TL;DR: The adopted approach bases its analysis method partially on the conditional entropy of secret keys given the observations of the intermediate variables in software implementations of cryptographic algorithms via the side channel and explores the extent to which the observations can be exploited in a successful attack.
Abstract: In this paper, we present a methodology to evaluate the feasibility, effectiveness and complexity of a class of cache-based side-channel attacks. The methodology provides estimates on the lower bound of the required number of observations on the side channel and the number of trials for a successful attack. As a case study, a weak implementation of the Advanced Encryption Standard algorithm is selected to apply the proposed methodology to three different categories of cache-based attacks; namely, access-driven, trace-driven and time-driven attacks. The approach, however, is generic in the sense that it can be utilized in other algorithms that are subject to the micro-architectural side-channel attacks. The adopted approach bases its analysis method partially on the conditional entropy of secret keys given the observations of the intermediate variables in software implementations of cryptographic algorithms via the side channel and explores the extent to which the observations can be exploited in a successful attack. Provided that the intermediate variables are relatively simple functions of the key material and the known inputs or outputs of cryptographic algorithms, a successful attack is theoretically feasible. Our methodology emphasizes the need for an analysis of this leakage through such intermediate variables and demonstrates a systematic way to measure it. The method allows us to explore every attack possibility, estimate the feasibility of an attack, and compare the efficiency and the costs of different attack strategies to determine an optimal level of effective countermeasures.

Posted Content
TL;DR: This work proposes hypervisor-enforced timing mitigation to control timing channels in cloud environments and is the first system to mitigate timing-channel leakage across full-scale existing operating systems such as Linux and applications in arbitrary languages.
Abstract: The massive parallelism and resource sharing embodying today's cloud business model not only exacerbate the security challenge of timing channels, but also undermine the viability of defenses based on resource partitioning. We propose hypervisor-enforced timing mitigation to control timing channels in cloud environments. This approach closes "reference clocks" internal to the cloud by imposing a deterministic view of time on guest code, and uses timing mitigators to pace I/O and rate-limit potential information leakage to external observers. Our prototype hypervisor is the first system to mitigate timing-channel leakage across full-scale existing operating systems such as Linux and applications in arbitrary languages. Mitigation incurs a varying performance cost, depending on workload and tunable leakage-limiting parameters, but this cost may be justified for security-critical cloud applications and data.

Posted Content
TL;DR: Brumley and Tuveri as mentioned in this paper improved on their lattice attack using the Embedding Strategy that reduces the Closest Vector Problem to the Shortest Vector problem so as to avoid using Babai's procedures to solve the CVP and rely on the better experimental results of LLL.
Abstract: In 2011, B.B.Brumley and N.Tuveri found a remote timing attack on OpenSSL’s ECDSA implementation for binary curves. We will study if the title of their paper was indeed relevant (Remote Timing Attacks are Still Practical). We improved on their lattice attack using the Embedding Strategy that reduces the Closest Vector Problem to the Shortest Vector Problem so as to avoid using Babai’s procedures to solve the CVP and rely on the better experimental results of LLL. We will detail (along with publishing the source code of the tools we used) our attempts to reproduce their experiments from a remote machine located on the same network with the server, and see that such attacks are not trivial and far from being practical. Finally we will see other attacks and countermeasures.

Proceedings ArticleDOI
21 Apr 2015
TL;DR: This paper attacks a straightforward C implementation of the Goppa codes based McEliece decryption running on an ARM Cortex-M3 microprocessor, and demonstrates on a realistic example that using a “chosen ciphertext attack” method, it is possible to recover the complete secret permutation matrix.
Abstract: In this paper, we present a novel countermeasure against a simple power analysis based side channel attack on a software implementation of the McEliece public key cryptosystem. First, we attack a straightforward C implementation of the Goppa codes based McEliece decryption running on an ARM Cortex-M3 microprocessor. Next, we demonstrate on a realistic example that using a “chosen ciphertext attack” method, it is possible to recover the complete secret permutation matrix. We show that this matrix can be completely recovered by an analysis of a dynamic power consumption of the microprocessor. Then, we estimate the brute-force attack complexity reduction depending on the knowledge of the permutation matrix. Finally, we propose an efficient software countermeasure having low computational complexity. Of course, we provide all the necessary details regarding the attack implementation and all the consequences of the proposed countermeasure especially in terms of power consumption.