Improving Brumley and Boneh timing attack on unprotected SSL implementations

Acıiçmez, Onur; Schindler, Werner; Koç, Çetin Kaya

doi:10.1145/1102120.1102140

Cited by 47 publications

(47 citation statements)

References 11 publications

(48 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Timing and side channel attacks are well-know concepts in computer security and have been used to attack many kinds of systems, among others cryptographic implementations [41]- [43], OpenSSL [44], [45], SSH sessions [46], web applications [47], [48], encrypted VoIP streams [49], [50], and virtual machine environments [51]- [53].…”

Section: Related Workmentioning

confidence: 99%

Practical Timing Side Channel Attacks against Kernel Space ASLR

Hund

Willems

Holz

2013

2013 IEEE Symposium on Security and Privacy

301

179

View full text Add to dashboard Cite

Due to the prevalence of control-flow hijacking attacks, a wide variety of defense methods to protect both user space and kernel space code have been developed in the past years.A few examples that have received widespread adoption include stack canaries, non-executable memory, and Address Space Layout Randomization (ASLR). When implemented correctly (i.e., a given system fully supports these protection methods and no information leak exists), the attack surface is significantly reduced and typical exploitation strategies are severely thwarted. All modern desktop and server operating systems support these techniques and ASLR has also been added to different mobile operating systems recently.In this paper, we study the limitations of kernel space ASLR against a local attacker with restricted privileges. We show that an adversary can implement a generic side channel attack against the memory management system to deduce information about the privileged address space layout. Our approach is based on the intrinsic property that the different caches are shared resources on computer systems. We introduce three implementations of our methodology and show that our attacks are feasible on four different x86-based CPUs (both 32-and 64-bit architectures) and also applicable to virtual machines. As a result, we can successfully circumvent kernel space ASLR on current operating systems. Furthermore, we also discuss mitigation strategies against our attacks, and propose and implement a defense solution with negligible performance overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Practical Timing Side Channel Attacks against Kernel Space ASLR

Hund

Willems

Holz

2013

2013 IEEE Symposium on Security and Privacy

301

179

View full text Add to dashboard Cite

show abstract

“…Researchers showed that such an attack could compromise remote systems over a network, which is very different from performing sidechannel attacks on smart cards that are in the attacker's possession. Improvements to the original remote timing attack made it even more practical [3].…”

Section: Security Considerationsmentioning

confidence: 99%

A Qualitative Security Analysis of a New Class of 3-D Integrated Crypto Co-processors

Valamehr

Huffmire

Irvine

et al. 2012

Cryptography and Security: From Theory to Applications

View full text Add to dashboard Cite

3-D integration presents many new opportunities for architects and embedded systems designers. However, 3-D integration has not yet been explored by the cryptographic hardware community. Traditionally, crypto coprocessors have been implemented as a separate die or by utilizing one or more cores in a chip multiprocessor. These methods have their drawbacks and limitations in terms of tamper-resistance, side-channel immunity and performance. In this work we propose a new class of co-processors that are "snapped-on" to the main processor using 3-D integration, and we investigate their security ramifications. These 3-D co-processors hold many advantages over previous implementations. This paper begins with an overview of 3-D integration and its prior applications. We then outline security threat models relevant to crypto co-processors and discuss the advantages and disadvantages of using a dedicated 3-D crypto co-processor compared to traditional, commodity, off-chip crypto co-processors. We also discuss the performance improvements that can be gained from using a 3-D approach.

show abstract

“…For the attacks against modular exponentiation with Montgomery multiplication [12,25,10,5], the cause of the timing channel is the extra modular reduction step that is necessary if an intermediate result is bigger than the modulus, and which is a subtraction in one branch of a conditional. The attacks against RSA in OpenSSL [10,5] as additional cause for the timing channel have the choice of the multiplication-algorithm, namely, Karatsuba in the case of equally-sized multiplicands. The attack against modular multiplication by the Blakley's algorithm [8] is also caused by an extra modular reduction in the case of an intermediate value bigger than the modulus.…”

Section: Causes Of Timing Channelsmentioning

confidence: 99%

“…Since then, they have been practically demonstrated [10], optimized [26], and evaluated [28]. A significant part [17,16,12,25,10,5,8,15,30,27,29] of timing attacks reported in the literature exploits the difference in the running time of crypto-algorithms' implementations which is caused by conditional branches or loops where conditions depend on the attacked secrets.…”

Section: Introductionmentioning

confidence: 99%

A tool for static detection of timing channels in Java

Lux

Starostin

2011

J Cryptogr Eng

View full text Add to dashboard Cite

A timing attack exploits the variance in the running time of a crypto-algorithm's implementation in order to infer confidential information. Such a dependence between confidential information and the running time, called a timing channel, is often caused by branching of the control flow in the implementation's source code with branching conditions depending on the attacked secrets. We present the Side Channel Finder, a static analysis tool for detection of such timing channels in Java implementations of cryptographic algorithms.

show abstract

Improving Brumley and Boneh timing attack on unprotected SSL implementations

Cited by 47 publications

References 11 publications

Practical Timing Side Channel Attacks against Kernel Space ASLR

Practical Timing Side Channel Attacks against Kernel Space ASLR

A Qualitative Security Analysis of a New Class of 3-D Integrated Crypto Co-processors

A tool for static detection of timing channels in Java

Contact Info

Product

Resources

About