Remote Timing Attacks Are Still Practical

Brumley, Billy Bob; Tuveri, Nicola

doi:10.1007/978-3-642-23822-2_20

Cited by 147 publications

(87 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Inherently, these attacks assume that the attacker gets some response from the target in order to measure its running time. Utilizing such responses from the target, the works of Kocher [Koc96], Brumley and Boneh [BB05], and Brumley and Tuveri [BT11] demonstrate attacks on many popular ciphers and encryption schemes such as DSS, RSA and ECDSA.…”

Section: Related Workmentioning

confidence: 99%

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Genkin

Shamir

Tromer

2014

Lecture Notes in Computer Science

269

158

View full text Add to dashboard Cite

Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation (Eurocrypt'04 rump session), we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.In this paper we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables. * The authors thank Lev Pachmanov for programming and experiment support during the course of this research.

show abstract

Section: Related Workmentioning

confidence: 99%

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Genkin

Shamir

Tromer

2014

Lecture Notes in Computer Science

269

158

View full text Add to dashboard Cite

show abstract

“…In 2011, Brumley and Tuveri [4] showed that remote timing attacks were still feasible on ECC implementations that were meant to be more resistant to this kind of attack. They showed that the fixed-sequence Montgomery ladder used in the computation of the scalar multiplication was not sufficient to fully protect against their attack.…”

Section: State Of the Artmentioning

confidence: 99%

When Constant-Time Source Yields Variable-Time Binary: Exploiting Curve25519-donna Built with MSVC 2015

Kaufmann

Pelletier

Vaudenay

et al. 2016

Cryptology and Network Security

View full text Add to dashboard Cite

Abstract. The elliptic curve Curve25519 has been presented as protected against state-of-the-art timing-attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 implementation which follows the RFC 4 7748 requirements [10]. The attack allows the retrieval of the complete private key used in the ECDH protocol. This is achieved due to timing leakage during Montgomery ladder execution and relies on a conditional branch in the Windows runtime library 2015. The attack can be applied remotely.

show abstract

“…Recently B.B. Brumley and Tuveri [21] demonstrated that the ladder computation in the popular ECDSA implementation of OpenSSL 0.9.8o is vulnerable to timing attacks by extracting the private key used in a TLS handshake.…”

Section: Motivationmentioning

confidence: 99%

Know Thy Neighbor: Crypto Library Detection in Cloud

Irazoqui

İnci

Eisenbarth

et al. 2015

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Software updates and security patches have become a standard method to fix known and recently discovered security vulnerabilities in deployed software. In server applications, outdated cryptographic libraries allow adversaries to exploit weaknesses and launch attacks with significant security results. The proposed technique exploits leakages at the hardware level to first, determine if a specific cryptographic library is running inside (or not) a co-located virtual machine (VM) and second to discover the IP of the co-located target. Nevertheless, one of the main concerns that is slowing the widespread usage of such Infrastructure as a Service (IaaS) technologies are potential security vulnerabilities and privacy risks of cloud computing. Usually, CSPs employ virtual machines (VMs), allowing multiple tenants to share the same computing hardware. While this resource sharing maximizes utilization and hence drastically reduces cost, ensuring isolation of potentially sensitive data between VMs instantiated by different and untrusted tenants can be a challenge. Indeed, the main security principle in the design and implementation of virtual machine managers (VMMs) has been that of process and data isolation achieved through sandboxing. Although logical isolation ensures security at the software level, a malicious tenant might still extract private information due to leakage coming from side channels such as shared hardware resources. In short, hardware sharing create an opening for various side channel attacks developed for non-virtualized environments. These powerful attacks are capable of extracting sensitive information, e.g. passwords and private keys, by profiling the victim process. ignoring leakages of information through subtle side-channels shared by the processes running on the same physical hardware. In non-virtualized environments, a number of effective side-channel attacks were proposed that succeeded in extracting sensitive data by targeting the software layer only.

show abstract

Remote Timing Attacks Are Still Practical

Cited by 147 publications

References 13 publications

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

When Constant-Time Source Yields Variable-Time Binary: Exploiting Curve25519-donna Built with MSVC 2015

Know Thy Neighbor: Crypto Library Detection in Cloud

Contact Info

Product

Resources

About