Lecture Notes in Computer Science, vol. 9813The scatter-gather technique is a commonly implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant time. We implement a cache timing attack against the scatter-gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f. Our attack exploits cache-bank conflicts on the Sandy Bridge microarchitecture. We have tested the attack on an Intel Xeon E5-2430 processor. For 4096-bit RSA our attack can fully recover the private key after observing 16,000 decryptions.Yuval Yarom, Daniel Genkin, and Nadia Heninge
The rise of cloud computing has made it a lot easier for attackers to be able to run code on the sam...
Abstract. This paper demonstrates complete AES key recovery from known-plaintext timings of a networ...
Abstract. Recently, Acıiçmez, Koç, and Seifert have introduced new side-channel analysis types, name...
Constant-time technique is of crucial importance to prevent secrets of cryptographic algorithms from...
During the last decade, constant-time cryptographic software has quickly transitioned from an academ...
Abstract. The previous I-cache timing attacks on RSA which exploit the in-struction path of a cipher...
Abstract. This paper describes several novel timing attacks against the common table-driven software...
MicroArchitectural Analysis (MA) techniques, more specifically Simple Branch Prediction Analysis (SB...
Abstract. This paper describes several novel timing attacks against the common table-driven software...
t-Test Error detection into practice. To improve the feasibility of timing attack, the current study...
TLS and SSH are two of the most commonly used proto- cols for securing Internet traffic. Many of the...
TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the i...
TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the i...
Abstract. We improve instruction cache data analysis techniques with a framework based on vector qua...
Side-channel information is any type of information leaked through unexpected channels due to physic...
The rise of cloud computing has made it a lot easier for attackers to be able to run code on the sam...
Abstract. This paper demonstrates complete AES key recovery from known-plaintext timings of a networ...
Abstract. Recently, Acıiçmez, Koç, and Seifert have introduced new side-channel analysis types, name...
Constant-time technique is of crucial importance to prevent secrets of cryptographic algorithms from...
During the last decade, constant-time cryptographic software has quickly transitioned from an academ...
Abstract. The previous I-cache timing attacks on RSA which exploit the in-struction path of a cipher...
Abstract. This paper describes several novel timing attacks against the common table-driven software...
MicroArchitectural Analysis (MA) techniques, more specifically Simple Branch Prediction Analysis (SB...
Abstract. This paper describes several novel timing attacks against the common table-driven software...
t-Test Error detection into practice. To improve the feasibility of timing attack, the current study...
TLS and SSH are two of the most commonly used proto- cols for securing Internet traffic. Many of the...
TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the i...
TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the i...
Abstract. We improve instruction cache data analysis techniques with a framework based on vector qua...
Side-channel information is any type of information leaked through unexpected channels due to physic...
The rise of cloud computing has made it a lot easier for attackers to be able to run code on the sam...
Abstract. This paper demonstrates complete AES key recovery from known-plaintext timings of a networ...
Abstract. Recently, Acıiçmez, Koç, and Seifert have introduced new side-channel analysis types, name...