During the last decade, constant-time cryptographic software has quickly transitioned from an academic construct to a concrete security requirement for real-world libraries. Most of OpenSSL’s constant-time code paths are driven by cryptosystem implementations enabling a dedicated flag at runtime. This process is perilous, with several examples emerging in the past few years of the flag either not being set or software defects directly mishandling the flag. In this work, we propose a methodology to analyze security-critical software for side-channel insecure code path traversal. Applying our methodology to OpenSSL, we identify three new code paths during RSA key generation that potentially leak critical algorithm state. Exploiting one of the...
The rise of cloud computing has made it a lot easier for attackers to be able to run code on the sam...
Abstract. We improve instruction cache data analysis techniques with a framework based on vector qua...
Cryptography is ubiquitous in today's interconnected world, protecting our communications, securing ...
During the last decade, constant-time cryptographic software has quickly transitioned from an academ...
TLS and SSH are two of the most commonly used proto- cols for securing Internet traffic. Many of the...
As side-channel attacks reached general purpose PCs and started to be more practical for attackers t...
Side-channel information is any type of information leaked through unexpected channels due to physic...
MicroArchitectural Analysis (MA) techniques, more specifically Simple Branch Prediction Analysis (SB...
Lecture Notes in Computer Science, vol. 9813The scatter-gather technique is a commonly implemented a...
TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the i...
Abstract. The previous I-cache timing attacks on RSA which exploit the in-struction path of a cipher...
TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the i...
International audienceTiming-based side-channels play an important role in exposing the state of a p...
International audienceDeployed widely and embedding sensitive data, IoT devices depend on the reliab...
Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provi...
The rise of cloud computing has made it a lot easier for attackers to be able to run code on the sam...
Abstract. We improve instruction cache data analysis techniques with a framework based on vector qua...
Cryptography is ubiquitous in today's interconnected world, protecting our communications, securing ...
During the last decade, constant-time cryptographic software has quickly transitioned from an academ...
TLS and SSH are two of the most commonly used proto- cols for securing Internet traffic. Many of the...
As side-channel attacks reached general purpose PCs and started to be more practical for attackers t...
Side-channel information is any type of information leaked through unexpected channels due to physic...
MicroArchitectural Analysis (MA) techniques, more specifically Simple Branch Prediction Analysis (SB...
Lecture Notes in Computer Science, vol. 9813The scatter-gather technique is a commonly implemented a...
TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the i...
Abstract. The previous I-cache timing attacks on RSA which exploit the in-struction path of a cipher...
TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the i...
International audienceTiming-based side-channels play an important role in exposing the state of a p...
International audienceDeployed widely and embedding sensitive data, IoT devices depend on the reliab...
Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provi...
The rise of cloud computing has made it a lot easier for attackers to be able to run code on the sam...
Abstract. We improve instruction cache data analysis techniques with a framework based on vector qua...
Cryptography is ubiquitous in today's interconnected world, protecting our communications, securing ...