We show how malicious web content can extract cryptographic secret keys from the user\u27s computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory accesses of other programs running on the user\u27s computer. We show how this side-channel attack can be realized in both WebAssembly and PNaCl; how to attain very fine-grained measurements; and how to use these to extract ElGamal, ECDH and RSA decryption keys from various cryptographic libraries. The attack does not rely on bugs in the browser\u27s nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms...
Android smartphones collect and compile a huge amount of sensitive information which is secured usin...
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and all...
Abstract Cache attacks exploit side-channel information that is leaked by a microprocessor’s cache. ...
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast ...
Website fingerprinting attacks use statistical analysis on network traffic to compromise user privac...
International audienceMicroarchitectural side-channel attacks can derive secrets from the execution ...
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user...
Over the last decades the digitalization has become an integral part of daily life. Computer systems...
Privacy protection is an essential part of information security. The use of shared resources demands...
In this dissertation we study some of the problems arising on computer systems that leak information...
Analysing security assumptions taken for the WebRTC and postMessage APIs led us to find a novel atta...
Software cache-based side channel attacks are a serious new class of threats for computers. Unlike p...
International audienceDeployed widely and embedding sensitive data, IoT devices depend on the reliab...
International audienceBesides cryptographic secrets, software-based side-channel attacks also leak s...
International audienceTiming-based side-channels play an important role in exposing the state of a p...
Android smartphones collect and compile a huge amount of sensitive information which is secured usin...
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and all...
Abstract Cache attacks exploit side-channel information that is leaked by a microprocessor’s cache. ...
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast ...
Website fingerprinting attacks use statistical analysis on network traffic to compromise user privac...
International audienceMicroarchitectural side-channel attacks can derive secrets from the execution ...
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user...
Over the last decades the digitalization has become an integral part of daily life. Computer systems...
Privacy protection is an essential part of information security. The use of shared resources demands...
In this dissertation we study some of the problems arising on computer systems that leak information...
Analysing security assumptions taken for the WebRTC and postMessage APIs led us to find a novel atta...
Software cache-based side channel attacks are a serious new class of threats for computers. Unlike p...
International audienceDeployed widely and embedding sensitive data, IoT devices depend on the reliab...
International audienceBesides cryptographic secrets, software-based side-channel attacks also leak s...
International audienceTiming-based side-channels play an important role in exposing the state of a p...
Android smartphones collect and compile a huge amount of sensitive information which is secured usin...
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and all...
Abstract Cache attacks exploit side-channel information that is leaked by a microprocessor’s cache. ...