Side-Channel Attacks on Cryptographic Software

Security&Privacy
2009
Issue No. 6 - November/December
Abstract - Side-Channel Attacks on Cryptographic Software

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Nate Lawson

November/December 2009 (vol. 7 no. 6)

pp. 65-68

	ASCII Text	x
	Nate Lawson, "Side-Channel Attacks on Cryptographic Software," IEEE Security and Privacy, vol. 7, no. 6, pp. 65-68, November/December, 2009.

	BibTex	x
	@article{ 10.1109/MSP.2009.165, author = {Nate Lawson}, title = {Side-Channel Attacks on Cryptographic Software}, journal ={IEEE Security and Privacy}, volume = {7}, number = {6}, issn = {1540-7993}, year = {2009}, pages = {65-68}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.165}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - Side-Channel Attacks on Cryptographic Software IS - 6 SN - 1540-7993 SP65 EP68 EPD - 65-68 A1 - Nate Lawson, PY - 2009 KW - cryptography KW - side channel attack KW - timing attack KW - AES KW - Advanced Encryption Standard KW - RSA KW - HMAC KW - Hash Message Authentication Code KW - CPU cache KW - branch prediction logic KW - multicore KW - crypto corner VL - 7 JA - IEEE Security and Privacy ER -

Nate Lawson, Root Labs

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.165

When it comes to cryptographic software, side channels are an often-overlooked threat. A side channel is any observable side effect of computation that an attacker could measure and possibly influence. In the software world, side-channel attacks have sometimes been dismissed as impractical. However, new system architecture features, such as larger cache sizes and multicore processors, have increased the prevalence of side channels and quality of measurement available to an attacker. This article explains three recent side-channel attacks on cryptographic software, exploiting a comparison function, CPU cache timing, and branch prediction logic to recover a secret key. Software developers must be aware of the potential for side-channel attacks and plan appropriately.

1. P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," Cryptography Research, 1995; www.cryptography.com/resources/whitepapers TimingAttacks.pdf.
2. D. Brumley and D. Boneh, "Remote Timing Attacks Are Practical," Proc. 12th Conf. Usenix Security Symp., Usenix Assoc., 2003, p. 1.
3. S.A. Crosby, D.S. Wallach, and R.H. Riedi, "Opportunities and Limits of Remote Timing Attacks," ACM Trans. Information and System Security, vol. 12, no. 3,2009, article 17; www.cs.rice.edu/~dwallach/pubcrosby-timing2009.pdf .
4. "Timing Attack Tested Successfully: Downgrade from Any Kernel without CPU-Key"; www.xbox-scene.com/xbox1data/sepEElZluZypZpmixPJrS.php .
5. N. Lawson, "Timing Attack on Google Keyzar," blog, 28 May 2009; http://rdist.root.org/2009/05/28timing-attack-in-google-keyczar-library .
6. D.A. Osvik, A. Shamir, and E. Tromer, "Cache Attacks and Countermeasures: The Case of AES," Topics in Cryptology—CT-RSA 2006, LNCS 3860, Springer, 2006; pp. 1–20.
7. O. Aciiçimez, Ç.K. Koç, and J.-P. Seifert, "On the Power of Simple Branch Prediction Analysis," Proc. 2nd ACM Symp. Information, Computer and Communications Security, ACM Press, 2006, pp. 312–320.

Index Terms:

cryptography, side channel attack, timing attack, AES, Advanced Encryption Standard, RSA, HMAC, Hash Message Authentication Code, CPU cache, branch prediction logic, multicore, crypto corner

Citation:

Nate Lawson, "Side-Channel Attacks on Cryptographic Software," IEEE Security and Privacy, vol. 7, no. 6, pp. 65-68, Nov./Dec. 2009, doi:10.1109/MSP.2009.165

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.