The Community for Technology Leaders
Green Image
Issue No. 06 - November/December (2009 vol. 7)
ISSN: 1540-7993
pp: 65-68
Nate Lawson , Root Labs
ABSTRACT
When it comes to cryptographic software, side channels are an often-overlooked threat. A side channel is any observable side effect of computation that an attacker could measure and possibly influence. In the software world, side-channel attacks have sometimes been dismissed as impractical. However, new system architecture features, such as larger cache sizes and multicore processors, have increased the prevalence of side channels and quality of measurement available to an attacker. This article explains three recent side-channel attacks on cryptographic software, exploiting a comparison function, CPU cache timing, and branch prediction logic to recover a secret key. Software developers must be aware of the potential for side-channel attacks and plan appropriately.
INDEX TERMS
cryptography, side channel attack, timing attack, AES, Advanced Encryption Standard, RSA, HMAC, Hash Message Authentication Code, CPU cache, branch prediction logic, multicore, crypto corner
CITATION
Nate Lawson, "Side-Channel Attacks on Cryptographic Software", IEEE Security & Privacy, vol. 7, no. , pp. 65-68, November/December 2009, doi:10.1109/MSP.2009.165
89 ms
(Ver )