Opportunities and Limits of Remote Timing Attacks
作者: Scott A. Crosby , Dan S. Wallach , Rudolf H. Riedi
关键词:
摘要: Many algorithms can take a variable amount of time to complete depending on the data being processed. These timing differences sometimes disclose confidential information. Indeed, researchers have been able reconstruct an RSA private key purely by querying SSL Web server and results. Our work analyzes limits attacks based accurately measuring network response times jitter over local across Internet. We present design filters significantly reduce effects jitter, allowing attacker measure events with 15-100μs accuracy Internet, as good 100ns network. Notably, security-related servers other need be carefully engineered avoid channel leaks at demonstrated in this article.
acm.org
rice.edu参考文章(40)
George Polyzos, Hans-Werner Braun, kc claffy, Measurement considerations for assessing unidirectional latencies Journal of Internetworking. ,vol. 4, ,(1993)
George P. McCabe, David S. Moore, Michael J. Evans, Introduction to the Practice of Statistics Minitab Manual and Minitab Version 14 ,(2005)
Dag Arne Osvik, Adi Shamir, Eran Tromer, Cache attacks and countermeasures: the case of AES the cryptographers track at the rsa conference. pp. 1- 20 ,(2006) , 10.1007/11605805_1
Brice Canvel, Alain Hiltgen, Serge Vaudenay, Martin Vuagnoux, Password Interception in a SSL/TLS Channel Advances in Cryptology - CRYPTO 2003. ,vol. 2729, pp. 583- 599 ,(2003) , 10.1007/978-3-540-45146-4_34
Scott A. Crosby, Dan S. Wallach, Denial of service via algorithmic complexity attacks usenix security symposium. pp. 3- 3 ,(2003)
Joseph H. Silverman, William Whyte, Timing Attacks on NTRUEncrypt Via Variation in the Number of Hash Calls Lecture Notes in Computer Science. pp. 208- 224 ,(2006) , 10.1007/11967668_14
Dan Page, Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. IACR Cryptology ePrint Archive. ,vol. 2002, pp. 169- ,(2002)
Paul C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems international cryptology conference. ,vol. 1109, pp. 104- 113 ,(1996) , 10.1007/3-540-68697-5_9
Onur Acıiçmez, Çetin Kaya Koç, Trace-driven cache attacks on AES (short paper) international conference on information and communication security. pp. 112- 121 ,(2006) , 10.1007/11935308_9
John Kelsey, Bruce Schneier, David Wagner, Chris Hall, Side channel cryptanalysis of product ciphers Journal of Computer Security. ,vol. 8, pp. 141- 158 ,(2000) , 10.3233/JCS-2000-82-304