AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
We devised and implemented a timing attack against OpenSSL—a library commonly used in web servers and other SSL applications

Remote timing attacks are practical

USENIX Security, no. 5 (2005): 701-716

Cited by: 1102|Views127
EI

Abstract

Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our r...More

Code:

Data:

Introduction
  • Timing attacks enable an attacker to extract secrets maintained in a security system by observing the time it takes the system to respond to various queries.
  • Kocher [11] designed a timing attack to expose secret keys used for RSA decryption
  • Until these attacks were only applied in the context of hardware security tokens such as smartcards [5,11,19].
  • It is believed that common implementations of RSA are not vulnerable to timing attacks
  • The authors challenge both assumptions by developing a remote timing attack against OpenSSL [16], an SSL library commonly used in web servers and other SSL applications.
Highlights
  • Timing attacks enable an attacker to extract secrets maintained in a security system by observing the time it takes the system to respond to various queries
  • It is believed that common implementations of RSA are not vulnerable to timing attacks. We challenge both assumptions by developing a remote timing attack against OpenSSL [16], an SSL library commonly used in web servers and other SSL applications
  • Our results show that when using OpenSSL the network server virtual machines can extract the RSA private key from the secure virtual machines, invalidating the isolation provided by the Virtual Machine Monitor
  • We devised and implemented a timing attack against OpenSSL—a library commonly used in web servers and other SSL applications
  • The timing attack is effective between two processes on the same machine and two Virtual Machines on the same computer
Methods
  • The authors performed a series of experiments to demonstrate the effectiveness of the attack on OpenSSL.
  • In each case the authors show the factorization of the RSA modulus N is vulnerable.
  • The authors show that a number of factors affect the efficiency of the timing attack.
  • The authors' experiments consisted of: 1.
  • Test the effects of increasing the number of decryption requests, both for the same ciphertext and a neighborhood of ciphertexts.
  • 2. Compare the effectiveness of the attack based upon different keys
Conclusion
  • The authors devised and implemented a timing attack against OpenSSL—a library commonly used in web servers and other SSL applications.
  • Counter to current belief, the timing attack is effective when carried out between machines separated by multiple routers.
  • The timing attack is effective between two processes on the same machine and two Virtual Machines on the same computer.
  • As a result of this work, several crypto libraries, including OpenSSL, implement blinding by default as described in the previous section
Tables
  • Table1: Timing attack with programs ‘‘regular’’ and ‘‘extra-inst’’ for bits 30 and 32 of q
  • Table2: Decryption time using a sample size of 7 (Panel A) and 2800 (Panel B)
Download tables as Excel
Funding
  • This material is based upon work supported in part by the National Science Foundation under grant no. 0121481 and the Packard Foundation
Reference
  • M. Blaze, Simple UNIX time quantization package, Available from <http://www.cs.cmu.edu/~dbrumley/pubs/quantize.shar>.
    Findings
  • D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of checking cryptographic protocols for faultsLecture Notes in Computer Science, vol. 1233, Springer, Berlin, 1997, pp. 37–51.
    Google ScholarLocate open access versionFindings
  • D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities, Journal of Cryptology 10 (1997) 233–260.
    Google ScholarLocate open access versionFindings
  • S.A. Crosby, D.S. Wallach, Opportunities and limits of remote timing attacks, Manuscript.
    Google ScholarFindings
  • J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestre, J.-J. Quisquater, J.-L. Willems, A practical implementation of the timing attack, in: CARDIS, 1998, pp. 167–182.
    Google ScholarFindings
  • P. Gutmann, Cryptlib, Available from <http://www.cs.auckland.ac.nz/pgut001/cryptlib/>.
    Findings
  • Intel, Vtune performance analyzer for linux v1.1, Available from <http://www.intel.com/software/products/vtune>.
    Findings
  • Intel, Using the RDTSC instruction for performance monitoring, Technical report, Intel, 1997.
    Google ScholarFindings
  • Intel, IA-32 intel architecture optimization reference manual, Technical report 248966-008, Intel, 2003.
    Google ScholarFindings
  • P. Kocher, J. Jaffe, B. Jun, Differential power analysis: Leaking secrets, in: Crypto 99, 1999, pp. 388–397.
    Google ScholarFindings
  • P. Kocher, Timing attacks on implementations of diffiehellman, RSA, DSS, and other systems, in: Advances in Cryptology, 1996, pp. 104–113.
    Google ScholarLocate open access versionFindings
  • A. Menezes, P. Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, 1996.
    Google ScholarFindings
  • mod_SSL Project. mod_ssl, Available from <http://www.modssl.org>.
    Findings
  • P. Montgomery, Modular multiplication without trial division, Mathematics of Computation 44 (170) (1985) 519–521.
    Google ScholarLocate open access versionFindings
  • GNU Project. libgcrypt, Available from <http://www.gnu.org/directory/security/libgcrypt.html>.
    Findings
  • OpenSSL Project, Openssl, Available from <http://www.openssl.org>.
    Findings
  • J.R. Rao, P. Rohatgi, EMpowering side-channel attacks, Technical report 2001/037, IBM T.J. Watson Research Center, 2001.
    Google ScholarLocate open access versionFindings
  • RSA Press Release, Available from <http://www.otn.net/onthenet/rsaqa.htm>, 1995.
    Findings
  • W. Schindler, A timing attack against RSA with the chinese remainder theorem, in: CHES 2000, 2000, pp. 109–124.
    Google ScholarFindings
  • W. Schindler, A combined timing and power attackLecture Notes in Computer Science, vol. 2274, Springer, Berlin, 2002, pp. 263–279.
    Google ScholarLocate open access versionFindings
  • W. Schindler, Optimized timing attacks against public key cryptosystems, Statistics and Decisions 20 (2002) 191–210.
    Google ScholarLocate open access versionFindings
  • W. Schindler, F. Koeune, J. Quisquater, Improving divide and conquer attacks against cryptosystems by better error detection/correction strategiesLecture Notes in Computer Science, vol. 2260, Springer, Berlin, 2001, pp. 245–267.
    Google ScholarLocate open access versionFindings
  • W. Schindler, F. Koeune, J.-J. Quisquater, Unleashing the full power of timing attack, Technical report CG-2001/3, UCL Microelectronics Laboratory, 2001.
    Google ScholarFindings
  • Stunnel project, Stunnel, Available from <http://www.stunnel.org>.
    Findings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科