Timing attacks against OpenSSL
نویسنده
چکیده
OpenSSL is the most widely used open source SSL/TLS implementation on the internet and an immense amount of sensitive communication is trusted to be secured by it. The related cryptographic algorithms themselves are indeed very secure. However implementing the models in hardware or software introduces new kinds of channels that are not present in the mathematical model, but which can nonetheless be abused. Using information retrieved using these channels can reveal the secrets about the communication to the attacker. In this paper we discuss two known attacks against OpenSSL and their implications.
منابع مشابه
Remote Timing Attacks Are Practical
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network se...
متن کاملUSENIX Association Proceedings of the 12 th USENIX Security Symposium
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network se...
متن کاملTemplate attacks exploiting static power and application to CMOS lightweight crypto-hardware
Side-channel attacks are a serious threat to security-critical software. OpenSSL is a prime security attack target due to the library’s ubiquitous real world applications, therefore, the history of cache-timing attacks against OpenSSL is varied and rich. The presentation includes a brief history of cache-timing attacks in OpenSSL. To mitigate remote timing and cache-timing attacks, many ubiquit...
متن کاملCache-Collision Timing Attacks Against AES
This paper describes several novel timing attacks against the common table-driven software implementation of the AES cipher. We define a general attack strategy using a simplified model of the cache to predict timing variation due to cache-collisions in the sequence of lookups performed by the encryption. The attacks presented should be applicable to most high-speed software AES implementations...
متن کاملPlaintext-Recovery Attacks Against Datagram TLS
The Datagram Transport Layer Security (DTLS) protocol provides confidentiality and integrity of data exchanged between a client and a server. We describe an efficient and full plaintext recovery attack against the OpenSSL implementation of DTLS, and a partial plaintext recovery attack against the GnuTLS implementation of DTLS. The attack against the OpenSSL implementation is a variant of Vauden...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013