We show in this paper that the isolation characteristic of system virtualization can be bypassed by the use of a cache timing attack. Using Bernstein’s correlation in this attack, an adversary is able to extract sensitive keying material from an isolated trusted execution domain. We demonstrate this cache timing attack on an embedded ARMbased platform running an L4 microkernel as virtualization...

Event-driven programming (EDP) is the prevalent paradigm for graphical user interfaces, web clients, and it is rapidly gaining importance for server-side and network programming. Central components of EDP are event loops, which act as FIFO queues that are used by processes to store and dispatch messages received from other processes. In this paper we demonstrate that shared event loops are vuln...

Mix networks are a popular mechanism for anonymous Internet communications. By routing IP traffic through an overlay chain of mixes, they aim to hide the relationship between its origin and destination. Using a realistic model of interactive Internet traffic, we study the problem of defending low-latency mix networks against attacks based on correlating inter-packet intervals on two or more lin...

OBJECTIVE To search for a time parallelism between lunar and solar rotation cycles and calendar dates of attacks of pseudogout--chondrocalcinosis articularis (pyrophosphate arthropathy). METHODS Seventy-four documented attacks with known calendar dates of onset recorded in 16 patients of one family cluster between 1955 and 1995 were examined in this study. Their daily frequencies during the g...

To access automated voice services, Voice over IP (VoIP) users sometimes are required to provide their Personal Identification Numbers (PIN) for authentication. Therefore when they enter PINs, their user-agents generate packets for each key pressed and send them immediately over the networks. This paper shows that a malicious intermediary can recover the inter-keystroke time delay for each PIN ...

Side-channel attacks on block ciphers and public key algorithms have been discussed extensively. However, there is only sparse literature about side-cannel attacks on stream ciphers. The few existing references mainly treat timing [8] and template attacks [10], or provide a theoretical analysis [6], [7] of weaknesses of stream cipher constructions. In this paper we present attacks on two focus ...

Side-channel attacks utilize information leakage in the implementation of an otherwise secure cryptographic algorithm to extract secret information. For example, adversaries can extract the secret key used in a cryptographic algorithm by observing cache-timing data. Threshold cryptography enables the division of private keys into shares, distributed among several nodes; the knowledge of a subse...

The elliptic curve Curve25519 has been presented as protected against state-of-the-art timing-attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 implementation which follows the RFC 4 7748 requirements [10]. The attack allows the retrieval of the complete private key used in the ECDH protocol. This is achieved due to timing leakage during Montgome...

Recent research has shown that implementations with variable execution timing may allow attackers to extract secret cryptographic keys stored on the device. Timing variances can occur due to implementation choices (e.g. data-dependent branches) or due to the internal architecture of the processor core (e.g. cache lines). In order to overcome this problem one needs to find alternative implementa...

Intruders have changed their mode of operandi in breaking security of IT systems. Of late they are using different strategies making attacks successfully. One of their strategies is to attack systems though some intermediary nodes in the network instead of making attacks from their own machine. This helps them in hiding their identity. Such attacks can be identified by verifying and correlating...