Please use this identifier to cite or link to this item:
Scopus Web of Science® Altmetric
Type: Conference paper
Title: Amplifying side channels through performance degradation
Author: Allan, T.
Brumley, B.
Falkner, K.
Van De Pol, J.
Yarom, Y.
Citation: Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016 / vol.5-9-December-2016, pp.422-435
Publisher: ACM New York
Issue Date: 2016
Series/Report no.: ACM International Conference Proceeding Series
ISBN: 9781450347716
Conference Name: 32nd Annual Conference on Computer Security Applications (ACSAC '16) (05 Dec 2016 - 08 Dec 2016 : Los Angeles, California)
Statement of
Thomas Allan, Billy Bob Brumley, Katrina Falkner, Joop van de Pol, Yuval Yarom
Abstract: Interference between processes executing on shared hardware can be used to mount performance-degradation attacks. However, in most cases, such attacks offer little benefit for the adversary. In this paper, we demonstrate that software-based performancedegradation attacks can be used to amplify side-channel leaks, enabling the adversary to increase both the amount and the quality of information captured. We identify a new information leak in the OpenSSL implementation of the ECDSA digital signature algorithm, albeit seemingly unexploitable due to the limited granularity of previous trace procurement techniques. To overcome this imposing hurdle, we combine the information leak with a microarchitectural performancedegradation attack that can slow victims down by a factor of over 150. We demonstrate how this combination enables the amplification of a side-channel sufficiently to exploit this new information leak. Using the combined attack, an adversary can break a private key of the secp256k1 curve, used in the Bitcoin protocol, after observing only 6 signatures-a four-fold improvement over all previously described attacks.
Rights: © 2016 Copyright held by the owner/author(s). Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s).
RMID: 0030062370
DOI: 10.1145/2991079.2991084
Appears in Collections:Computer Science publications

Files in This Item:
File Description SizeFormat 
RA_hdl_107842.pdfRestricted Access301.72 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.