Please use this identifier to cite or link to this item:
|Scopus||Web of Science®||Altmetric|
|Title:||Amplifying side channels through performance degradation|
Van De Pol, J.
|Citation:||Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016 / vol.5-9-December-2016, pp.422-435|
|Publisher:||ACM New York|
|Series/Report no.:||ACM International Conference Proceeding Series|
|Conference Name:||32nd Annual Conference on Computer Security Applications (ACSAC '16) (05 Dec 2016 - 08 Dec 2016 : Los Angeles, California)|
|Thomas Allan, Billy Bob Brumley, Katrina Falkner, Joop van de Pol, Yuval Yarom|
|Abstract:||Interference between processes executing on shared hardware can be used to mount performance-degradation attacks. However, in most cases, such attacks offer little benefit for the adversary. In this paper, we demonstrate that software-based performancedegradation attacks can be used to amplify side-channel leaks, enabling the adversary to increase both the amount and the quality of information captured. We identify a new information leak in the OpenSSL implementation of the ECDSA digital signature algorithm, albeit seemingly unexploitable due to the limited granularity of previous trace procurement techniques. To overcome this imposing hurdle, we combine the information leak with a microarchitectural performancedegradation attack that can slow victims down by a factor of over 150. We demonstrate how this combination enables the amplification of a side-channel sufficiently to exploit this new information leak. Using the combined attack, an adversary can break a private key of the secp256k1 curve, used in the Bitcoin protocol, after observing only 6 signatures-a four-fold improvement over all previously described attacks.|
|Rights:||© 2016 Copyright held by the owner/author(s). Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s).|
|Appears in Collections:||Computer Science publications|
Files in This Item:
|RA_hdl_107842.pdf||Restricted Access||301.72 kB||Adobe PDF||View/Open|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.