Please use this identifier to cite or link to this item:
Scopus Web of Science® Altmetric
Type: Conference paper
Title: Make sure DSA signing exponentiations really are constant-time
Author: García, C.
Brumley, B.
Yarom, Y.
Citation: Proceedings of the ACM Conference on Computer and Communications Security, 2016, vol.24-28-October-2016, pp.1639-1650
Publisher: ACM
Issue Date: 2016
ISBN: 9781450341394
ISSN: 1543-7221
Conference Name: 23rd ACM Conference on Computer and Communications Security (CCS) (24 Oct 2016 - 28 Oct 2016 : Vienna, Austria)
Statement of
Cesar Pereida García, Billy Bob Brumley, Yuval Yarom
Abstract: TLS and SSH are two of the most commonly used proto- cols for securing Internet traffic. Many of the implemen- tations of these protocols rely on the cryptographic primi- tives provided in the OpenSSL library. In this work we dis- close a vulnerability in OpenSSL, affecting all versions and forks (e.g. LibreSSL and BoringSSL) since roughly October 2005, which renders the implementation of the DSA signa- ture scheme vulnerable to cache-based side-channel attacks. Exploiting the software defect, we demonstrate the first pub- lished cache-based key-recovery attack on these protocols: 260 SSH-2 handshakes to extract a 1024/160-bit DSA host key from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server.
Keywords: Applied cryptography; digital signatures; side-channel anal- ysis; timing attacks; cache-timing attacks; DSA; OpenSSL; CVE-2016-2178
Rights: © 2016 Copyright held by the owner/author(s). This work is under a Creative Commons Attribution- NonCommercial_Sharealike International 4.0 License
DOI: 10.1145/2976749.2978420
Published version:
Appears in Collections:Aurora harvest 8
Computer Science publications

Files in This Item:
File Description SizeFormat 
hdl_108055.pdfPublished version598.6 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.