Current studentsExisting staffContact us
 

Cachebleed: a timing attack on OpenSSL constant time RSA

Files

RA_hdl_108056.pdf (1.21 MB)
  (Restricted Access)

Date

2016

Authors

Yarom, Y.
Genkin, D.
Heninger, N.

Editors

Gierlichs, B.
Poschmann, A.

Advisors

Journal Title

Journal ISSN

Volume Title

Type:

Conference paper

Citation

Lecture Notes in Artificial Intelligence, 2016 / Gierlichs, B., Poschmann, A. (ed./s), vol.9813 LNCS, pp.346-367

Statement of Responsibility

Yuval Yarom, Daniel Genkin, and Nadia Heninger

Conference Name

18th International Conference on Cryptographic Hardware and Embedded Systems (CHES) (17 Aug 2016 - 19 Aug 2016 : Santa Barbara, CA)

DOI

10.1007/978-3-662-53140-2_17

Abstract

The scatter-gather technique is a commonly implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant time. We implement a cache timing attack against the scatter-gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f. Our attack exploits cache-bank conflicts on the Sandy Bridge microarchitecture. We have tested the attack on an Intel Xeon E5-2430 processor. For 4096-bit RSA our attack can fully recover the private key after observing 16,000 decryptions.

School/Discipline

Dissertation Note

Provenance

Description

Lecture Notes in Computer Science, vol. 9813

Access Status

Rights

© International Association for Cryptologic Research 2016

License

Grant ID

Published Version

https://doi.org/10.1007/978-3-662-53140-2_17

Call number

Persistent link to this record

http://hdl.handle.net/2440/108056