CDIT Presenting in CHES 2016

Next week CDIT is presenting two papers and a tutorial in CHES 2016.

The papers are:

L. Groot Bruinderink, A. Hülsing, T. Lange and Y. Yarom, Flush, Gauss, and Reload – A Cache Attack on the BLISS Lattice-Based Signature Scheme.
We present the first side-channel attack on a lattice-based signature scheme, using the FLUSH+RELOAD cache-attack. The attack is targeted at the discrete Gaussian sampler, an important step in the Bimodal Lattice Signature Schemes (BLISS). After observing only 450 signatures with a perfect side-channel, an attacker is able to extract the secret BLISS-key in less than 2 minutes, with a success probability of 0.96. Similar results are achieved in a proof-of-concept implementation using the FLUSH+RELOAD technique with less than 3500 signatures.
We show how to attack sampling from a discrete Gaussian using CDT or rejection sampling by showing potential information leakage via cache memory. For both sampling methods, a strategy is given to use this additional information, finalize the attack and extract the secret key.
We provide experimental evidence for the idealized perfect side-channel attacks and the FLUSH+RELOAD attack on two recent CPUs.

Y. Yarom, D. Genkin and N. Heninger, CacheBleed: A Timing Attack on OpenSSL Constant Time RSA
The scatter-gather technique is a commonly-implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant-time. We implement a cache timing attack against the scatter-gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f. Our attack exploits cache-bank conflicts on the Sandy Bridge microarchitecture. We have tested the attack on an Intel Xeon E5-2430 processor. For 4096-bit RSA our attack can fully recover the private key after observing 16,000 decryptions.

The tutorial is titled “Micro-Architectural Side-Channel Attacks”, and is aimed at providing hands-on experience with exploiting micro-architectural side-channel attacks for analysing implementations of cryptographic primitives.


This entry was posted in News, Publications, Security. Bookmark the permalink.

Comments are closed.