Mastik is a new toolkit for performing microarchitectural side channel attacks has been announced in the CHES 2016 rump session. The toolkit provides an implementation of popular side channel attacks. Version 0.01, code name Scurvy Dog, can be downloaded from the Mastik home page. The CHES 2016 rump session presentation is also available.
In this work, accepted to ACSAC 2016, we show that an adversary can amplify a side channel leakage from a victim by slowing the victim down. We apply the technique against a victim that uses the Bitcoin elliptic curve and show that we need to observe only 6 signatures to completely break the private key. The […]
Working with researchers from the Technion and from Tel Aviv University, we show that undesired electromagnetic emanations from mobile phones allow adversaries to steal cryptographic keys from the phone. The work has been accepted to CCS 2016. D. Genkin, L. Pachmanov, I. Pipman, E. Tromer and Y. Yarom, ECDSA Key Extraction from Mobile Devices via […]
Our joint work with researchers from the Tampere University of Technology on a weakness in OpenSSL has been accepted to CCS 2016. C. Pereida García, B. B. Brumley and Y. Yarom, “Make Sure DSA Signing Exponentiations Really are Constant-Time”, Abstract: TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the implementations of […]
Yuval Yarom has been invited to present a keynote talk at PROOFS 2016. PROOFS is a security workshop focusing on Security Proofs for Embedded Systems. Title: Thwarting cache-based side-channel attacks Abstract: Cache-based side-channel attacks leak sensitive information through a shared cache. The attacker exploits contention on the cache to trace the victim’s access to memory. These traces […]
Next week CDIT is presenting two papers and a tutorial in CHES 2016. The papers are: L. Groot Bruinderink, A. Hülsing, T. Lange and Y. Yarom, Flush, Gauss, and Reload – A Cache Attack on the BLISS Lattice-Based Signature Scheme. We present the first side-channel attack on a lattice-based signature scheme, using the FLUSH+RELOAD cache-attack. The […]
Two of our research projects have attracted media attention recently. The Daily Mail reports on our CacheBleed attack. CacheBleed monitors minute changes in the time it takes a computer to execute a sequence of operations and use it to steal information on the internal working of cryptographic algorithms. While the possibility of such an attack […]
Working with colleagues from Princeton University, NICTA and Intel we show how to use the Intel Cache Allocation Technology (CAT) to provide protection from cache-based side-channel attacks. CAT is a hardware cache-partitioning mechanism for enforcing quality of service with respect to cache occupancy. However due to the small number of partitions it cannot be used […]
As part of our ongoing collaboration with the Laboratory for Experimental Information Security (LEISec), our intern, Tom Allan, was invited to an extended visit To Israel. Tom will spend six weeks in the Tel-Aviv University, where he will work on microarchitectural side-channel attacks.
Yuval Yarom has recently attended the Israeli Center of Research Excellence in Algorithms (I-CORE) day, where he was invited to present our work on last-level cache side-channel attacks. Last-Level Cahce Side-Channel Attacks are Practical System virtualisation increases hardware utilisation by sharing the hardware resources between several virtual machines. While these virtual machines are supposed to […]