BLOGS WEBSITE
Announcing Mastik version 0.01 (Scurvy Dog)
Mastik is a new toolkit for performing microarchitectural side channel attacks has been announced in the CHES 2016 rump session. The toolkit provides an implementation of popular side channel attacks. Version 0.01, code name Scurvy Dog, can be downloaded from the Mastik home page. The CHES 2016 rump session presentation is also available.
ACSAC 2016: Amplifying Side Channels Through Performance Degradation
In this work, accepted to ACSAC 2016, we show that an adversary can amplify a side channel leakage from a victim by slowing the victim down. We apply the technique against a victim that uses the Bitcoin elliptic curve and show that we need to observe only 6 signatures to completely break the private key. The […]
Comments Off on ACSAC 2016: Amplifying Side Channels Through Performance Degradation
CCS 2016: ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels
Working with researchers from the Technion and from Tel Aviv University, we show that undesired electromagnetic emanations from mobile phones allow adversaries to steal cryptographic keys from the phone. The work has been accepted to CCS 2016. D. Genkin, L. Pachmanov, I. Pipman, E. Tromer and Y. Yarom, ECDSA Key Extraction from Mobile Devices via […]
Comments Off on CCS 2016: ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels
CCS 2016: “Make Sure DSA Signing Exponentiations Really are Constant-Time”
Our joint work with researchers from the Tampere University of Technology on a weakness in OpenSSL has been accepted to CCS 2016. C. Pereida García, B. B. Brumley and Y. Yarom, “Make Sure DSA Signing Exponentiations Really are Constant-Time”, Abstract: TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the implementations of […]
Comments Off on CCS 2016: “Make Sure DSA Signing Exponentiations Really are Constant-Time”
Yuval Yarom to deliver a keynote talk at PROOFS 2016
Yuval Yarom has been invited to present a keynote talk at PROOFS 2016. PROOFS is a security workshop focusing on Security Proofs for Embedded Systems. Title: Thwarting cache-based side-channel attacks Abstract: Cache-based side-channel attacks leak sensitive information through a shared cache. The attacker exploits contention on the cache to trace the victim’s access to memory. These traces […]
CDIT Presenting in CHES 2016
Next week CDIT is presenting two papers and a tutorial in CHES 2016. The papers are: L. Groot Bruinderink, A. Hülsing, T. Lange and Y. Yarom, Flush, Gauss, and Reload – A Cache Attack on the BLISS Lattice-Based Signature Scheme. We present the first side-channel attack on a lattice-based signature scheme, using the FLUSH+RELOAD cache-attack. The […]
CDIT Security Collaboration in the news!
Two of our research projects have attracted media attention recently. The Daily Mail reports on our CacheBleed attack. CacheBleed monitors minute changes in the time it takes a computer to execute a sequence of operations and use it to steal information on the internal working of cryptographic algorithms. While the possibility of such an attack […]
HPCA 2016: CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing
Working with colleagues from Princeton University, NICTA and Intel we show how to use the Intel Cache Allocation Technology (CAT) to provide protection from cache-based side-channel attacks. CAT is a hardware cache-partitioning mechanism for enforcing quality of service with respect to cache occupancy. However due to the small number of partitions it cannot be used […]
Comments Off on HPCA 2016: CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing
Tom Allan invited to Tel-Aviv University
As part of our ongoing collaboration with the Laboratory for Experimental Information Security (LEISec), our intern, Tom Allan, was invited to an extended visit To Israel. Tom will spend six weeks in the Tel-Aviv University, where he will work on microarchitectural side-channel attacks.
CDIT Presenting at the I-CORE Day
Yuval Yarom has recently attended the Israeli Center of Research Excellence in Algorithms (I-CORE) day, where he was invited to present our work on last-level cache side-channel attacks. Last-Level Cahce Side-Channel Attacks are Practical System virtualisation increases hardware utilisation by sharing the hardware resources between several virtual machines. While these virtual machines are supposed to […]