Virtualisation is a key potential approach to alleviating performance issues within constrained environments. However, within defence environments, security is a constant concern, and virtualised environments must be assessed to ensure that they do not introduce additional security risks with their introduction.
In this research, we explore security issues within defence and constrained environments, including analysis of existing virtualisation environments for security concerns, identification and mitigation against security attacks, and the design and development of virtualised environments that are more resilient against security attacks.
Project Leaders: Yuval Yarom and A/Prof Katrina Falkner
Announcing Mastik version 0.01 (Scurvy Dog)
Mastik is a new toolkit for performing microarchitectural side channel attacks has been announced in the CHES 2016 rump session. The toolkit provides an implementation of popular side channel attacks. Version 0.01, code name Scurvy Dog, can be downloaded from the Mastik home page. The CHES 2016 rump session presentation is also available.
ACSAC 2016: Amplifying Side Channels Through Performance Degradation
In this work, accepted to ACSAC 2016, we show that an adversary can amplify a side channel leakage from a victim by slowing the victim down. We apply the technique against a victim that uses the Bitcoin elliptic curve and show that we need to observe only 6 signatures to completely break the private key. The […]
Comments Off on ACSAC 2016: Amplifying Side Channels Through Performance Degradation
CCS 2016: ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels
Working with researchers from the Technion and from Tel Aviv University, we show that undesired electromagnetic emanations from mobile phones allow adversaries to steal cryptographic keys from the phone. The work has been accepted to CCS 2016. D. Genkin, L. Pachmanov, I. Pipman, E. Tromer and Y. Yarom, ECDSA Key Extraction from Mobile Devices via […]
Comments Off on CCS 2016: ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels
CCS 2016: “Make Sure DSA Signing Exponentiations Really are Constant-Time”
Our joint work with researchers from the Tampere University of Technology on a weakness in OpenSSL has been accepted to CCS 2016. C. Pereida García, B. B. Brumley and Y. Yarom, “Make Sure DSA Signing Exponentiations Really are Constant-Time”, Abstract: TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the implementations of […]
Comments Off on CCS 2016: “Make Sure DSA Signing Exponentiations Really are Constant-Time”
Yuval Yarom to deliver a keynote talk at PROOFS 2016
Yuval Yarom has been invited to present a keynote talk at PROOFS 2016. PROOFS is a security workshop focusing on Security Proofs for Embedded Systems. Title: Thwarting cache-based side-channel attacks Abstract: Cache-based side-channel attacks leak sensitive information through a shared cache. The attacker exploits contention on the cache to trace the victim’s access to memory. These traces […]
CDIT Presenting in CHES 2016
Next week CDIT is presenting two papers and a tutorial in CHES 2016. The papers are: L. Groot Bruinderink, A. Hülsing, T. Lange and Y. Yarom, Flush, Gauss, and Reload – A Cache Attack on the BLISS Lattice-Based Signature Scheme. We present the first side-channel attack on a lattice-based signature scheme, using the FLUSH+RELOAD cache-attack. The […]
Comments Off on CDIT Presenting in CHES 2016
Research Grant: Assessment and OS-Level Mitigation of Timing Channels. Y.Yarom and K. Falkner, Data61 CRP Research Agreement ($682,684) (2016-2019)
Our collaboration with Data 61’s Trustworthy Systems research program (UNSW) continues with a further, multi-year, extension of our CRP Research Agreement in the area of Security and Virtualisation. Dr Yuval Yarom leads this latest grant collaboration, which will survey micro-architectural time-based covert channels and side channels on modern architectures. It will survey existing exploits and mitigation strategies, and attempt […]
CDIT Security Collaboration in the news!
Two of our research projects have attracted media attention recently. The Daily Mail reports on our CacheBleed attack. CacheBleed monitors minute changes in the time it takes a computer to execute a sequence of operations and use it to steal information on the internal working of cryptographic algorithms. While the possibility of such an attack […]
HPCA 2016: CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing
Working with colleagues from Princeton University, NICTA and Intel we show how to use the Intel Cache Allocation Technology (CAT) to provide protection from cache-based side-channel attacks. CAT is a hardware cache-partitioning mechanism for enforcing quality of service with respect to cache occupancy. However due to the small number of partitions it cannot be used […]
Comments Off on HPCA 2016: CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing
Research Grant: Assessment and OS-Level Mitigation of Timing Channels. Y.Yarom and K. Falkner, NICTA CRP Research Agreement ($132,378) (2015-2016)
Our collaboration with NICTA’s Software Systems Research Group (UNSW) continues with an extension of our CRP Research Agreement in the area of Security and Virtualisation. Dr Yuval Yarom leads this latest grant collaboration, which will survey micro-architectural time-based covert channels and side channels on modern architectures. It will survey existing exploits and mitigation strategies, and attempt […]