Predicting secret keys via branch prediction

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4377 LNCS, Issue , 2007, Pages 225-242

  Acıiçmez, Onur ^a   Koç, Çetin Kaya ^a,b   Seifert, Jean Pierre ^c,d  

^a Oregon State University   (United States)

^b ISTANBUL COMMERCE UNIVERSITY   (Turkey)

^c UNIVERSITY OF HAIFA   (Israel)

^d UNIVERSITY OF INNSBRUCK   (Austria)

Author keywords

Branch prediction; Modular exponentiation; Montgomery multiplication; RSA; Side channel analysis; Simultaneous multithreading

Indexed keywords

COMPUTER OPERATING SYSTEMS; FORECASTING; MULTITASKING; PROGRAM PROCESSORS;

BRANCH PREDICTION; MODULAR EXPONENTIATION; MONTGOMERY MULTIPLICATION; SIDE-CHANNEL ANALYSIS; SIMULTANEOUS MULTI-THREADING;

SIDE CHANNEL ATTACK;

EID: 84944627047     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11967668_15     Document Type: Conference Paper

References (32)

1. O. Acıiçmez, W. Schindler, and Ç. K. Koç. Cache Based Remote Timing Attack on the AES. Topics in Cryptology - CT-RSA 2007, The Cryptog-raphers’ Track at the RSA Conference 2007, to appear.
2. D. J. Bernstein. Cache-timing attacks on AES. Technical Report, 37 pages, April 2005. Available at: http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
3. th Usenix Security Symposium, pages 1-14, 2003.
4. Y. Chen, P. England, M. Peinado, and B. Willman. High Assurance Computing on Open Hardware Architectures. Technical Report, MSR-TR-2003-20, 17 pages, Microsoft Corporation, March 2003. Available at: ftp://ftp.research.microsoft.com/pub/tr/tr-2003-20.ps
5. B. Chevallier-Mames, M. Ciet, and M. Joye. Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Transactions on Computers, volume 53, issue 6, pages 760-768, June 2004.
6. J.-S. Coron, D. Naccache, and P. Kocher. Statistics and Secret Leakage. ACM Transactions on Embedded Computing Systems, volume 3, issue 3, pages 492-508, August 2004.
7. J. F. Dhem, F. Koeune, P. A. Leroux, P. Mestre, J.-J. Quisquater, and J. L. Willems. A Practical Implementation of the Timing Attack. Proceedings of the 3rd Working Conference on Smart Card Research and Advanced Applications - CARDIS 1998, J.-J. Quisquater and B. Schneier, editors, Springer-Verlag, LNCS vol. 1820, January 1998.
8. P. England, B. Lampson, J. Manferdelli, M. Peinado, and B. Willman. A Trusted Open Platform. IEEE Computer, volume 36, issue 7, pages 55-62, July 2003.
9. S. Gochman, R. Ronen, I. Anati, A. Berkovits, T. Kurts, A. Naveh, A. Saeed, Z. Sperber, and R. Valentine. The Intel Pentium M Processor: Microarchitecture and performance. Intel Technology Journal, volume 7, issue 2, May 2003.
10. D. Grawrock. The Intel Safer Computing Initiative: Building Blocks for Trusted Computing, Intel Press, 2006.
11. A. Hevia and M. Kiwi. Strength of Two Data Encryption Standard Implementations under Timing Attacks. ACM Transactions on Information and System Security 2(4):416-437, 1999.
12. W. M. Hu. Lattice scheduling and covert channels. Proceedings of IEEE Symposium on Security and Privacy, IEEE Press, pages 52-61, 1992.
13. M. Joye and S.-M. Yen. The Montgomery powering ladder. Cryptographic Hardware and Embedded Systems - CHES 2002, B. S. Kaliski Jr, Ç. K. Koç, and C. Paar, editors, pages 291-302, Springer-Verlag, LNCS vol. 2523, 2003.
14. P. C. Kocher. Timing Attacks on Implementations of Diffie–Hellman, RSA, DSS, and Other Systems. Advances in Cryptology - CRYPTO ’96, N. Koblitz, editors, pages 104-113, Springer-Verlag, LNCS vol. 1109, 1996.
15. A. J. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography, CRC Press, New York, 1997.
16. M. Milenkovic, A. Milenkovic, and J. Kulick. Microbenchmarks for Determining Branch Predictor Organization. Software Practice & Experience, volume 34, issue 5, pages 465-487, April 2004.
17. Openssl: the open-source toolkit for ssl/tls. Available online at: http://www.openssl.org/.
18. M. Neve and J.-P. Seifert. Advances on Access-driven Cache Attacks on AES. Proceedings of Selected Area of Cryptology (SAC 2006), Montreal, Canada, August 2006, appear at Springer LNCS.
19. D. A. Osvik, A. Shamir, and E. Tromer. Other People’s Cache: Hyper Attacks on HyperThreaded Processors. Presentation available at: http://www.wisdom.weizmann.ac.il/∼tromer/.
20. D. A. Osvik, A. Shamir, and E. Tromer. Cache Attacks and Countermeasures: The Case of AES. Topics in Cryptology - CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006, D. Pointcheval, editor, pages 1-20, Springer-Verlag, LNCS vol. 3860, 2006.
21. D. Patterson and J. Hennessy. Computer Architecture: A Quantitative Approach. 3rd edition, Morgan Kaufmann, 2005.
22. S. Pearson. Trusted Computing Platforms: TCPA Technology in Context, Prentice Hall PTR, 2002.
23. C. Percival. Cache missing for fun and profit. BSDCan 2005, Ottawa, 2005. Available at: http://www.daemonology.net/hyperthreading-considered-harmful/.
24. C. P. Pfleeger and S. L. Pfleeger. Security in Computing, 3rd edition, Prentice Hall PTR, 2002.
25. W. Schindler. A Timing Attack against RSA with the Chinese Remainder Theorem. Cryptographic Hardware and Embedded Systems - CHES 2000, Ç. K. Koç and C. Paar, editors, pages 109-124, Springer-Verlag, LNCS vol. 1965, 2000.
26. T. Shanley. The Unabridged Pentium 4: IA32 Processor Genealogy. Addison-Wesley Professional, 2004.
27. J. Shen and M. Lipasti. Modern Processor Design: Fundamentals of Su-perscalar Processors. McGraw-Hill, 2005.
28. O. Sibert, P. A. Porras, and R. Lindell. The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems. IEEE Symposium on Security and Privacy, pages 211-223, 1995.
29. S. W. Smith. Trusted Computing Platforms: Design and Applications, Springer-Verlag, 2004.
30. Trusted Computing Group, http://www.trustedcomputinggroup.org.
31. R. Uhlig, G. Neiger, D. Rodgers, A. L. Santoni, F. C. M. Martins, A. V. Anderson, S. M. Bennett, A. Kagi, F. H. Leung, L. Smith. Intel Virtualization Technology, IEEE Computer, volume 38, number 5, pages 48-56, May 2005.
32. C. D. Walter. Montgomery Exponentiation Needs No Final Subtractions. IEE Electronics Letters, volume 35, number 21, pages 1831-1832, October 1999.