discussion remote timing attacks are practical
play

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 - PowerPoint PPT Presentation

Aug 27, 2023 •371 likes •645 views

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing attacks important? Clarifications Zero-One Gap / Neighborhood Size etc. Problems Questions Extensions Contribution Discussion

  1. Discussion: Remote Timing Attacks are Practical 600.624 2/11/05

  2. Outline • Why are timing attacks important? • Clarifications • Zero-One Gap / Neighborhood Size etc. • Problems • Questions • Extensions • Contribution • Discussion

  3. How fast can we factor? • Seny: RSAP. How do you go after crypto? • RSA Challenge • RSA-576 • 576 bits (174 digits) • Factored in 2 years (2001-2003) used “Lattice Sieving” • http://www.rsasecurity.com/rsalabs/

  4. How fast can we factor? (2) • Number Field Sieves • “Fast Algorithms” • Complexity: O ( e c (log n ) 1 / 3 (log log n ) 2 / 3 )

  5. Dangers of Timing Attacks • Probably not going to crack RSA (or El Gamal) any time soon • Dangers: Poor passwords (keys, entropy), timing attacks

  6. Clarifications

  7. What is the Zero-One Gap? Zero-One Gap = | � 1 - � 0 | � 1 � 0 time guess of q

  8. Zero-One Gap

  9. What is the “neighborhood size”? • Need to get better estimates at number of reductions (more on that later...) n � T g = DecryptTime ( g + i ) 1=0 n � T g hi = DecryptTime ( g hi + i ) 1=0 ∆ = | T g − T g hi | • Why increment i ? (Multiplication??)

  10. Neighborhood

  11. Neighborhood

  12. 1 ms? • State that 1 ms of Zero-One Gap is sufficient for attack. • Where did this number come from?

  13. 1 ms (2) Can we really tolerate 1 ms network variance?

  14. Problems

  15. Great Paper! (?) • Were the mathematics adequately explained? • Did they provide empirical evidence that this attack is feasible?

  16. “remote timing attacks are PRACTICAL “ • Setup: • 3 Hop Network • Load on the server • Experiments: • broke 2.5/3 keys • sample size (?!?) • What does this mean for failure rate?

  17. Questions • What about the first bits?

  18. Questions (2) • Would using OAEP prevent the attack? • Quick Answer: no. • What about RSA Signatures? • hashing?

  19. Questions (3) • Why include the VM Model? • Some people liked it... • What is the failure rate? • Come back to this...

  20. Questions (4) • How are they averaging their timing samples? • What does this imply about distribution? • What does this mean about their error rate?

  21. Defenses (”Hacks”) • Queueing Algorithms • Add a delay on decryption failure • Application layer Firewall • What about RSA batching?

  22. Better Defenses (?) • Blinding • “Are we wrong to rely on blinding considering it isn’t provably secure?” • Quantizing

  23. Extensions • What is the smallest neighborhood/sample size parameters such that the attack will work?

  24. Extensions (2) • Are there p/q or e/d pairs for which Multiplication and Reductions offset? (See key 3.) If so, what percent of the key space is vulnerable? (HARD??)

  25. Contribution • We all accepted this paper... discuss why.

  26. Discussion • Anything you would like to bring up?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of

Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of

Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of Science, Finland {bbrumley,ntuveri}@tcs.hut.fi Synopsis New remote timing attack vulnerability in OpenSSLs implementation of Montgomerys

487 views • 25 slides
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel attacks Kochers

1.19k views • 77 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen,

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen,

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen, Nick Nikiforakis Background: Timing attacks Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a

642 views • 21 slides
Digital Design Discussion: RTL Storage Components Shift Register Timing Register File Timing

Digital Design Discussion: RTL Storage Components Shift Register Timing Register File Timing

Principles Of Digital Design Discussion: RTL Storage Components Shift Register Timing Register File Timing RAM Up/Down Counter FIFO Queue Shift Register Timing Problem: Complete the timing diagram for the shift register shown. Assume

302 views • 12 slides
NetCAT : Practical Cache Attacks from the Network Michael Kurth , Ben Gras, Dennis Andriesse,

NetCAT : Practical Cache Attacks from the Network Michael Kurth , Ben Gras, Dennis Andriesse,

NetCAT : Practical Cache Attacks from the Network Michael Kurth , Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi Cache Attack from the Network Client Server Remote Cache Attack SSH 2 Network Cache Attack 3

794 views • 32 slides
Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l. 2018/12/06 Agenda 2 STM32 Nucleo Boards STM32 Firewall Cache-Timing Attack Evict&Time vs. MbedTLS AES on STM32

477 views • 20 slides
DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA)

DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA)

DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA) Basic Rules Remote Connection AKE RA Encoding Rules 2 Remote Access Basic Rules Source devices may permit remote access to content

326 views • 15 slides
DISTRIBUTED SYSTEMS Practical Lab Remote Method Invocation 2 A pragmatic Introduction RMI -

DISTRIBUTED SYSTEMS Practical Lab Remote Method Invocation 2 A pragmatic Introduction RMI -

1 DISTRIBUTED SYSTEMS Practical Lab Remote Method Invocation 2 A pragmatic Introduction RMI - Overview 3 Simple idea: In an OO-program objects communicate via methods For remote communication why not allow an object to

343 views • 11 slides
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

IEEE S&P 2016 No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis May 24, 2016 Wenrui Diao , Xiangyu Liu, Zhou Li, and Kehuan Zhang 2/18 Motivation -- Hardware and Kernel Mobile platform

700 views • 21 slides
Determinating Timing Channels in Compute Clouds Amittai Aviram, Sen Hu, Bryan Ford Yale

Determinating Timing Channels in Compute Clouds Amittai Aviram, Sen Hu, Bryan Ford Yale

Determinating Timing Channels in Compute Clouds Amittai Aviram, Sen Hu, Bryan Ford Yale University http://dedis.cs.yale.edu/ Ramakrishna Gummadi University of Massechusetts Amherst CCSW, October 8, 2010 Timing Attacks Cooperative attacks

471 views • 30 slides
Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA Werner Schindler Bundesamt f ur Sicherheit in der Werner Schindler

553 views • 23 slides
Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University

Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University

Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University http://dedis.cs.yale.edu/ USENIX HotCloud, June 13, 2012 The Long History of Timing Attacks Cooperative attacks apply to: Mandatory Access

359 views • 21 slides
CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded Systems (CHES) 2019 Alejandro Cabrera Aldaya 1 , Cesar Pereida Garca 2 , Luis Manuel Alvarez Tapia 1 , Billy Bob Brumley 2 , {aldaya,

371 views • 21 slides
Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This

Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This

Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This paper reports successful Thanks to: extraction of a complete AES key University of Illinois at Chicago from a network server NSF CCR9983950 on

1.28k views • 91 slides
Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong

Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong

Introduction Finding Padding Oracles Basic PO attacks Advanced PO attacks Summary Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong Practical Padding Oracle Attacks Introduction Finding Padding

1.33k views • 108 slides
AOS Linux Tutorial Remote Access and Transferring Files Michael Havas Dept. of Atmospheric and

AOS Linux Tutorial Remote Access and Transferring Files Michael Havas Dept. of Atmospheric and

AOS Linux Tutorial Remote Access and Transferring Files Michael Havas Dept. of Atmospheric and Oceanic Sciences McGill University September 28, 2010 Outline 1 Remote Access SSH From Linux or OS X SSH from Windows Transferring Files SSH

394 views • 20 slides
Linux on Sun Logical Domains David S. Miller Red Hat Inc. linux.conf.au, MEL8OURNE, 2008 David

Linux on Sun Logical Domains David S. Miller Red Hat Inc. linux.conf.au, MEL8OURNE, 2008 David

Background Userland Simulator Implementation Challenges/Futures Summary Linux on Sun Logical Domains David S. Miller Red Hat Inc. linux.conf.au, MEL8OURNE, 2008 David S. Miller Red Hat Inc. Linux on Sun LDOMs Background Userland

515 views • 36 slides
Smart metering architecture to enable and simulate novel services in smart grids Edoardo Patti

Smart metering architecture to enable and simulate novel services in smart grids Edoardo Patti

IEEE International Conference on Innovative Smart Grid Technologies Smart metering architecture to enable and simulate novel services in smart grids Edoardo Patti Francesco Arrigo Dept. Of Control and Computer Dept. of Energy Engineering,

1.33k views • 114 slides
Tutorial on Adversarial Machine Learning with CleverHans Nicholas Carlini University of

Tutorial on Adversarial Machine Learning with CleverHans Nicholas Carlini University of

@NicolasPapernot Tutorial on Adversarial Machine Learning with CleverHans Nicholas Carlini University of California, Berkeley Nicolas Papernot Pennsylvania State University Did you git clone https://github.com/carlini/odsc_adversarial_nn ?

493 views • 46 slides
Lec08: Remote Exploit Taesoo Kim 2 Scoreboard 3 NSA Codebreaker Challenges 4 Administrivia

Lec08: Remote Exploit Taesoo Kim 2 Scoreboard 3 NSA Codebreaker Challenges 4 Administrivia

1 Lec08: Remote Exploit Taesoo Kim 2 Scoreboard 3 NSA Codebreaker Challenges 4 Administrivia No class on Oct 28 If you are interested in, check out EKOPARTY CTF 2016 Due: Lab08 is out and its due on Nov 3 (two weeks!)

530 views • 21 slides
Uncovering Zero-Days and advanced fuzzing How to successfully get the tools to unlock UNIX and

Uncovering Zero-Days and advanced fuzzing How to successfully get the tools to unlock UNIX and

Uncovering Zero-Days and advanced fuzzing How to successfully get the tools to unlock UNIX and Windows Servers About the presentation Whoami Introduction 0days and the rush for public vulnerabilities And Advanced fuzzing techniques

432 views • 31 slides
Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul Prakash IEEE Security and Privacy 24 May 2016 Smart Door Locks CO Sensors Connected Ovens Smart Plugs IP Cameras Emerging Smart Home Frameworks

502 views • 35 slides
A WMI S HELL A new way to get shells on remote Windows machines using only the WMI service LEXSI

A WMI S HELL A new way to get shells on remote Windows machines using only the WMI service LEXSI

A WMI S HELL A new way to get shells on remote Windows machines using only the WMI service LEXSI > CLIENT Andrei Dumitrescu Security Consultant, LEXSI S UMMARY Introduction Authenticated remote code execution (RCE) methods on

817 views • 32 slides

More recommend