sliding right into disaster left to right sliding windows
play

Sliding right into disaster - Left-to-right sliding windows leak - PowerPoint PPT Presentation

Sep 27, 2022 •125 likes •581 views

Sliding right into disaster - Left-to-right sliding windows leak Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink , Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom September 28th, 2017 Sliding

  1. Sliding right into disaster - Left-to-right sliding windows leak Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink , Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom September 28th, 2017 Sliding right into disaster - Left-to-right sliding windows leak 1

  2. Side-channel attacks on RSA Side-channel attacks on RSA: modular exponentiation Constant-time implementations cannot use sliding windows Common belief: sliding windows do not leak enough for key recovery Sliding right into disaster - Left-to-right sliding windows leak 2

  3. This work We show that right-to-left sliding window method does not leak enough Sliding right into disaster - Left-to-right sliding windows leak 3

  4. This work We show that right-to-left sliding window method does not leak enough We show that left-to-right sliding window method does leak enough Two methods to extract information from square and multiply sequence Demonstrated real-world applicability by attacking Libgcrypt We analyze the reasons why left-to-right leaks more than right-to-left Sliding right into disaster - Left-to-right sliding windows leak 3

  5. RSA Sliding right into disaster - Left-to-right sliding windows leak 4

  6. RSA signatures Keygen: Public key ( e , N ) where N = pq for primes p , q Secret key ( d , p , q ) where ed ≡ 1 mod φ ( N ) and φ ( N ) = ( p − 1)( q − 1) Sliding right into disaster - Left-to-right sliding windows leak 5

  7. RSA signatures Keygen: Public key ( e , N ) where N = pq for primes p , q Secret key ( d , p , q ) where ed ≡ 1 mod φ ( N ) and φ ( N ) = ( p − 1)( q − 1) Sign and verify: Let H be a padded secure hash-function Signature: s of message m : s = H ( m ) d mod N Verification: compute z = s e mod N and verify z ? = H ( m ) Sliding right into disaster - Left-to-right sliding windows leak 5

  8. RSA signatures Keygen: Public key ( e , N ) where N = pq for primes p , q Secret key ( d , p , q ) where ed ≡ 1 mod φ ( N ) and φ ( N ) = ( p − 1)( q − 1) Sign and verify: Let H be a padded secure hash-function Signature: s of message m : s = H ( m ) d mod N Verification: compute z = s e mod N and verify z ? = H ( m ) CRT: Common optimization based on Chinese Remainder Theorem (CRT) Compute s p ≡ H ( m ) d p mod p and s q ≡ H ( m ) d q mod q Combine to s using CRT Sliding right into disaster - Left-to-right sliding windows leak 5

  9. Sliding-window method Implement modular exponentiation using sliding-windows Window size w , sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i for odd 0 ≤ d i ≤ 2 w − 1 In general, compute b d mod p as follows: Sliding right into disaster - Left-to-right sliding windows leak 6

  10. Sliding-window method Implement modular exponentiation using sliding-windows Window size w , sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i for odd 0 ≤ d i ≤ 2 w − 1 In general, compute b d mod p as follows: Precompute small, odd powers of b mod p 1 (i.e. b mod p , b 3 mod p , . . . , b 2 w − 1 mod p ). Sliding right into disaster - Left-to-right sliding windows leak 6

  11. Sliding-window method Implement modular exponentiation using sliding-windows Window size w , sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i for odd 0 ≤ d i ≤ 2 w − 1 In general, compute b d mod p as follows: Precompute small, odd powers of b mod p 1 (i.e. b mod p , b 3 mod p , . . . , b 2 w − 1 mod p ). Set a = 1 2 For i ← n − 1 to 0: 3 a = a · a mod p (Square) 4 If d i � = 0: 5 a = a · b d i mod p (Multiply) 6 Return a 7 Sliding right into disaster - Left-to-right sliding windows leak 6

  12. Sliding-window method Implement modular exponentiation using sliding-windows Window size w , sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i for odd 0 ≤ d i ≤ 2 w − 1 In general, compute b d mod p as follows: Precompute small, odd powers of b mod p 1 (i.e. b mod p , b 3 mod p , . . . , b 2 w − 1 mod p ). Set a = 1 2 For i ← n − 1 to 0: 3 a = a · a mod p (Square) 4 If d i � = 0: 5 a = a · b d i mod p (Multiply) 6 Return a 7 This leaks a Square and Multiply Sequence For sufficiently large w , too many options to try Sliding right into disaster - Left-to-right sliding windows leak 6

  13. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Sliding right into disaster - Left-to-right sliding windows leak 7

  14. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Right-to-left Windowed form Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  15. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Right-to-left Windowed form 0 0 0 3 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  16. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Right-to-left Windowed form 0 0 0 0 3 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  17. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Right-to-left Windowed form 0 0 0 11 0 0 0 0 3 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  18. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Right-to-left Windowed form 0 0 0 1 0 0 0 11 0 0 0 0 3 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  19. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Right-to-left Windowed form 1 0 0 0 1 0 0 0 11 0 0 0 0 3 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 2 Leaking on average a fraction of w +1 bits Sliding right into disaster - Left-to-right sliding windows leak 7

  20. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Left-to-right Windowed form Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  21. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Left-to-right Windowed form Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  22. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Left-to-right Windowed form 1 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  23. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Left-to-right Windowed form 1 0 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  24. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Left-to-right Windowed form 1 0 0 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  25. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Left-to-right Windowed form 1 0 0 0 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  26. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Left-to-right Windowed form 1 0 0 0 0 0 0 13 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  27. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Left-to-right Windowed form 1 0 0 0 0 0 0 13 1 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

  28. Sliding-window form How to compute sliding-window form d n − 1 . . . d 0 s.t. d = � n − 1 i =0 d i 2 i Example with w = 4, d = 9059 = 10001101100011 Left-to-right Windowed form 1 0 0 0 0 0 0 13 1 0 0 0 Binary form 1 0 0 0 1 1 0 1 1 0 0 0 1 1 Sliding right into disaster - Left-to-right sliding windows leak 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Glacier Sliding Ian Hewitt, University of Oxford hewitt@maths.ox.ac.uk Sliding / friction laws -

Glacier Sliding Ian Hewitt, University of Oxford hewitt@maths.ox.ac.uk Sliding / friction laws -

Glacier Sliding Ian Hewitt, University of Oxford hewitt@maths.ox.ac.uk Sliding / friction laws - Numerical models Classical sliding theory ( hard bed ) - Regelation - Viscous deformation - Cavitation Soft bed sliding - Till strength - Bed

235 views • 22 slides
Data stream statistics over sliding windows: How to summarize 150 Million updates per second on a

Data stream statistics over sliding windows: How to summarize 150 Million updates per second on a

Data stream statistics over sliding windows: How to summarize 150 Million updates per second on a single node Grigorios Chrysos, Odysseas Papapetrou, Dionisios Pnevmatikatos , Apostolos Dollas, Minos Garofalakis Technical

463 views • 27 slides
Beyond Sliding Windows: Object Localization by Efficient Subwindow Search Christoph H. Lampert

Beyond Sliding Windows: Object Localization by Efficient Subwindow Search Christoph H. Lampert

Beyond Sliding Windows: Object Localization by Efficient Subwindow Search Christoph H. Lampert , Matthew B. Blaschko , & Thomas Hofmann Max Planck Institute for Biological Cybernetics T ubingen, Germany Google, Inc. Z

627 views • 42 slides
Optimal Matching For SLiding Window Compression With Suffix Tries An advantage of sliding

Optimal Matching For SLiding Window Compression With Suffix Tries An advantage of sliding

Optimal Matching For SLiding Window Compression With Suffix Tries An advantage of sliding window compression is fast decoding. However, encoding is a different story. Simple hashing schemes such as that employed by gzip work well in

609 views • 21 slides
Lecture 3: Introduction to Sliding Mode Control Reference: S.C. Tan, Chapter 1. Sliding Mode

Lecture 3: Introduction to Sliding Mode Control Reference: S.C. Tan, Chapter 1. Sliding Mode

ELEC8406 Sliding Mode Control of Power Electronics Lecture 3: Introduction to Sliding Mode Control Reference: S.C. Tan, Chapter 1. Sliding Mode Control of Switching Power Converters History (1) SM control can be traced back to the 1930s

882 views • 45 slides
Brief Announcement: Tracking Distributed Aggregates over Time-based Sliding Windows Graham

Brief Announcement: Tracking Distributed Aggregates over Time-based Sliding Windows Graham

Brief Announcement: Tracking Distributed Aggregates over Time-based Sliding Windows Graham Cormode AT&T Labs Ke Yi HKUST Continuous Distributed Model Track f(S 1 ,,S m ) Coordinator local stream(s) seen at each site k sites S 1 S m

70 views • 4 slides
Sliding windows and face detection Tuesday, Nov 10 Kristen Grauman UT Austin Last time

Sliding windows and face detection Tuesday, Nov 10 Kristen Grauman UT Austin Last time

11/10/2009 Sliding windows and face detection Tuesday, Nov 10 Kristen Grauman UT Austin Last time Modeling categories with local features and spatial information: Histograms, configurations of visual words to capture Histograms

937 views • 40 slides
The Sliding Window Algorithm The Sliding Window algorithm sums several small

The Sliding Window Algorithm The Sliding Window algorithm sums several small

The Sliding Window Algorithm The Sliding Window algorithm sums several small sub-matrices of a matrix of values. The maximum of these sums is then located and it's coordinates passed out of the program. This is used as a

466 views • 22 slides
1 Sliding Windows Flow Control Sliding Window Diagram Allow multiple frames to be in transit

1 Sliding Windows Flow Control Sliding Window Diagram Allow multiple frames to be in transit

William Stallings Flow Control Data and Computer Communications Ensuring the sending entity does not overwhelm 7 th Edition the receiving entity Preventing buffer overflow Transmission time Chapter 7 Time taken to emit all

522 views • 8 slides
Sliding Window Protocol Sliding window protocol: Stop & Wait: inefficient if a is

Sliding Window Protocol Sliding window protocol: Stop & Wait: inefficient if a is

Computer Networks Prof. Hema A Murthy Sliding Window Protocol Sliding window protocol: Stop & Wait: inefficient if a is large. Data: - stream of bulk data - data can be pipelined - transmit window of date - donot

1.71k views • 13 slides
Adaptable Two-Dimension Sliding Windows on NVIDIA GPUs with Runtime Compilation Nicholas Moore

Adaptable Two-Dimension Sliding Windows on NVIDIA GPUs with Runtime Compilation Nicholas Moore

Adaptable Two-Dimension Sliding Windows on NVIDIA GPUs with Runtime Compilation Nicholas Moore and Miriam Leeser Dept. of Electrical and Computer Engineering Northeastern University Boston, MA Laurie Smith King Dept. of Mathematics and

405 views • 25 slides
Sliding Windows Sanja Fidler CSC420: Intro to Image Understanding 1 / 49 Type of Approaches Di

Sliding Windows Sanja Fidler CSC420: Intro to Image Understanding 1 / 49 Type of Approaches Di

Object Detection Sliding Windows Sanja Fidler CSC420: Intro to Image Understanding 1 / 49 Type of Approaches Di ff erent approaches tackle detection di ff erently. They can roughly be categorized into three main types: Find interest points ,

1.2k views • 51 slides
Sliding system for concertina doors 271 Sliding system for concertina doors - Technical features

Sliding system for concertina doors 271 Sliding system for concertina doors - Technical features

Sliding system for concertina doors Sliding system for concertina doors 271 Sliding system for concertina doors - Technical features The Salice system for concertina doors has been designed to open both doors on one side only, giving good access

512 views • 10 slides
Sliding Windows Sanja Fidler CSC420: Intro to Image Understanding 1 / 49 Type of Approaches

Sliding Windows Sanja Fidler CSC420: Intro to Image Understanding 1 / 49 Type of Approaches

Object Detection Sliding Windows Sanja Fidler CSC420: Intro to Image Understanding 1 / 49 Type of Approaches Different approaches tackle detection differently. They can roughly be categorized into three main types: Find interest points ,

883 views • 51 slides
Identifying Frequent Items in Sliding Windows over On-Line Packet Streams Alejandro Lpez-Ortiz

Identifying Frequent Items in Sliding Windows over On-Line Packet Streams Alejandro Lpez-Ortiz

Identifying Frequent Items in Sliding Windows over On-Line Packet Streams Alejandro Lpez-Ortiz School of Computer Science University of Waterloo Joint work with Lukasz Golab (Waterloo), David DeHaan (Waterloo), Erik Demaine (MIT), and J.

673 views • 12 slides
Sliding Windows Zhewei Wei 1 , Xuancheng Liu 1 , Feifei Li 2 , Shuo Shang 1 Xiaoyong Du 1 , Ji-Rong

Sliding Windows Zhewei Wei 1 , Xuancheng Liu 1 , Feifei Li 2 , Shuo Shang 1 Xiaoyong Du 1 , Ji-Rong

Matrix Sketching over Sliding Windows Zhewei Wei 1 , Xuancheng Liu 1 , Feifei Li 2 , Shuo Shang 1 Xiaoyong Du 1 , Ji-Rong Wen 1 1 School of Information, Renmin University of China 2 School of Computing, The University of Utah Matrix data

332 views • 14 slides
Sliding window - Sender side Cumulative Acknowledgments Not sent Sent, no ACK ACK:ed Free

Sliding window - Sender side Cumulative Acknowledgments Not sent Sent, no ACK ACK:ed Free

Sliding window - Sender side Cumulative Acknowledgments Not sent Sent, no ACK ACK:ed Free Sending buffer at the sender: Sliding Window New data sent to transport layer by application, but not yet sent Free buffer space where application

564 views • 3 slides
Scalar Multiplication and Addition Chains Peter Birkner Department of Mathematics, Technical

Scalar Multiplication and Addition Chains Peter Birkner Department of Mathematics, Technical

Motivation Left-To-Right Binary Right-To-Left Binary Signed Digit Representations Windowing Methods Scalar Multiplication and Addition Chains Peter Birkner Department of Mathematics, Technical University of Denmark Summer School on Elliptic

773 views • 17 slides
IN SUPPORT OF WORKLOAD-AWARE STREAMING STATE MANAGEMENT Vasiliki Kalavri John Liagouris

IN SUPPORT OF WORKLOAD-AWARE STREAMING STATE MANAGEMENT Vasiliki Kalavri John Liagouris

IN SUPPORT OF WORKLOAD-AWARE STREAMING STATE MANAGEMENT Vasiliki Kalavri John Liagouris vkalavri@bu.edu liagos@bu.edu HotStorage 2020 14 July 2020 STREAMING DATAFLOWS Nexmark Q4: Rolling average of winning bids auctions source

349 views • 33 slides
FAZE Tab switching & Window switching with Gaze & Facial gestures VARUN VIKASH

FAZE Tab switching & Window switching with Gaze & Facial gestures VARUN VIKASH

SLIDES FAZE Tab switching & Window switching with Gaze & Facial gestures VARUN VIKASH KARTHIKEYAN Interaction Engineering Winter Semester 2019/20 Prof. Dr. Michael Kipp Augsburg University of Applied Sciences Concept video

538 views • 28 slides
Re Resilience of of Dep Deployed ed TC TCP to to Bl Blink Attack At Paper written by

Re Resilience of of Dep Deployed ed TC TCP to to Bl Blink Attack At Paper written by

Chair of Connected Mobility TUM Department of Informatics Re Resilience of of Dep Deployed ed TC TCP to to Bl Blink Attack At Paper written by Matthew Luckie Robert Beverly Tiange Wu Naval Postgraduate School University of Waikato

367 views • 11 slides
Large Scale Simulation of Tor: Stream Mix Networks Low latency Networks Network Correlation

Large Scale Simulation of Tor: Stream Mix Networks Low latency Networks Network Correlation

Large Scale Simulation of Tor: Stream Correlation Attacks Gavin O Gorman Anonymous Networks Large Scale Simulation of Tor: Stream Mix Networks Low latency Networks Network Correlation Attacks Simulation Results Attacks Gavin O

328 views • 20 slides
Cyber Security in Smart Grids EE 772 : Smart Grids Prof. S. A. Khaparde Indian Institute of

Cyber Security in Smart Grids EE 772 : Smart Grids Prof. S. A. Khaparde Indian Institute of

Cyber Security in Smart Grids EE 772 : Smart Grids Prof. S. A. Khaparde Indian Institute of Technology Bombay Introduction to Cyber-Physical Systems - Communication between physical devices through a cyber layer - Sensors and Actuators

893 views • 53 slides
Hacking Excel Online How to exploit Calc Nicolas Joly - @n_joly MSRC Vulnerabilities and

Hacking Excel Online How to exploit Calc Nicolas Joly - @n_joly MSRC Vulnerabilities and

Hacking Excel Online How to exploit Calc Nicolas Joly - @n_joly MSRC Vulnerabilities and Mitigations Team SSTIC June 5 th , 2020 This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS

558 views • 23 slides

More recommend