Improving Brumley and Boneh timing attack on unprotected SSL implementations

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Improving Brumley and Boneh timing attack on unprotected SSL implementations

Full text

Pdf (172 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 12th ACM conference on Computer and communications security table of contents

Alexandria, VA, USA

SESSION: Authentication table of contents

Pages: 139 - 146

Year of Publication: 2005

ISBN:1-59593-226-7

Authors

Onur Aciiçmez	Oregon State University, Corvallis
Werner Schindler	Bundesamt für Sicherheit, Bonn, Germany
Çetin K. Koç	Oregon State University, Corvallis

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): n/a, Downloads (12 Months): n/a, Citation Count: 5

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1102120.1102140 What is a DOI?

ABSTRACT

Since the remarkable work of Kocher [7], several papers considering different types of timing attacks have been published. In 2003, Brumley and Boneh presented a timing attack on unprotected OpenSSL implementations [2]. In this paper, we improve the efficiency of their attack by a factor of more than 10. We exploit the timing behavior of Montgomery multiplications in the table initialization phase, which allows us to increase the number of multiplications that provide useful information to reveal one of the prime factors of RSA moduli. We also present other improvements, which can be applied to the attack in [2].

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Daniel Bleichenbacher, Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1, Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.1-12, August 23-27, 1998
	2	D. Brumley, D. Boneh: Remote Timing Attacks are Practical. In: Proceedings of the 12th Usenix Security Symposium, 2003.
	3	B. Canvel, A. Hiltgen, S. Vaudenay, M. Vuagnoux: Password Interception in a SSL/TSL Channel. In: D. Boneh (ed.): Crypto 2003, Lecture Notes in Computer Science 2729, Springer, Heidelberg (2003), 583--599.
	4	D. Coppersmith: Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. J. Cryptology 10 (no. 4) (1997) 233--260.
	5	Jean-François Dhem , François Koeune , Philippe-Alexandre Leroux , Patrick Mestré , Jean-Jacques Quisquater , Jean-Louis Willems, A Practical Implementation of the Timing Attack, Proceedings of the The International Conference on Smart Card Research and Applications, p.167-182, September 14-16, 1998
	6	W. Feller: Introduction to Probability Theory and Its Applications (Vol. 1). 3rd edition, revised printing, New York, Wiley (1970).
	7	Paul C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, p.104-113, August 18-22, 1996
	8	Alfred J. Menezes , Scott A. Vanstone , Paul C. Van Oorschot, Handbook of Applied Cryptography, CRC Press, Inc., Boca Raton, FL, 1996
	9	W. Schindler: Optimized Timing Attacks against Public Key Cryptosystems. Statist. Decisions 20 (2002), 191--210.
	10	Werner Schindler, A Timing Attack against RSA with the Chinese Remainder Theorem, Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems, p.109-124, August 17-18, 2000
	11	Werner Schindler , François Koeune , Jean-Jacques Quisquater, Improving Divide and Conquer Attacks against Cryptosystems by Better Error Detection / Correction Strategies, Proceedings of the 8th IMA International Conference on Cryptography and Coding, p.245-267, December 17-19, 2001
	12	W. Schindler: On the Optimization of Side-Channel Attacks by Advanced Stochastic Methods. In: S. Vaudenay (ed.): Public Key Cryptography --- PKC 2005, Springer, Lecture Notes in Computer Science 3386, Berlin 2005, 85--103.
	13	GNU Project: GMP: http://www.swox.com/gmp/.
	14	OpenSSL Project: OpenSSL: http://www.openssl.org.

CITED BY 5

	Andrew Bortz , Dan Boneh, Exposing private information by timing web applications, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada
	Onur Aciiçmez, Yet another MicroArchitectural Attack:: exploiting I-Cache, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
	Jingfei Kong , Onur Aciicmez , Jean-Pierre Seifert , Huiyang Zhou, Deconstructing new cache designs for thwarting software cache-based side channel attacks, Proceedings of the 2nd ACM workshop on Computer security architectures, October 31-31, 2008, Alexandria, Virginia, USA
	Scott A. Crosby , Dan S. Wallach , Rudolf H. Riedi, Opportunities and Limits of Remote Timing Attacks, ACM Transactions on Information and System Security (TISSEC), v.12 n.3, p.1-29, January 2009
	Bagus Santoso , Noboru Kunihiro , Naoki Kanayama , Kazuo Ohta, Factorization of Square-Free Integers with High Bits Known, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, v.E91-A n.1, p.306-315, January 2008