Predicting secret keys via branch prediction
| dc.contributor.author | Acıiçmez, Onur | |
| dc.contributor.author | Koç, Çetin Kaya | |
| dc.contributor.author | Seifert, J.-P. | |
| dc.date.accessioned | 2020-11-21T15:53:26Z | |
| dc.date.available | 2020-11-21T15:53:26Z | |
| dc.date.issued | 2007 | en_US |
| dc.department | İstanbul Ticaret Üniversitesi | en_US |
| dc.description | Cryptographers Track at the RSA Conference, CT-RSA 2007 -- 5 February 2007 through 9 February 2007 -- -- 194419 | en_US |
| dc.description.abstract | This paper announces a new software side-channel attack — enabled by the branch prediction capability common to all modern high-performance CPUs. The penalty paid (extra clock cycles) for a mispredicted branch can be used for cryptanalysis of cryptographic primitives that employ a data-dependent program flow. Analogous to the recently described cache-based side-channel attacks our attacks also allow an unprivileged process to attack other processes running in parallel on the same processor, despite sophisticated partitioning methods such as memory protection, sandboxing or even virtualization. In this paper, we will discuss several such attacks for the example of RSA, and experimentally show their applicability to real systems, such as OpenSSL and Linux. Moreover, we will also demonstrate the strength of the branch prediction side-channel attack by rendering the obvious countermeasure in this context (Montgomery Multiplication with dummy-reduction) as useless. Although the deeper consequences of the latter result make the task of writing an efficient and secure modular exponentiation (or scalar multiplication on an elliptic curve) a challenging task, we will eventually suggest some countermeasures to mitigate branch prediction side-channel attacks. © Springer-Verlag Berlin Heidelberg 2007. | en_US |
| dc.identifier.endpage | 242 | en_US |
| dc.identifier.issn | 0302-9743 | |
| dc.identifier.issn | 9.78354E+12 | |
| dc.identifier.scopus | 2-s2.0-84944627047 | en_US |
| dc.identifier.scopusquality | Q3 | en_US |
| dc.identifier.startpage | 225 | en_US |
| dc.identifier.uri | https://hdl.handle.net/11467/3583 | |
| dc.identifier.volume | 4377 LNCS | en_US |
| dc.identifier.wos | WOS:000244559100015 | en_US |
| dc.identifier.wosquality | N/A | en_US |
| dc.indekslendigikaynak | Web of Science | en_US |
| dc.indekslendigikaynak | Scopus | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | Springer Verlag | en_US |
| dc.relation.ispartof | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | en_US |
| dc.relation.publicationcategory | Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı | en_US |
| dc.rights | info:eu-repo/semantics/closedAccess | en_US |
| dc.subject | Branch prediction | en_US |
| dc.subject | Modular exponentiation | en_US |
| dc.subject | Montgomery multiplication | en_US |
| dc.subject | RSA | en_US |
| dc.subject | Side channel analysis | en_US |
| dc.subject | Simultaneous multithreading | en_US |
| dc.title | Predicting secret keys via branch prediction | en_US |
| dc.type | Conference Object | en_US |
