"Make Sure DSA Signing Exponentiations Really are Constant-Time"

García, Cesar Pereida; Brumley, Billy Bob; Yarom, Yuval

"Make Sure DSA Signing Exponentiations Really are Constant-Time"

García, Cesar Pereida; Brumley, Billy Bob; Yarom, Yuval (2016)

Avaa tiedosto

p1639_pereida_garcia.pdf (600.2Kt)

Lataukset:

URI

http://eprint.iacr.org/2016/594

García, Cesar Pereida

Brumley, Billy Bob

Yarom, Yuval

2016

doi:10.1145/2976749.2978420

Näytä kaikki kuvailutiedot

Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201612024843

Kuvaus

Peer reviewed

Tiivistelmä

TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the implementations of these protocols rely on the cryptographic primitives provided in the OpenSSL library. In this work we disclose a vulnerability in OpenSSL, affecting all versions and forks (e.g. LibreSSL and BoringSSL) since roughly October 2005, which renders the implementation of the DSA signature scheme vulnerable to cache-based side-channel attacks. Exploiting the software defect, we demonstrate the first published cache-based key-recovery attack on these protocols: 260 SSH-2 handshakes to extract a 1024/160-bit DSA host key from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server.

Kokoelmat

TUNICRIS-julkaisut [20711]