sidechannel   79

« earlier    

Side-channel attacking browsers through CSS3 features
Layering an image over the top of an Iframe from another site won’t tell you the resultant colour, that would be an explicit information leak, but certain blend modes take longer than others based on the source pixel value. This is a lovely demonstration of how to identify and generate a proof of concept for a timing side channel attack.
newsletter  sidechannel  attack  poc 
june 2018 by bruntonspall
Drive-by Key-Extraction Cache Attacks from Portable Code
We show how malicious web content can extract cryptographic secret keys from the user’s computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory
accesses of other programs running on the user’s computer. We show how this side-channel attack can be realized in both WebAssembly and PNaCl; how to attain very fine-grained measurements; and how to use these to extract ElGamal, ECDH and RSA decryption keys from
various cryptographic libraries.
The attack does not rely on bugs in the browser’s nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms and browser-only functionality, such as Chromebook devices.
Moreover, on browser-based platforms the attacked software too may be written in portable JavaScript; and we show that in this case even implementations of supposedly-secure constant-time algorithms, such as Curve25519’s, are vulnerable to our attack
sidechannel  hsm  key  extraction  leakage 
february 2018 by mysty
Project Zero: Reading privileged memory with a side-channel
CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts
exploits  google  security  cpu  sidechannel  attack 
january 2018 by deveiant

« earlier    

related tags

!awesome  accelerometer  aes  amazon  android  architecture  arm  art  attach  attack  audio  awesome  backdoor  bitcoin  broadcast  browser  browsing  bsi  c&c  c++  c  cache  cert  channel  cloud  command  comp3911  computation  consumption  cornell  covertchannel  cpu  crypto  cryptocurrency  cryptography  cryptology  defense  delicious  doom  dpa  ecc  ecdh  ecdsa  electronics  em  encryption  ephemeram  eprint  esxi  exfiltration  exploit  exploits  extraction  filetype:pdf  flush+reload  fpga  gnupg  google  gpg  gyro  gyroscope  hack  hardware  hsm  information  key  keylogger  krypto  kryptographie  leakage  library  linux  listening  malware  media:document  meltdown  microcode  microsoft  mikrocontroller  mischan  mobile  news  newsletter  oblique_causation  oscilloscope  paper  pdf  php  phpmyadmin  physical_security  poc  power  poweranalysis  privacy  programming  proof-of-concept  prozessor  radio  reference  register  research  rng  rsa  sca  sdr  secp256k1  security  sensor  side  side_effects  skype  slides  software  spectre  steganography  surveillance  system  tempest  timingattack  toread  tsx  twitter  usenix  valgrind  van_eck_phreaking  virtualization  voip  web  webbrowser  woot17  x86  zcash 

Copy this bookmark: