sidechannel   73

« earlier    

Drive-by Key-Extraction Cache Attacks from Portable Code
We show how malicious web content can extract cryptographic secret keys from the user’s computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory
accesses of other programs running on the user’s computer. We show how this side-channel attack can be realized in both WebAssembly and PNaCl; how to attain very fine-grained measurements; and how to use these to extract ElGamal, ECDH and RSA decryption keys from
various cryptographic libraries.
The attack does not rely on bugs in the browser’s nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms and browser-only functionality, such as Chromebook devices.
Moreover, on browser-based platforms the attacked software too may be written in portable JavaScript; and we show that in this case even implementations of supposedly-secure constant-time algorithms, such as Curve25519’s, are vulnerable to our attack
sidechannel  hsm  key  extraction  leakage 
6 weeks ago by mysty
Project Zero: Reading privileged memory with a side-channel
CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts
exploits  google  security  cpu  sidechannel  attack 
11 weeks ago by deveiant
The crazy security story behind the birth of Zcash
A secret ceremony was underway. Before the company could release the source code of its digital currency and turn the crank on the engine, a series of cryptographic computations needed to be completed and added to the protocol. But for complex reasons, Wilcox had to prevent the calculations from ever being seen. If they were, it could completely compromise the security of the currency he had built.
security  sidechannel  zcash  crypto  cryptocurrency 
july 2017 by kybernetikos
The Security Behind the Birth of Zcash
A journalist's phone acted funny during the key generation for Zcash. Could it be a side channel attack? Probably not a successful one.
security  via:HackerNews  sidechannel 
july 2017 by mcherm

« earlier    

related tags

!awesome  2018  accelerometer  aes  amazon  amd  android  architecture  arm  art  attach  attack  audio  awesome  backdoor  bitcoin  broadcast  browser  browsing  bsi  c&c  c++  cache  cert  channel  cloud  command  comp3911  computation  consumption  cornell  covertchannel  cpu  cryptanalysis  crypto  cryptocurrency  cryptography  cryptology  delicious  doom  dpa  ecc  ecdh  ecdsa  electronics  em  encryption  ephemeram  eprint  esxi  exfiltration  exploit  exploits  extraction  filetype:pdf  flush+reload  fpga  gnupg  google  gpg  gyro  gyroscope  hack  hardware  hsm  intel  key  keylogger  krypto  kryptographie  leakage  library  linux  listening  macos  malware  media:document  meltdown-spectre  meltdown  microcode  mikrocontroller  mischan  mobile  news  oblique_causation  openssl  oscilloscope  paper  pdf  php  phpmyadmin  physical_security  power  poweranalysis  privacy  proof-of-concept  prozessor  radio  register  research  rng  rsa  sca  sdr  secp256k1  security  sensor  side  side_effects  skype  slides  software  spectre  steganography  surveillance  system  tempest  timingattack  toread  tsx  twitter  usenix  valgrind  van_eck_phreaking  virtualization  voip  vulnerability  web  webbrowser  windows  woot17  x86  zcash 

Copy this bookmark: