Learning Centre

"Make sure DSA signing exponentiations really are constant-time"

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.author García, Cesar Pereida
dc.contributor.author Brumley, Billy Bob
dc.contributor.author Yarom, Yuval
dc.date.accessioned 2021-05-05T06:19:55Z
dc.date.available 2021-05-05T06:19:55Z
dc.date.issued 2016-10-24
dc.identifier.citation García , C P , Brumley , B B & Yarom , Y 2016 , "Make sure DSA signing exponentiations really are constant-time" . in CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security . vol. 24-28-October-2016 , ACM , pp. 1639-1650 , ACM Conference on Computer and Communications Security , Vienna , Austria , 24/10/2016 . https://doi.org/10.1145/2976749.2978420 en
dc.identifier.isbn 9781450341394
dc.identifier.other PURE UUID: da5d477c-c793-4df2-b7c4-f234a6df247d
dc.identifier.other PURE ITEMURL: https://research.aalto.fi/en/publications/da5d477c-c793-4df2-b7c4-f234a6df247d
dc.identifier.other PURE LINK: http://www.scopus.com/inward/record.url?scp=84995459559&partnerID=8YFLogxK
dc.identifier.other PURE FILEURL: https://research.aalto.fi/files/62350972/2976749.2978420.pdf
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/107255
dc.description.abstract TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the implementations of these protocols rely on the cryptographic primitives provided in the OpenSSL library. In this work we disclose a vulnerability in OpenSSL, affecting all versions and forks (e.g. LibreSSL and BoringSSL) since roughly October 2005, which renders the implementation of the DSA signature scheme vulnerable to cache-based side-channel attacks. Exploiting the software defect, we demonstrate the first published cache-based key-recovery attack on these protocols: 260 SSH-2 handshakes to extract a 1024/160-bit DSA host key from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server. en
dc.format.extent 12
dc.format.extent 1639-1650
dc.format.mimetype application/pdf
dc.language.iso en en
dc.relation.ispartof ACM Conference on Computer and Communications Security en
dc.relation.ispartofseries CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security en
dc.relation.ispartofseries Volume 24-28-October-2016 en
dc.rights openAccess en
dc.title "Make sure DSA signing exponentiations really are constant-time" en
dc.type A4 Artikkeli konferenssijulkaisussa fi
dc.description.version Peer reviewed en
dc.contributor.department Adj. Prof. Asokan N. group
dc.contributor.department Tampere University of Technology
dc.contributor.department University of Adelaide
dc.contributor.department Department of Computer Science en
dc.subject.keyword Applied cryptography
dc.subject.keyword Cache-timing attacks
dc.subject.keyword CVE-2016-2178
dc.subject.keyword Digital signatures
dc.subject.keyword DSA
dc.subject.keyword OpenSSL
dc.subject.keyword Side-channel analysis
dc.subject.keyword Timing attacks
dc.identifier.urn URN:NBN:fi:aalto-202105056519
dc.identifier.doi 10.1145/2976749.2978420
dc.type.version publishedVersion


Files in this item

Files Size Format View

There are no open access files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search archive


Advanced Search

article-iconSubmit a publication

Browse

Statistics