"Make sure DSA signing exponentiations really are constant-time"

Thumbnail Image

Access rights

openAccess
publishedVersion

URL

Journal Title

Journal ISSN

Volume Title

A4 Artikkeli konferenssijulkaisussa
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)

Authors

Date

2016-10-24

Department

Department of Computer Science

Major/Subject

Mcode

Degree programme

Language

en

Pages

12

Series

CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Volume 24-28-October-2016, pp. 1639-1650

Abstract

TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the implementations of these protocols rely on the cryptographic primitives provided in the OpenSSL library. In this work we disclose a vulnerability in OpenSSL, affecting all versions and forks (e.g. LibreSSL and BoringSSL) since roughly October 2005, which renders the implementation of the DSA signature scheme vulnerable to cache-based side-channel attacks. Exploiting the software defect, we demonstrate the first published cache-based key-recovery attack on these protocols: 260 SSH-2 handshakes to extract a 1024/160-bit DSA host key from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server.

Description

Keywords

Applied cryptography, Cache-timing attacks, CVE-2016-2178, Digital signatures, DSA, OpenSSL, Side-channel analysis, Timing attacks

Other note

DOI

10.1145/2976749.2978420

Citation

García, C P, Brumley, B B & Yarom, Y 2016, "Make sure DSA signing exponentiations really are constant-time". in CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. vol. 24-28-October-2016, ACM, pp. 1639-1650, ACM Conference on Computer and Communications Security, Vienna, Austria, 24/10/2016. https://doi.org/10.1145/2976749.2978420

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202105056519

Collections

[article-cris] Perustieteiden korkeakoulu / SCI