Transcription of Cache-timing attacks on AES
{{id}} {{{paragraph}}}
Example: air traffic controller
Cache-timing attacks on AES
Cache-timingattacks on AESD anielJ. Bernstein?Department of Mathematics,Statistics,andComputerScienc e(M/C249)TheUniversity of Illinoisat ChicagoChicago,IL demonstratescompleteAESkeyrecoveryfromkn own-plaintexttimingsof a networkserver shouldbe blamedontheAESdesign,notontheparticularA ESlibraryusedby theserver;it is extremelydi cultto discussesseveralof theobstaclesin :sidechannels,timingattacks,softwaretimi ngattacks,cachetiming,loadtiming,array lookups,S-boxes,AES1 IntroductionThispaper reportssuccessfulextractionof a completeAESkey froma networkserver useditskeysolelyto encryptdatausingtheOpenSSLAES implementationona was a verysimpletimingattack. Presumablythesametechniquecanextractcomp leteAESkeysfromthemorecomplicatedservers actuallyusedto handleInternetdata,althoughtheattackswil loftenrequireextratimingsto averageoutthee ectsof of thistype limitedto thePentiumIII?
by Ferguson, Whiting, Schneier, Kelsey, Lucks, and Kohno in [11]; and my new Salsa20. These cryptographic functions are built from a few simple operations that take constant time on common general-purpose CPUs: 32-bit additions, constant-distancerotations, etc. There is no apparent incentive for implementors
Loading..
Tags:
Information
Domain:
Source:
Link to this page:
Please notify us if you found a problem with this document: