Cachebleed: a timing attack on OpenSSL constant time RSA

Yarom, Y.; Genkin, D.; Heninger, N.

Please use this identifier to cite or link to this item: https://hdl.handle.net/2440/108056

Scopus	Web of Science®	Altmetric
Citations
?	?

Type:	Conference paper
Title:	Cachebleed: a timing attack on OpenSSL constant time RSA
Author:	Yarom, Y. Genkin, D. Heninger, N.
Citation:	Lecture Notes in Artificial Intelligence, 2016 / Gierlichs, B., Poschmann, A. (ed./s), vol.9813 LNCS, pp.346-367
Publisher:	Springer
Issue Date:	2016
Series/Report no.:	Lecture Notes in Computer Science
ISBN:	9783662531396
ISSN:	0302-9743 1611-3349
Conference Name:	18th International Conference on Cryptographic Hardware and Embedded Systems (CHES) (17 Aug 2016 - 19 Aug 2016 : Santa Barbara, CA)
Editor:	Gierlichs, B. Poschmann, A.
Statement of Responsibility:	Yuval Yarom, Daniel Genkin, and Nadia Heninger
Abstract:	The scatter-gather technique is a commonly implemented approach to prevent cache-based timing attacks. In this paper we show that scatter-gather is not constant time. We implement a cache timing attack against the scatter-gather implementation used in the modular exponentiation routine in OpenSSL version 1.0.2f. Our attack exploits cache-bank conflicts on the Sandy Bridge microarchitecture. We have tested the attack on an Intel Xeon E5-2430 processor. For 4096-bit RSA our attack can fully recover the private key after observing 16,000 decryptions.
Keywords:	Side-channel attacks; Cache attacks; Cryptographic implementations; Constant-time; RSA
Description:	Lecture Notes in Computer Science, vol. 9813
Rights:	© International Association for Cryptologic Research 2016
DOI:	10.1007/978-3-662-53140-2_17
Published version:	http://dx.doi.org/10.1007/978-3-662-53140-2_17
Appears in Collections:	Aurora harvest 8 Computer Science publications

Files in This Item:

File	Description	Size	Format
RA_hdl_108056.pdf Restricted Access	Restricted Access	1.24 MB	Adobe PDF	View/Open

Show full item record

Adelaide Research & Scholarship