Visible to the public Biblio

Filters: Author is Yarom, Yuval  [Clear All Filters]
2017-05-17
Pereida García, Cesar, Brumley, Billy Bob, Yarom, Yuval.  2016.  "Make Sure DSA Signing Exponentiations Really Are Constant-Time". Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1639–1650.

TLS and SSH are two of the most commonly used protocols for securing Internet traffic. Many of the implementations of these protocols rely on the cryptographic primitives provided in the OpenSSL library. In this work we disclose a vulnerability in OpenSSL, affecting all versions and forks (e.g. LibreSSL and BoringSSL) since roughly October 2005, which renders the implementation of the DSA signature scheme vulnerable to cache-based side-channel attacks. Exploiting the software defect, we demonstrate the first published cache-based key-recovery attack on these protocols: 260 SSH-2 handshakes to extract a 1024/160-bit DSA host key from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server.

2017-04-03
Genkin, Daniel, Pachmanov, Lev, Pipman, Itamar, Tromer, Eran, Yarom, Yuval.  2016.  ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1626–1638.

We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe.