Remote timing attacks are still practical

Billy Brumley, Nicola Tuveri

    Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

    136 Citations (Scopus)

    Abstract

    For over two decades, timing attacks have been an active area of research within applied cryptography. These attacks exploit cryptosystem or protocol implementations that do not run in constant time. When implementing an elliptic curve cryptosystem with a goal to provide side-channel resistance, the scalar multiplication routine is a critical component. In such instances, one attractive method often suggested in the literature is Montgomery's ladder that performs a fixed sequence of curve and field operations. This paper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. We use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, we mount a lattice attack that recovers the private key. Finally, we describe and implement an effective countermeasure.

    Original languageEnglish
    Title of host publicationComputer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings
    Pages355-371
    Number of pages17
    Volume6879 LNCS
    DOIs
    Publication statusPublished - 2011
    Publication typeA4 Article in conference proceedings
    Event16th European Symposium on Research in Computer Security, ESORICS 2011 - Leuven, Belgium
    Duration: 12 Sept 201114 Sept 2011

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume6879 LNCS
    ISSN (Print)03029743
    ISSN (Electronic)16113349

    Conference

    Conference16th European Symposium on Research in Computer Security, ESORICS 2011
    Country/TerritoryBelgium
    CityLeuven
    Period12/09/1114/09/11

    Keywords

    • elliptic curve cryptography
    • lattice attacks
    • Side-channel attacks
    • timing attacks

    ASJC Scopus subject areas

    • General Computer Science
    • Theoretical Computer Science

    Fingerprint

    Dive into the research topics of 'Remote timing attacks are still practical'. Together they form a unique fingerprint.

    Cite this