Stack Overflow
Stack Overflow

Questions tagged [side-channel-attacks]

This should apply to a exploitation and defense against side channel attacks such as timing base attack and cache side-channel attack

From Wikipedia:

In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs).

20 questions
13
votes
3 answers

How does Spectre attack read the cache it tricked CPU to load?

I understand the part of the paper where they trick the CPU to speculatively load the part of the victim memory into the CPU cache. Part I do not understand is how they retrieve it from cache.
NoSenseEtAl
  • 28,205
  • 28
  • 128
  • 277
5
votes
2 answers

Flush & Reload cache side channel attack

I'm trying to understand the Flush + Reload cache side channel attack. As long as I know, the attack utilize the fact that unprivileged data could be loaded to the cache (when exploiting branch prediction, speculative execution, etc). Then, the…
Programmer
  • 119
  • 1
  • 8
4
votes
1 answer

How are code-branch side channel attacks mitigated on Java?

When you are working with secret keys, if your code branches unequally it could reveal bits of the secret keys via side channels. So for some algorithms it should branch uniformly independently of the secret key. On C/C++/Rust, you can use assembly…
Guerlando OCs
  • 1,886
  • 9
  • 61
  • 150
2
votes
3 answers

How Process can Share array2(the oracle array) in Spectre Attack?

In spectre paper, the PoC place Victim and Attacker code in same process. The code is like this: if (x < array1_size) y = array2[ array1[x] * 256 ]; So Attacker and victim can use the same array2(because they are in same code, process). But in…
Kyuwon Cho
  • 45
  • 8
1
vote
1 answer

Are there other C standard library functions like memcmp that have timing side-channel risk?

I found that memcmp() will return false earlier if the first byte is different in both strings, and I thought it has a timing attack risk. However, when I tried to find out if there were other functions that had side-channel risks like memcmp, I…
zhxf7481
  • 11
  • 1
1
vote
2 answers

De-activating the Core Voltage Regulator to Perform Power Analysis on STM32F407 DISCOVERY Board

I am trying to perform Power Analysis (Side-Channel Attack) on AES-128 that I have implemented on STM32F407 DISCOVERY MCU. I have found out that I can measure with a current probe from VCap1 and Vcap2 . To do so, the regulator that feeds the core…
Baris Zorba
  • 11
  • 1
1
vote
1 answer

Chipwhisperer TVLA has errors in site-packages

I'm trying to use the TVLA assessment provided by Chipwhisperer on my FPGA board. (Clone of the repo tagged as 5.1.3) They provide the PA_TVLA_1-Performing_TVLA_Testing_for_Crypto_Validation.ipynb Jupyterplaybook for that. I modified it to…
Tarick Welling
  • 3,119
  • 3
  • 19
  • 44
1
vote
0 answers

Why are cross-origin isolation and CORB/CORP both needed?

Abbreviations used: CORP: Cross Origin Resource Policy CORS: Cross Origin Resource Sharing CORB: Cross Origin Read Blocking SSCAs: speculative side-channel attacks, like Spectre I've read this article, but I still don't understand why are…
D. Pardal
  • 6,173
  • 1
  • 17
  • 37
0
votes
1 answer

Gem5: No workload specified

I am having some trouble running the simulation in gem5. I keep getting no workload specified # Set the workload and benchmark process = Process() process.cmd = ['gzip', '-k', 'test.txt'] system.cpu.workload = process …
kay
  • 1
0
votes
1 answer

How can I get master key of ARIA encryption algorithm?

I am researching how to obtain the master key of the ARIA cryptographic algorithm with the CPA. ARIA-128's first round key and last round key;ek1 and ek13 I figured out them, but I couldn't write the code to get the master key from them. ARIA Key…
jsw0502
  • 1
  • 3
0
votes
1 answer

How to implement input independent logical shift in software?

I'm trying to implement AES/DES/.. encryption/decryption in software without using any input dependent operations (specifically only using constant time not, and, or, xor operations and input independent array indexing/loops). Is there any way to…
user20346036
  • 3
  • 2
0
votes
3 answers

node:internal/modules/cjs/loader:936 throw err; ^ Error: Cannot find module 'side-channel'. When I run "npm start"

I encountered this error when I run npm start to view my react app. > react-scripts start node:internal/modules/cjs/loader:936 throw err; ^ Error: Cannot find module 'side-channel' Require stack: -…
michy David
  • 21
  • 3
  • 8
0
votes
0 answers

How practical and popular is intel cache allocation technology (CAT)

Intel introduced a software controlled cache partitioning mechanism named Cache Allocation Technology couple of years ago (you can see this website published in 2016 ). Using this technology, you can define the portion of L3 cache an application…
Misbah
  • 1
  • 3
0
votes
1 answer

How to calculate the bit error rate of flush+reload on RSA

I am learning to utilize flush+reload method to get private key of RSA. I read related papers flush+reload and found its open source code (flush+reloa flush+reloa). And I experimented according to the tutorial. I am very grateful for these open…
Gerrie
  • 736
  • 3
  • 18
0
votes
0 answers

memcpy instruction inside kernel module causes kernel to crash

I am currently trying to reproduce a microarchitectural attack(CacheZoom) on SGX enclave, while doing so I have to hook one of the interrupt service routine(apic_timer_interrupt). The original author go on by doing some weird calculation of target…
kallare
  • 1
  • 2
1
2