Predicting Secret Keys Via Branch Prediction

14 years 5 months ago

Download security.ece.orst.edu

This paper announces a new software side-channel attack — enabled by the branch prediction capability common to all modern highperformance CPUs. The penalty paid (extra clock cycles) for a mispredicted branch can be used for cryptanalysis of cryptographic primitives that employ a data-dependent program ﬂow. Analogous to the recently described cache-based side-channel attacks our attacks also allow an unprivileged process to attack other processes running in parallel on the same processor, despite sophisticated partitioning methods such as memory protection, sandboxing or even virtualization. In this paper, we will discuss several such attacks for the example of RSA, and experimentally show their applicability to real systems, such as OpenSSL and Linux. Moreover, we will also demonstrate the strength of the branch prediction sidechannel attack by rendering the obvious countermeasure in this context (Montgomery Multiplication with dummy-reduction) as useless. Although the deeper cons...

Onur Aciiçmez, Çetin Kaya Koç

Real-time Traffic

Branch Prediction | Cryptology | CTRSA 2007 | Side-channel Attacks | Software Side-channel Attack |

claim paper

Post Info
More Details (n/a)

Added	07 Jun 2010
Updated	07 Jun 2010
Type	Conference
Year	2007
Where	CTRSA
Authors	Onur Aciiçmez, Çetin Kaya Koç, Jean-Pierre Seifert

Comments (0)

Sciweavers

Predicting Secret Keys Via Branch Prediction

Branch Prediction | Cryptology | CTRSA 2007 | Side-channel Attacks | Software Side-channel Attack |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers