flat assembler
Message board for the users of flat assembler.

Index > Heap > RSA key stolen using branch prediction

Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Post 23 Nov 2006, 01:08
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Goplat



Joined: 15 Sep 2006
Posts: 181
Goplat
Here is the actual paper: http://eprint.iacr.org/2006/351

Yeah, if you have a hyperthreading CPU one process can figure out what another process is doing by the timing differences. This isn't really a big deal though. If a hacker had access to your computer, they wouldn't bother with this; they'd just get the key off your hard drive.
Post 23 Nov 2006, 01:51
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
oh, so it was hyperthreading? I've been reading about stealing data through cache. And that many servers with hyperthreading enabled were slower than without :DDD
Post 23 Nov 2006, 02:09
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
Goplat wrote:
If a hacker had access to your computer, they wouldn't bother with this; they'd just get the key off your hard drive.
That assumes the hacker can run as a privileged user. The idea behind this attack is that even a normal user running unprivileged code can extract a key without needing to scan RAM or HDD. This is a significant attack vector and will be difficult to protect against without OS assistance to halt other tasks while executing the crypto functions.
Post 23 Nov 2006, 16:10
View user's profile Send private message Visit poster's website Reply with quote
Goplat



Joined: 15 Sep 2006
Posts: 181
Goplat
I wouldn't feel comfortable doing encryption on a multi-user system anyway Smile

I wonder if this could be worked around. The problem is that the encryptor does a conditional branch on each bit of the key. Wouldn't it be possible to do the calculation both ways and select one with cmov?
Post 23 Nov 2006, 17:03
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17344
Location: In your JS exploiting you and your system
revolution
There are ways around it but cmov is not the answer because an entire lengthy computation must be executed/skipped depending on a one bit.

Although it is worth remembering that the attack was based upon the simplified single bit multiply/square algorithm, therefore a real system is a little bit less vulnerable but still breakable with this method. The complexity is high, but that never stopped people breaking cyphers in the past.
Post 23 Nov 2006, 23:02
View user's profile Send private message Visit poster's website Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
vid wrote:
And that many servers with hyperthreading enabled were slower than without :DDD


The whole point of HyperThreading was that it's was Intel's staging area to make programmers write code more suitable for multicore systems. So that when their mighty Duo came out, they'd already have a software pool optimized for the advantages that new processor offers with which's preformance to show off with.

There's no other way a processor architecture with such low memory bandwidth could beat the competition.

That said, it's no suprize that using HyperThreading offered no performance boost.
Post 27 Nov 2006, 22:09
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.