Collaborate Disseminate
Cache side-channel attacks rely on the capability to observe cache hits/misses for a given set. Usually this is done via timing information, e.g. in flush+reload or prime+probe. Why is the performance monitoring function of CPUs, e.g. the … Continue reading Why are performance counters not used for cache attacks?
This question is purely theoretical, I have no intention of ever implementing this scheme in practice. I’m familiar with the shortcomings of sleeping as means of mitigating timing attacks. I’m more interested in this from the attacker’s pe… Continue reading Does this theoretical salted-hash-sleep scheme mitigate timing attacks?
I am aware of one paper (although I forget the name) in which an AES key is extracted from some meters away as a result of coil whine (potentially audible vibration of an inductor coil), but I can’t find any research which looks into acous… Continue reading Side-channel impacts of coil whine and related acoustical phenomena over time
When you are working with secret keys, if your code branches unequally it could reveal bits of the secret keys via side channels. So for some algorithms it should branch uniformly independently of the secret key.
On C/C++/Rust, you can use… Continue reading How are code-branch side channel attacks mitigated on Java?
Most of our projects are, to some extent, an exercise in glitch-reduction. Whether they’re self-inflicted software or hardware mistakes, or even if the glitches in question come from sources beyond …read more Continue reading Glitch Your Way to Reverse-Engineering Glory with the PicoEMP
Looking through descriptions of Spectre and Meltdown it seems that speculative execution – the basis for these attacks – occurs only with branched code. Therefore, it seems logical to conclude that having no if statements would preclude sp… Continue reading Does having no ‘if’ blocks in code mitigate side-channel attacks?
Alice and Bob are on the same file system. Alice made a spam filter plugin, which reads /tmp/mail and then writes the report to /tmp/report. The /tmp/mail has permission 400 and /tmp/report has permission 600. Both files have owner and gro… Continue reading Use side-channel attack to steal file with permission 600?
I’d like to implement a RESTful API service over HTTP that developers can call from their server side environments.
I intend to use a cryptographically secure pseudo-random number generator (CSPRNG) to generate keys and then convert the bi… Continue reading Is using a developer key to protect a REST API good practice?
When dealing with cryptographic secrets (private keys, passwords, etc) it is desirable to not run these secrets through functions that do not run in constant time, in order to avoid the potential for side channel attacks. An example of thi… Continue reading Constant-Time String-to-Byte Encoding for JavaScript
I’ve been looking into getting a VPS to run an OpenVPN server on and a few other things. I’ve been speaking to a hosting company and they have sent me this screenshot to show they are protected against all currently known exploits on their… Continue reading Are CPU side-channel attacks still a concern on VPSs