Collaborate Disseminate
When dealing with cryptographic secrets (private keys, passwords, etc) it is desirable to not run these secrets through functions that do not run in constant time, in order to avoid the potential for side channel attacks. An example of thi… Continue reading Constant-Time String-to-Byte Encoding for JavaScript
I’ve been looking into getting a VPS to run an OpenVPN server on and a few other things. I’ve been speaking to a hosting company and they have sent me this screenshot to show they are protected against all currently known exploits on their… Continue reading Are CPU side-channel attacks still a concern on VPSs
I’ve been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with the same host.
I found this article on D… Continue reading Is protecting against Meltdown and Spectre on virtual servers actually possible?
Assume sensitive audio emissions from a mechanical keyboard. These audio emissions are often sufficient to reconstruct the actual key presses that generated the sound. If the audio is compressed using a narrowband audio codec such as G.711… Continue reading How sensitive are acoustic side-channels to compression with a narrowband codec?
I’ve been researching timeless timing attacks, ie: timing attacks using concurrency rather than round trip time. Here is an article by portswigger with links to the original article by Van Goethem. Basically it says that if you pack two re… Continue reading Timeless timing attacks and response jitter
Researchers can now made software copies of Google’s “unclonable” Titan security keys – but not yet undetectably. Continue reading Google Titan security keys hacked by French researchers
I am learning the prime+probe algorithm in side channel attacks. But I am puzzled. Its steps are:
prime: fill each cache set with its own data
delay: trigger the victim to access
probe: Detect whether the data in each cache set is still th… Continue reading Will prime+probe be affected by variables in the program?
I want to measure the execution time of a function. The execution time of this function is only slightly different in the two cases. Is there any way I can accurately measure its time to distinguish the two cases?
The possible solutions ar… Continue reading In the time side channel, is there any way to improve the measurement time accuracy?
In Cryptography Engineering Ferguson, Schneier and Kohno put a big emphasis on quality of code in order to prevent it from leaking information and from being vulnerable to memory corruption exploits.
Re-implementing cryptography, especiall… Continue reading Compiler-induced information leaks/side-channels in cryptography implementations
Problem
I am putting together a proof of concept for the FLUSH + RELOAD attack. The method is outlined in great detail in this paper. The general idea is simple – cached addresses can be accessed with much greater speed than addresses not … Continue reading FLUSH + RELOAD Proof of Concept – Why do we need to flush more than needed?