Collaborate Disseminate
I’ve been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with the same host.
I found this article on D… Continue reading Is protecting against Meltdown and Spectre on virtual servers actually possible?
Assume sensitive audio emissions from a mechanical keyboard. These audio emissions are often sufficient to reconstruct the actual key presses that generated the sound. If the audio is compressed using a narrowband audio codec such as G.711… Continue reading How sensitive are acoustic side-channels to compression with a narrowband codec?
I’ve been researching timeless timing attacks, ie: timing attacks using concurrency rather than round trip time. Here is an article by portswigger with links to the original article by Van Goethem. Basically it says that if you pack two re… Continue reading Timeless timing attacks and response jitter
Researchers can now made software copies of Google’s “unclonable” Titan security keys – but not yet undetectably. Continue reading Google Titan security keys hacked by French researchers
I am learning the prime+probe algorithm in side channel attacks. But I am puzzled. Its steps are:
prime: fill each cache set with its own data
delay: trigger the victim to access
probe: Detect whether the data in each cache set is still th… Continue reading Will prime+probe be affected by variables in the program?
I want to measure the execution time of a function. The execution time of this function is only slightly different in the two cases. Is there any way I can accurately measure its time to distinguish the two cases?
The possible solutions ar… Continue reading In the time side channel, is there any way to improve the measurement time accuracy?
In Cryptography Engineering Ferguson, Schneier and Kohno put a big emphasis on quality of code in order to prevent it from leaking information and from being vulnerable to memory corruption exploits.
Re-implementing cryptography, especiall… Continue reading Compiler-induced information leaks/side-channels in cryptography implementations
Problem
I am putting together a proof of concept for the FLUSH + RELOAD attack. The method is outlined in great detail in this paper. The general idea is simple – cached addresses can be accessed with much greater speed than addresses not … Continue reading FLUSH + RELOAD Proof of Concept – Why do we need to flush more than needed?
I asked the same question on Stack Overflow, but I got no answers and I was suggested to ask it here.
Abbreviations used:
CORP: Cross Origin Resource Policy
CORS: Cross Origin Resource Sharing
CORB: Cross Origin Read Blocking
SSCAs: specu… Continue reading Why are cross-origin isolation and CORB/CORP both needed? [closed]
I’m trying to understand and perform the Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR. The author have released the proof-of-concept code.
I’m trying to run the attack on my Intel Haswell machine, using Linux Ubuntu 20.04, … Continue reading Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR