#sidechannelattacks — Public Fediverse posts

Here we go again! This time we have a couple of interesting papers on blockchain-related vulnerabilities, an attack against a lightweight stream cipher, an attack against key-store values, a little something about how hard SBOM¹ can be and a couple of hardware security papers.

* "An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts"
* "Security Analysis of WG-7 Lightweight Stream Cipher against Cube Attack"
* "Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure"
* "How to Bind Anonymous Credentials to Humans"
* "Challenges of Producing Software Bill Of Materials for Java"
* "Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol"
* "The curious case of the half-half Bitcoin ECDSA nonces"
* "X-ray: Discovering DRAM Internal Structure and Error Characteristics by Issuing Memory Commands"
* "Benchmarking and modeling of analog and digital SRAM in-memory computing architectures"
* "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels"

#Ethereum #Solidity #WG7 #Cryptography #KeyStore #Privacy #AnonymousCredentials #SBOM #Java #SoftwareBillOfMaterials #WhatsApp #E2E #Bitcoin #EDCSA #DRAM #SRAM #SideChannelAttacks

__
¹ Software Bill Of Materials.

Here we go again! This time we have a couple of interesting papers on blockchain-related vulnerabilities, an attack against a lightweight stream cipher, an attack against key-store values, a little something about how hard SBOM¹ can be and a couple of hardware security papers.

* "An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts"
* "Security Analysis of WG-7 Lightweight Stream Cipher against Cube Attack"
* "Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure"
* "How to Bind Anonymous Credentials to Humans"
* "Challenges of Producing Software Bill Of Materials for Java"
* "Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol"
* "The curious case of the half-half Bitcoin ECDSA nonces"
* "X-ray: Discovering DRAM Internal Structure and Error Characteristics by Issuing Memory Commands"
* "Benchmarking and modeling of analog and digital SRAM in-memory computing architectures"
* "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels"

#Ethereum #Solidity #WG7 #Cryptography #KeyStore #Privacy #AnonymousCredentials #SBOM #Java #SoftwareBillOfMaterials #WhatsApp #E2E #Bitcoin #EDCSA #DRAM #SRAM #SideChannelAttacks

__
¹ Software Bill Of Materials.

Here we go again! This time we have a couple of interesting papers on blockchain-related vulnerabilities, an attack against a lightweight stream cipher, an attack against key-store values, a little something about how hard SBOM¹ can be and a couple of hardware security papers.

* "An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts"
* "Security Analysis of WG-7 Lightweight Stream Cipher against Cube Attack"
* "Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure"
* "How to Bind Anonymous Credentials to Humans"
* "Challenges of Producing Software Bill Of Materials for Java"
* "Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol"
* "The curious case of the half-half Bitcoin ECDSA nonces"
* "X-ray: Discovering DRAM Internal Structure and Error Characteristics by Issuing Memory Commands"
* "Benchmarking and modeling of analog and digital SRAM in-memory computing architectures"
* "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels"

#Ethereum #Solidity #WG7 #Cryptography #KeyStore #Privacy #AnonymousCredentials #SBOM #Java #SoftwareBillOfMaterials #WhatsApp #E2E #Bitcoin #EDCSA #DRAM #SRAM #SideChannelAttacks

__
¹ Software Bill Of Materials.

Here we go again! This time we have a couple of interesting papers on blockchain-related vulnerabilities, an attack against a lightweight stream cipher, an attack against key-store values, a little something about how hard SBOM¹ can be and a couple of hardware security papers.

* "An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts"
* "Security Analysis of WG-7 Lightweight Stream Cipher against Cube Attack"
* "Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure"
* "How to Bind Anonymous Credentials to Humans"
* "Challenges of Producing Software Bill Of Materials for Java"
* "Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol"
* "The curious case of the half-half Bitcoin ECDSA nonces"
* "X-ray: Discovering DRAM Internal Structure and Error Characteristics by Issuing Memory Commands"
* "Benchmarking and modeling of analog and digital SRAM in-memory computing architectures"
* "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels"

#Ethereum #Solidity #WG7 #Cryptography #KeyStore #Privacy #AnonymousCredentials #SBOM #Java #SoftwareBillOfMaterials #WhatsApp #E2E #Bitcoin #EDCSA #DRAM #SRAM #SideChannelAttacks

__
¹ Software Bill Of Materials.

Here we go again! This time we have a couple of interesting papers on blockchain-related vulnerabilities, an attack against a lightweight stream cipher, an attack against key-store values, a little something about how hard SBOM¹ can be and a couple of hardware security papers.

* "An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts"
* "Security Analysis of WG-7 Lightweight Stream Cipher against Cube Attack"
* "Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure"
* "How to Bind Anonymous Credentials to Humans"
* "Challenges of Producing Software Bill Of Materials for Java"
* "Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol"
* "The curious case of the half-half Bitcoin ECDSA nonces"
* "X-ray: Discovering DRAM Internal Structure and Error Characteristics by Issuing Memory Commands"
* "Benchmarking and modeling of analog and digital SRAM in-memory computing architectures"
* "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels"

#Ethereum #Solidity #WG7 #Cryptography #KeyStore #Privacy #AnonymousCredentials #SBOM #Java #SoftwareBillOfMaterials #WhatsApp #E2E #Bitcoin #EDCSA #DRAM #SRAM #SideChannelAttacks

__
¹ Software Bill Of Materials.

The papers for this review:

* "Active TLS Stack Fingerprinting: Characterizing TLS Server Deployments at Scale"
* "HyPFuzz: Formal-Assisted Processor Fuzzing"
* "FPGA-Patch: Mitigating Remote Side-Channel Attacks on FPGAs using Dynamic Patch Generation"
* "30 Years of Synthetic Data"
* "On the Limits of Cross-Authentication Checks for GNSS Signals"
* "New Ways to Garble Arithmetic Circuits"
* "Exploration of Quantum Computer Power Side-Channels"
* "Side-Channel Analysis of Integrate-and-Fire Neurons within Spiking Neural Networks"
* "Those Aren't Your Memories, They're Somebody Else's: Seeding Misinformation in Chat Bot Memories"
* "Multi-step Jailbreaking Privacy Attacks on ChatGPT"
* "Measuring and Evading Turkmenistan's Internet Censorship: A Case Study in Large-Scale Measurements of a Low-Penetration Country"

#IACR #arXiv #ResearchPapers #TLS #Fuzzing #FPGA #SideChannelAttacks #SyntheticData #GNSS #GPS #GarbledCircuits #QuantumComputers #PowerSideChannelAttacks #NeuralNetworks #SpikingNeuralNetworks #ChatBots #ChatGPT #CensorshipResistance

The papers for this review:

* "Active TLS Stack Fingerprinting: Characterizing TLS Server Deployments at Scale"
* "HyPFuzz: Formal-Assisted Processor Fuzzing"
* "FPGA-Patch: Mitigating Remote Side-Channel Attacks on FPGAs using Dynamic Patch Generation"
* "30 Years of Synthetic Data"
* "On the Limits of Cross-Authentication Checks for GNSS Signals"
* "New Ways to Garble Arithmetic Circuits"
* "Exploration of Quantum Computer Power Side-Channels"
* "Side-Channel Analysis of Integrate-and-Fire Neurons within Spiking Neural Networks"
* "Those Aren't Your Memories, They're Somebody Else's: Seeding Misinformation in Chat Bot Memories"
* "Multi-step Jailbreaking Privacy Attacks on ChatGPT"
* "Measuring and Evading Turkmenistan's Internet Censorship: A Case Study in Large-Scale Measurements of a Low-Penetration Country"

#IACR #arXiv #ResearchPapers #TLS #Fuzzing #FPGA #SideChannelAttacks #SyntheticData #GNSS #GPS #GarbledCircuits #QuantumComputers #PowerSideChannelAttacks #NeuralNetworks #SpikingNeuralNetworks #ChatBots #ChatGPT #CensorshipResistance

D. Kaplan, "Optimization and Amplification of Cache Side Channel Signals"¹

In cache-based side channel attacks, an attacker infers information about the victim based on the presence, or lack thereof, of one or more cachelines. Determining a cacheline's presence, which we refer to as "reading the signal", typically requires testing the access time of the line using a suitably high precision timer. In this paper we introduce novel gadgets which leverage CPU speculation to enable modification of these signals, before they are read, for a variety of purposes. First, these gadgets enable an attacker to optimize cache-based side channel attacks by evaluating arbitrary logic functions on cacheline signals prior to their measurement. Second, we demonstrate amplification techniques that enable an attacker to read a signal even if no high precision timer is available. Combined, these techniques can be used to improve existing side channel attacks even if timer access is limited. We evaluate the effectiveness of these techniques on a modern x86 CPU and demonstrate that when properly tuned, cache side channel signals can be reliably modified with near 100% accuracy and are able to be read with a timer as coarse as 100ms or more.

#ResearchPapers #arXiv #CacheSideChannelAttacks #SideChannelAttacks #X86
__
¹ https://arxiv.org/abs/2303.00122

D. Kaplan, "Optimization and Amplification of Cache Side Channel Signals"¹

In cache-based side channel attacks, an attacker infers information about the victim based on the presence, or lack thereof, of one or more cachelines. Determining a cacheline's presence, which we refer to as "reading the signal", typically requires testing the access time of the line using a suitably high precision timer. In this paper we introduce novel gadgets which leverage CPU speculation to enable modification of these signals, before they are read, for a variety of purposes. First, these gadgets enable an attacker to optimize cache-based side channel attacks by evaluating arbitrary logic functions on cacheline signals prior to their measurement. Second, we demonstrate amplification techniques that enable an attacker to read a signal even if no high precision timer is available. Combined, these techniques can be used to improve existing side channel attacks even if timer access is limited. We evaluate the effectiveness of these techniques on a modern x86 CPU and demonstrate that when properly tuned, cache side channel signals can be reliably modified with near 100% accuracy and are able to be read with a timer as coarse as 100ms or more.

#ResearchPapers #arXiv #CacheSideChannelAttacks #SideChannelAttacks #X86
__
¹ https://arxiv.org/abs/2303.00122

D. Kaplan, "Optimization and Amplification of Cache Side Channel Signals"¹

In cache-based side channel attacks, an attacker infers information about the victim based on the presence, or lack thereof, of one or more cachelines. Determining a cacheline's presence, which we refer to as "reading the signal", typically requires testing the access time of the line using a suitably high precision timer. In this paper we introduce novel gadgets which leverage CPU speculation to enable modification of these signals, before they are read, for a variety of purposes. First, these gadgets enable an attacker to optimize cache-based side channel attacks by evaluating arbitrary logic functions on cacheline signals prior to their measurement. Second, we demonstrate amplification techniques that enable an attacker to read a signal even if no high precision timer is available. Combined, these techniques can be used to improve existing side channel attacks even if timer access is limited. We evaluate the effectiveness of these techniques on a modern x86 CPU and demonstrate that when properly tuned, cache side channel signals can be reliably modified with near 100% accuracy and are able to be read with a timer as coarse as 100ms or more.

#ResearchPapers #arXiv #CacheSideChannelAttacks #SideChannelAttacks #X86
__
¹ https://arxiv.org/abs/2303.00122

D. Kaplan, "Optimization and Amplification of Cache Side Channel Signals"¹

In cache-based side channel attacks, an attacker infers information about the victim based on the presence, or lack thereof, of one or more cachelines. Determining a cacheline's presence, which we refer to as "reading the signal", typically requires testing the access time of the line using a suitably high precision timer. In this paper we introduce novel gadgets which leverage CPU speculation to enable modification of these signals, before they are read, for a variety of purposes. First, these gadgets enable an attacker to optimize cache-based side channel attacks by evaluating arbitrary logic functions on cacheline signals prior to their measurement. Second, we demonstrate amplification techniques that enable an attacker to read a signal even if no high precision timer is available. Combined, these techniques can be used to improve existing side channel attacks even if timer access is limited. We evaluate the effectiveness of these techniques on a modern x86 CPU and demonstrate that when properly tuned, cache side channel signals can be reliably modified with near 100% accuracy and are able to be read with a timer as coarse as 100ms or more.

#ResearchPapers #arXiv #CacheSideChannelAttacks #SideChannelAttacks #X86
__
¹ https://arxiv.org/abs/2303.00122

D. Kaplan, "Optimization and Amplification of Cache Side Channel Signals"¹

In cache-based side channel attacks, an attacker infers information about the victim based on the presence, or lack thereof, of one or more cachelines. Determining a cacheline's presence, which we refer to as "reading the signal", typically requires testing the access time of the line using a suitably high precision timer. In this paper we introduce novel gadgets which leverage CPU speculation to enable modification of these signals, before they are read, for a variety of purposes. First, these gadgets enable an attacker to optimize cache-based side channel attacks by evaluating arbitrary logic functions on cacheline signals prior to their measurement. Second, we demonstrate amplification techniques that enable an attacker to read a signal even if no high precision timer is available. Combined, these techniques can be used to improve existing side channel attacks even if timer access is limited. We evaluate the effectiveness of these techniques on a modern x86 CPU and demonstrate that when properly tuned, cache side channel signals can be reliably modified with near 100% accuracy and are able to be read with a timer as coarse as 100ms or more.

#ResearchPapers #arXiv #CacheSideChannelAttacks #SideChannelAttacks #X86
__
¹ https://arxiv.org/abs/2303.00122

G. Hu and R. Lee, "Protecting Cache States Against Both Speculative Execution Attacks and Side-channel Attacks"¹

Cache side-channel attacks and speculative execution attacks that leak information through cache states are stealthy and dangerous attacks on hardware that must be mitigated. Unfortunately, defenses proposed for cache side-channel attacks do not mitigate all cache-based speculative execution attacks and vice versa. Since both classes of attacks must be addressed, we propose comprehensive cache architectures to do this.
We show a framework to analyze the security of a secure cache. We identify same-domain speculative execution attacks, and show they evade cache side-channel defenses. We present new hardware security mechanisms that address target attacks and reduce performance overhead. We design two Speculative and Timing Attack Resilient (STAR) caches that defeat both cache side-channel attacks and cache-based speculative execution attacks. These comprehensive defenses have low performance overhead of 6.6% and 8.8%.

#arXiv #ResearchPapers #SideChannelAttacks #Microarchitecture #SpeculativeExecution
__
¹ https://arxiv.org/abs/2302.00732

G. Hu and R. Lee, "Protecting Cache States Against Both Speculative Execution Attacks and Side-channel Attacks"¹

Cache side-channel attacks and speculative execution attacks that leak information through cache states are stealthy and dangerous attacks on hardware that must be mitigated. Unfortunately, defenses proposed for cache side-channel attacks do not mitigate all cache-based speculative execution attacks and vice versa. Since both classes of attacks must be addressed, we propose comprehensive cache architectures to do this.
We show a framework to analyze the security of a secure cache. We identify same-domain speculative execution attacks, and show they evade cache side-channel defenses. We present new hardware security mechanisms that address target attacks and reduce performance overhead. We design two Speculative and Timing Attack Resilient (STAR) caches that defeat both cache side-channel attacks and cache-based speculative execution attacks. These comprehensive defenses have low performance overhead of 6.6% and 8.8%.

#arXiv #ResearchPapers #SideChannelAttacks #Microarchitecture #SpeculativeExecution
__
¹ https://arxiv.org/abs/2302.00732

A. Berzati et al., "A Practical Template Attack on CRYSTALS-Dilithium"¹

This paper presents a new profiling side-channel attack on the signature scheme CRYSTALS-Dilithium, which has been selected by the NIST as the new primary standard for quantum-safe digital signatures. This algorithm has a constant-time implementation with consideration for side-channel resilience. However, it does not protect against attacks that exploit intermediate data leakage. We exploit such a leakage on a vector generated during the signing process and whose costly protection by masking is a matter of debate. We design a template attack that enables us to efficiently predict whether a given coefficient in one coordinate of this vector is zero or not. Once this value has been completely reconstructed, one can recover, using linear algebra methods, part of the secret key that is sufficient to produce universal forgeries. While our paper deeply discusses the theoretical attack path, it also demonstrates the validity of the assumption regarding the required leakage model, from practical experiments with the reference implementation on an ARM Cortex-M4.

#IACR #ResearchPapers #Dilithium #Lattices #PQCryptography #SideChannelAttacks #TemplateAttacks
__
¹ https://eprint.iacr.org/2023/050

A. Berzati et al., "A Practical Template Attack on CRYSTALS-Dilithium"¹

This paper presents a new profiling side-channel attack on the signature scheme CRYSTALS-Dilithium, which has been selected by the NIST as the new primary standard for quantum-safe digital signatures. This algorithm has a constant-time implementation with consideration for side-channel resilience. However, it does not protect against attacks that exploit intermediate data leakage. We exploit such a leakage on a vector generated during the signing process and whose costly protection by masking is a matter of debate. We design a template attack that enables us to efficiently predict whether a given coefficient in one coordinate of this vector is zero or not. Once this value has been completely reconstructed, one can recover, using linear algebra methods, part of the secret key that is sufficient to produce universal forgeries. While our paper deeply discusses the theoretical attack path, it also demonstrates the validity of the assumption regarding the required leakage model, from practical experiments with the reference implementation on an ARM Cortex-M4.

#IACR #ResearchPapers #Dilithium #Lattices #PQCryptography #SideChannelAttacks #TemplateAttacks
__
¹ https://eprint.iacr.org/2023/050

A. Berzati et al., "A Practical Template Attack on CRYSTALS-Dilithium"¹

This paper presents a new profiling side-channel attack on the signature scheme CRYSTALS-Dilithium, which has been selected by the NIST as the new primary standard for quantum-safe digital signatures. This algorithm has a constant-time implementation with consideration for side-channel resilience. However, it does not protect against attacks that exploit intermediate data leakage. We exploit such a leakage on a vector generated during the signing process and whose costly protection by masking is a matter of debate. We design a template attack that enables us to efficiently predict whether a given coefficient in one coordinate of this vector is zero or not. Once this value has been completely reconstructed, one can recover, using linear algebra methods, part of the secret key that is sufficient to produce universal forgeries. While our paper deeply discusses the theoretical attack path, it also demonstrates the validity of the assumption regarding the required leakage model, from practical experiments with the reference implementation on an ARM Cortex-M4.

#IACR #ResearchPapers #Dilithium #Lattices #PQCryptography #SideChannelAttacks #TemplateAttacks
__
¹ https://eprint.iacr.org/2023/050

A. Berzati et al., "A Practical Template Attack on CRYSTALS-Dilithium"¹

This paper presents a new profiling side-channel attack on the signature scheme CRYSTALS-Dilithium, which has been selected by the NIST as the new primary standard for quantum-safe digital signatures. This algorithm has a constant-time implementation with consideration for side-channel resilience. However, it does not protect against attacks that exploit intermediate data leakage. We exploit such a leakage on a vector generated during the signing process and whose costly protection by masking is a matter of debate. We design a template attack that enables us to efficiently predict whether a given coefficient in one coordinate of this vector is zero or not. Once this value has been completely reconstructed, one can recover, using linear algebra methods, part of the secret key that is sufficient to produce universal forgeries. While our paper deeply discusses the theoretical attack path, it also demonstrates the validity of the assumption regarding the required leakage model, from practical experiments with the reference implementation on an ARM Cortex-M4.

#IACR #ResearchPapers #Dilithium #Lattices #PQCryptography #SideChannelAttacks #TemplateAttacks
__
¹ https://eprint.iacr.org/2023/050