1 / 6

Eran Tromer

Information Security – Theory vs. Reality 0368-4474, Winter 2013-2014 Lecture 3: Fault and side-channel attacks on RSA. Eran Tromer. Fault attacks on RSA. On-board discussion. Outline :

berny
Download Presentation

Eran Tromer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security – Theory vs. Reality 0368-4474, Winter 2013-2014Lecture 3:Fault and side-channel attacks on RSA Eran Tromer

  2. Fault attacks on RSA On-board discussion. Outline: • Fault attacks on RSA with CRT decryption(on board)[DeMillo, Lipton, On the importance of eliminating errors in cryptographic protocols (section 2)] • Mitigation / countermeasures • Enforce structure (padding) in message • Repeat and compare • Decrypt and compare • Ciphertext blinding/randomization • JVM single memory error

  3. More side-channel attacks on RSA

  4. ALU multiplier contention attack on square-and-multiply RSA exponentiation MUL SQR SQR SQR SQR measurement • Background:square-and-multiplyexponentiation (on board) time ALU multiplier attack[Aciicmez Seifert 2007]

  5. (Simple) power analysis of square-and-multiply decryption RSA [Cryptography Research] • Background: power measurements (on board)

  6. Cache attack on sliding-window RSA exponentiation cache set time [Percival 2005,Cache Missing for Fun and Profit]

More Related