Side-Channel Attacks on Everyday Applications
by Taylor Hornby
In 2013, Yuval Yarom and Katrina Falkner discovered the FLUSH+RELOAD L3 cache side-channel. So far it has broken numerous implementations of cryptography including, notably, the AES and ECDSA in OpenSSL and the RSA GnuPG. Given FLUSH+RELOAD's astounding success at breaking cryptography, we're lead to wonder if it can be applied more broadly, to leak useful information out of regular applications like text editors and web browsers whose main functions are not cryptography.
In this talk, I'll briefly describe how the FLUSH+RELOAD attack works, and how it can be used to build input distinguishing attacks. In particular, I'll demonstrate how when the user Alice browses around the top 100 Wikipedia pages, the user Bob can spy on which of those pages she's visiting.
This isn't an earth-shattering attack, but as the code I'm releasing shows, it can be implemented reliably. My goal is to convince the community that side channels, FLUSH+RELOAD in particular, are useful for more than just breaking cryptography. The code I'm releasing is a starting point for developing better attacks. If you have access to a vulnerable CPU running a suitable OS, you should be able to reproduce the attack within minutes after watching the talk and downloading the code.
Видео Side-Channel Attacks on Everyday Applications канала Black Hat
In 2013, Yuval Yarom and Katrina Falkner discovered the FLUSH+RELOAD L3 cache side-channel. So far it has broken numerous implementations of cryptography including, notably, the AES and ECDSA in OpenSSL and the RSA GnuPG. Given FLUSH+RELOAD's astounding success at breaking cryptography, we're lead to wonder if it can be applied more broadly, to leak useful information out of regular applications like text editors and web browsers whose main functions are not cryptography.
In this talk, I'll briefly describe how the FLUSH+RELOAD attack works, and how it can be used to build input distinguishing attacks. In particular, I'll demonstrate how when the user Alice browses around the top 100 Wikipedia pages, the user Bob can spy on which of those pages she's visiting.
This isn't an earth-shattering attack, but as the code I'm releasing shows, it can be implemented reliably. My goal is to convince the community that side channels, FLUSH+RELOAD in particular, are useful for more than just breaking cryptography. The code I'm releasing is a starting point for developing better attacks. If you have access to a vulnerable CPU running a suitable OS, you should be able to reproduce the attack within minutes after watching the talk and downloading the code.
Видео Side-Channel Attacks on Everyday Applications канала Black Hat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![](https://i.ytimg.com/vi/WdCbaWzE7fA/default.jpg)
![Spectre and Meltdown attacks explained understandably](https://i.ytimg.com/vi/mgAN4w7LH2o/default.jpg)
![RSA Power Analysis Side-Channel Attack - rhme2](https://i.ytimg.com/vi/bFfyROX7V0s/default.jpg)
![16. Side-Channel Attacks](https://i.ytimg.com/vi/3v5Von-oNUg/default.jpg)
![Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)](https://i.ytimg.com/vi/FktI4qSjzaE/default.jpg)
![Writing Bad @$$ Malware For OS X](https://i.ytimg.com/vi/fv4l9yAL2sU/default.jpg)
![Side Channel Timing Attack Demonstration](https://i.ytimg.com/vi/2-zQp26nbY8/default.jpg)
![Elie Bursztein - Deep Learning Revolutionizing Side Channel Cryptanalysis - DEF CON 27 Conference](https://i.ytimg.com/vi/QXTricqAtPk/default.jpg)
![What is Mid-Side Processing? And WHY to Use It!](https://i.ytimg.com/vi/ck9fw-Ph3pA/default.jpg)
![Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev](https://i.ytimg.com/vi/6Chp12sEnWk/default.jpg)
![48 Dirty Little Secrets Cryptographers Don’t Want You To Know](https://i.ytimg.com/vi/iZa_XKpj9X4/default.jpg)
![Cracking passwords using ONLY response times | Secure Python](https://i.ytimg.com/vi/XThL0LP3RjY/default.jpg)
![Rowhammer attacks explained simply](https://i.ytimg.com/vi/rGaF15-ko5w/default.jpg)
![Samy Kamkar - FPGA Glitching & Side Channel Attacks](https://i.ytimg.com/vi/oGndiX5tvEk/default.jpg)
![Software Side-Channel attack on AES - White Box Unboxing 4/4 - RHme3 Qualifier](https://i.ytimg.com/vi/7KS3XHP35QY/default.jpg)
![ECED4406 - 0x500 Introduction to Side Channel Attacks](https://i.ytimg.com/vi/D1DNz5sNDgE/default.jpg)
![All in the timing: How side channel attacks work](https://i.ytimg.com/vi/JW81H0R4Chg/default.jpg)
![AppSecCali 2020 Closing Keynote: Browser Manipulation for Bypassing Firewalls - Samy Kamkar](https://i.ytimg.com/vi/K1T_miPTvPA/default.jpg)
![Side Channel Attack](https://i.ytimg.com/vi/4FpOhyI0-3g/default.jpg)
![What is Business Email Compromise (BEC)?](https://i.ytimg.com/vi/E9GRafGdLIw/default.jpg)