[SOLVED] CS计算机代考程序代写 cache ECEN 4133

30 $

File Name: CS计算机代考程序代写_cache_ECEN_4133.zip
File Size: 423.9 KB

SKU: 4617941024 Category: Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Or Upload Your Assignment Here:

ECEN 4133
Side channel attacks and defenses

Side channel
• Measure something secret using other available indirect measurement
• Secrets:
• Passwords
• Private keys
• Confidentialinformation
• Available data: • Timing
• Power
• Heat
• Sound
• Pizza deliveries…???
• Panama invasion (1990)
• Operation Desert Storm (1991)

Side channel example: passwords
bool check_password(char *pw, char *correct) { if (strlen(pw)!=strlen(correct))
return false;
for (int i=0; i 10us check_password(“aaaaaa”, “s3cr37”) => 15us check_password(“baaaaa”, “s3cr37”) => 15us check_password(“saaaaa”, “s3cr37”) => 20us

Side channel example: passwords
bool check_password(char *pw, char *correct) { if (strlen(pw)!=strlen(correct))
return false;
for (int i=0; i 20us check_password(“s3aaaa”, “s3cr37”) => 25us
How many guesses to get correct N-character password?

Side channel example: passwords
• How should we fix this vulnerability?

Side channel solution: constant time
// Note: strlen(correct) must be equal to strlen(pw)
// This function still leaks the length of strlen(correct)! // (how could we fix?)
bool check_password(char *pw, char *correct) {
if (strlen(pw) != strlen(correct)) return false;
int diff = 0;
for (int i=0; i 1:
if n%2==1: # n is odd y = x * y;
x = x * x;
n = (n – 1) / 2;
# n is even
x = x * x;
n = n / 2;
else: return x * y

Side channel example: repeated squaring
Time (us)
Square and multiply

• Solving the repeated squaring side channel?

Repeated squaring: Montgomery’s Ladder:
x1 = x
x2 = x*x
for i = k – 2 to 0:
if n_i == 0: x2 = x1 =
x1 =
x2 =
# k bits in n, MSB (n_(k-1)) = 1
# bit is even x1*x2
# bit is odd
x1*x2 x2*x2
return x1

Alternative side channel defense: blinding
• Given c = x^e mod N
• Don’t want to compute c^d mod N (might leak d!)
• First blind: b = c*r^e mod N for random r (this is just (xr)^e mod N)
• Then decrypt: a = b^d mod N = (xr)^ed mod N = xr mod N
• Remove blinding: a*r^-1 mod N = xr*r^-1 mod N = x mod N
• Since attacker doesn’t know r, can’t learn d during “blinded” decryption

Other side channels?
• What other examples of side channels exist? • How can we fix them?

Other side channels?
• EM-emission
• Sound
• Accelerometer data
• Timing of key presses
• Shared resources:
• Cache timing
• Bandwidth / latency
• IPID field in IP packets

Cache side channels
• Caches improve performance by storing recently-accessed data close to the CPU
• Potentially leaks what was recently accessed!
1. Attacker fills cache:
2. Victim process reads from 0xC8:
3. Attacker reads: 0xA0 (52ns) 0xA4 (55ns) 0xA8 (397ns) 0xAC (49ns)
Attacker learns 0xA8 was not in cache! (recently evicted by another process)
0xA8 is evicted


There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Shopping Cart
[SOLVED] CS计算机代考程序代写 cache ECEN 4133
30 $