Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications

11/21/2019
by   Tianwei Zhang, et al.
0

We systematize software side-channel attacks with a focus on vulnerabilities and countermeasures in the cryptographic implementations. Particularly, we survey past research literature to categorize vulnerable implementations, and identify common strategies to eliminate them. We then evaluate popular libraries and applications, quantitatively measuring and comparing the vulnerability severity, response time and coverage. Based on these characterizations and evaluations, we offer some insights for side-channel researchers, cryptographic software developers and users. We hope our study can inspire the side-channel research community to discover new vulnerabilities, and more importantly, to fortify applications against them.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/26/2021

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography

Side-channel attacks have become a severe threat to the confidentiality ...
research
07/11/2021

You Really Shouldn't Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries

The security of the Internet rests on a small number of open-source cryp...
research
04/04/2023

Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code

Although cryptographic algorithms may be mathematically secure, it is of...
research
08/31/2022

Microwalk-CI: Practical Side-Channel Analysis for JavaScript Applications

Secret-dependent timing behavior in cryptographic implementations has re...
research
09/22/2022

To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild

Recent studies have revealed that 87 cryptographic APIs have a misuse w...
research
08/09/2019

That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Thirteen Password Managers

Password managers have the potential to help users more effectively mana...
research
02/12/2023

Bl0ck: Paralyzing 802.11 connections through Block Ack frames

Despite Wi-Fi is at the eve of its seventh generation, security concerns...

Please sign up or login with your details

Forgot password? Click here to reset