• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Codes, Cryptology and Information Security >Cache-Timing Attacks Still Threaten IoT Devices
【24h】

Cache-Timing Attacks Still Threaten IoT Devices

机译:缓存定时攻击仍在威胁物联网设备

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Deployed widely and embedding sensitive data, The security of IoT devices depend on the reliability of cryptographic libraries to protect user information. However when implemented on real systems, cryptographic algorithms are vulnerable to side-channel attacks based on their execution behavior, which can be revealed by measurements of physical quantities such as timing or power consumption. Some counter-measures can be implemented in order to prevent those attacks. However those countermeasures are generally designed at high level description, and when implemented, some residual leakage may persist. In this article we propose a methodology to assess the robustness of the MbedTLS library against timing and cache-timing attacks. This comprehensive study of side-channel security allows us to identify the most frequent weaknesses in software cryptographic code and how those might, be fixed. This methodology checks the whole source code, from the top level routines to low level primitives, that are used for the final application. We retrieve hundreds of lines of code that leak sensitive information.
机译:物联网设备的安全性广泛部署并嵌入敏感数据,这取决于加密库的可靠性来保护用户信息。但是,当在实际系统上实施时,密码算法基于其执行行为容易受到侧信道攻击,这可以通过测量物理量(例如时序或功耗)来揭示。为了防止这些攻击,可以采取一些对策。但是,通常在较高级别的描述中设计这些对策,并且在实施时,可能会残留一些残余泄漏。在本文中,我们提出一种方法来评估MbedTLS库针对定时和缓存定时攻击的健壮性。这项对边信道安全性的全面研究使我们能够确定软件密码中最常见的弱点以及如何解决这些弱点。这种方法检查用于最终应用程序的整个源代码,从顶层例程到底层原语。我们检索数百行泄漏敏感信息的代码。

著录项

  • 来源
  • 会议地点 Rabat(MA)
  • 作者

    Sofiane Takarabt; Alexander Schaub; Adrien Facon; Sylvain Guilley; Laurent Sauvage; Youssef Souissi; Yves Mathieu;

  • 作者单位

    Secure-IC S.A.S. 15 Rue Claude Chappe Bât. B 35 510 Cesson-Sévigné France LTCI Télécom ParisTech Institut Polytechnique de Paris 75 013 Paris France;

    LTCI Télécom ParisTech Institut Polytechnique de Paris 75 013 Paris France;

    Secure-IC S.A.S. 15 Rue Claude Chappe Bât. B 35 510 Cesson-Sévigné France École Normale Supérieure Département d'informatique 75 005 Paris France;

    Secure-IC S.A.S. 15 Rue Claude Chappe Bât. B 35 510 Cesson-Sévigné France LTCI Télécom ParisTech Institut Polytechnique de Paris 75 013 Paris France École Normale Supérieure Département d'informatique 75 005 Paris France;

    LTCI Télécom ParisTech Institut Polytechnique de Paris 75 013 Paris France Secure-IC S.A.S. 15 Rue Claude Chappe Bât. B 35 510 Cesson-Sévigné France;

    Secure-IC S.A.S. 15 Rue Claude Chappe Bât. B 35 510 Cesson-Sévigné France;

  • 会议组织
  • 原文格式 PDF
  • 正文语种
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号