Attacking scrypt via Cache Timing Side-Channel

نویسنده

  • Mark Matthew Anderson
چکیده

This paper gives a motivation for the design of memoryhard key derivation functions (KDFs), a summary of a memory-hard password-based key derivation function called scrypt, and an overview of cache timing attacks. A cache timing attack against scrypt is introduced and described in detail. Finally, additional work necessary to implement the attack and measures to prevent the attack are discussed. Since it is an actively-used utility for generating cryptographic keys, constructing a password stealing attack against scrypt raises serious security concerns for any applications that make use of it.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Attacking AES Using Bernstein's Attack on Modern Processors

The Advanced Encryption Standard (AES) was selected by NIST due to its heavy resistance against classical cryptanalysis like differential and linear cryptanalysis. Even after the appearance of the modern side-channel attacks like timing and power consumption side-channel attacks, NIST claimed that AES is not vulnerable to timing attacks. In 2005, Bernstein [6] has successfully attacked the Open...

متن کامل

Cache Storage Attacks

Covert channels are a fundamental concept for cryptanalytic side-channel attacks. Covert timing channels use latency to carry data, and are the foundation for timing and cache-timing attacks. Covert storage channels instead utilize existing system bits to carry data, and are not historically used for cryptanalytic side-channel attacks. This paper introduces a new storage channel made available ...

متن کامل

Statistical Analysis for Access-Driven Cache Attacks Against AES

In recent years, side-channel timing attacks utilizing architectural behavior have been applied to cloud settings, presenting a realistic and serious cyber threat. Access-driven cache attacks allow the adversary to observe side-channel leakage (cache access pattern) of a critical cryptographic implementation to infer the secret key. However, what the attackers observe may deviate from the real ...

متن کامل

Cache-Timing Techniques: Exploiting the DSA Algorithm

Side-channel information is any type of information leaked through unexpected channels due to physical features of a system dealing with data. The memory cache can be used as a side-channel, leakage and exploitation of side-channel information from the executing processes is possible, leading to the recovery of secret information. Cache-based sidechannel attacks represent a serious threat to im...

متن کامل

MemJam: A False Dependency Attack against Constant-Time Crypto Implementations

Cache attacks exploit memory access patterns of cryptographic implementations. Constant-Time implementation techniques have become an indispensable tool in fighting cache timing attacks. These techniques engineer the memory accesses of cryptographic operations to follow a uniform key independent pattern. However, the constant-time behavior is dependent on the underlying architecture, which can ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017