The Tor network is probably one of the most popular online anonymity systems in the world. It has been built based on the volunteer relays from all around the world. It has a strong scientific basis which is structured very well to work in low latency mode that makes it suitable for tasks such as web browsing. Despite the advantages, the low latency also makes Tor insecure against timing and tr...

Abstract Montgomery’s and Barrett’s modular multiplication algorithms are widely used in exponentiation algorithms, e.g. to compute RSA or ECC operations. While algorithm has been studied extensively the literature many side-channel attacks have detected, our best knowledge no thorough analysis exists for algorithm. This article closes this gap. For both algorithm, differences of execution time...

OpenSSL is the most widely used open source SSL/TLS implementation on the internet and an immense amount of sensitive communication is trusted to be secured by it. The related cryptographic algorithms themselves are indeed very secure. However implementing the models in hardware or software introduces new kinds of channels that are not present in the mathematical model, but which can nonetheles...

Cache-timing attacks are a serious threat to security-critical software. We show that the combination of vector quantization and hidden Markov model cryptanalysis is a powerful tool for automated analysis of cache-timing data; it can be used to recover critical algorithm state such as key material. We demonstrate its effectiveness by running an attack on the elliptic curve portion of OpenSSL (0...

“Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit” http://www.torproject.org. Indeed, as first demonstrated in [1] and bolstered by many follow up studies since, timing a...

Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network se...

Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network se...