Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure
暂无分享,去创建一个
[1] Adi Shamir,et al. Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.
[2] Klaus Wagner,et al. Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.
[3] Ralph C. Merkle,et al. Secrecy, authentication, and public key systems , 1979 .
[4] Kenneth G. Paterson,et al. Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.
[5] Peter Gutmann,et al. Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) , 2014, RFC.
[6] Michael Hamburg,et al. Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.
[7] Juraj Somorovsky,et al. Systematic Fuzzing and Testing of TLS Libraries , 2016, CCS.
[8] Mengyuan Li,et al. STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves , 2017, CCS.
[9] Yuval Yarom,et al. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.
[10] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.
[11] Gorka Irazoqui Apecechea,et al. Lucky 13 Strikes Back , 2015, AsiaCCS.
[12] Khawaja Amer Hayat,et al. Password Interception in a SSL/TLS Channel , 2004 .
[13] Elisabeth Oswald,et al. Counting Keys in Parallel After a Side Channel Attack , 2015, ASIACRYPT.
[14] Bodo Möller,et al. This POODLE Bites: Exploiting The SSL 3.0 Fallback , 2014 .
[15] Kenneth G. Paterson,et al. Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS , 2016, EUROCRYPT.
[16] Michael K. Reiter,et al. Cross-VM side channels and their use to extract private keys , 2012, CCS.
[17] Michael Hamburg,et al. Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).
[18] Brian Huffman,et al. Continuous Formal Verification of Amazon s2n , 2018, CAV.
[19] Stephan Krenn,et al. Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.
[20] Naomi Benger,et al. "Ooh Aah... Just a Little Bit" : A Small Amount of Side Channel Can Go a Long Way , 2014, CHES.
[21] Gernot Heiser,et al. Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.
[22] Stefan Mangard,et al. ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.
[23] Yuval Yarom,et al. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 , 2017, CCS.
[24] Elisabeth Oswald,et al. Characterisation and Estimation of the Key Rank Distribution in the Context of Side Channel Evaluations , 2016, IACR Cryptol. ePrint Arch..
[25] Gorka Irazoqui Apecechea,et al. Cache Attacks Enable Bulk Key Recovery on the Cloud , 2016, CHES.
[26] Naomi Benger,et al. Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack , 2014, IACR Cryptol. ePrint Arch..
[27] Andrey Bogdanov,et al. Fast and Memory-Efficient Key Recovery in Side-Channel Attacks , 2015, SAC.
[28] Gilles Barthe,et al. Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC , 2016, IACR Cryptol. ePrint Arch..
[29] Avishai Wool,et al. A Bounded-Space Near-Optimal Key Enumeration Algorithm for Multi-subkey Side-Channel Attacks , 2017, CT-RSA.
[30] Tanja Lange,et al. Flush, Gauss, and reload : a cache attack on the BLISS lattice-based signature scheme , 2016 .
[31] François-Xavier Standaert,et al. An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..
[32] Klaus Wagner,et al. Flush+Flush: A Stealthier Last-Level Cache Attack , 2015, ArXiv.
[33] Eric Rescorla,et al. The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.