Branch Prediction Attacks
暂无分享,去创建一个
So far we have looked at timing channels that arise due to cache memories in the system. Cache memories leak information about the memory accesses made by a cipher. In this chapter, we look at information leakage due to branch instructions. If a cipher implementation uses a conditional branch that depends on the secret key, then information about the key can leak through the processor’s branch predictor. A misprediction causes the execution to take considerably more time compared with predictions that are correct. This variation in execution time is exploited by attackers to determine bits of the secret key. Several-timing attacks based on branch prediction have been proposed. Unlike cache attacks, which are mostly effective on block ciphers, branch prediction attacks are applicable only on public key ciphers such as the Rivest, Shamir, and Adleman (RSA) algorithm. This chapter begins with a review of the RSA implementation before discussing various branch prediction attacks.
[1] Jean-Pierre Seifert,et al. New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures , 2007, IMACC.
[2] Jean-Pierre Seifert,et al. On the power of simple branch prediction analysis , 2007, ASIACCS '07.
[3] Onur Aciiçmez,et al. Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.