Paper 2015/839

Timing and Lattice Attacks on a Remote ECDSA OpenSSL Server: How Practical Are They Really?

David Wong

Abstract

In 2011, B.B.Brumley and N.Tuveri found a remote timing attack on OpenSSL’s ECDSA implementation for binary curves. We will study if the title of their paper was indeed relevant (Remote Timing Attacks are Still Practical). We improved on their lattice attack using the Embedding Strategy that reduces the Closest Vector Problem to the Shortest Vector Problem so as to avoid using Babai’s procedures to solve the CVP and rely on the better experimental results of LLL. We will detail (along with publishing the source code of the tools we used) our attempts to reproduce their experiments from a remote machine located on the same network with the server, and see that such attacks are not trivial and far from being practical. Finally we will see other attacks and countermeasures.

Metadata
Available format(s)
PDF
Publication info
Preprint. Minor revision.
Keywords
DSAECDSATiming AttacksRemote Side-Channel AttacksOpenSSLHowgrave-Graham and SmartB.B.Brumley and N.TuveriHidden Number ProblemLatticesSVPCVPBabaiLLLBKZEmbedding StrategyShort Nonces.
Contact author(s)
moi @ davidwong fr
History
2015-08-31: received
Short URL
https://ia.cr/2015/839
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/839,
      author = {David Wong},
      title = {Timing and Lattice Attacks on a Remote ECDSA OpenSSL Server: How Practical Are They Really?},
      howpublished = {Cryptology ePrint Archive, Paper 2015/839},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/839}},
      url = {https://eprint.iacr.org/2015/839}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.