139 lines
7.0 KiB
BibTeX
139 lines
7.0 KiB
BibTeX
% Encoding: UTF-8
|
|
|
|
@Book{seriouscrypto,
|
|
title = {Serious Cryptography: A Practical Introduction to Modern Encryption},
|
|
publisher = {no starch press},
|
|
year = {2017},
|
|
author = {Jean-Philippe Aumasson},
|
|
}
|
|
|
|
@Book{Menezes:1996:HAC:548089,
|
|
title = {Handbook of Applied Cryptography},
|
|
publisher = {CRC Press, Inc.},
|
|
year = {1996},
|
|
author = {Menezes, Alfred J. and Vanstone, Scott A. and Oorschot, Paul C. Van},
|
|
address = {Boca Raton, FL, USA},
|
|
edition = {1st},
|
|
isbn = {0849385237},
|
|
}
|
|
|
|
@Book{Anderson:2008:SEG:1373319,
|
|
title = {Security Engineering: A Guide to Building Dependable Distributed Systems},
|
|
publisher = {Wiley Publishing},
|
|
year = {2008},
|
|
author = {Anderson, Ross J.},
|
|
edition = {2},
|
|
isbn = {9780470068526},
|
|
}
|
|
|
|
@Book{DBLP:books/daglib/0025849,
|
|
title = {Computer Security {(3.} ed.)},
|
|
publisher = {Wiley},
|
|
year = {2011},
|
|
author = {Dieter Gollmann},
|
|
isbn = {978-0-470-74115-3},
|
|
bibsource = {dblp computer science bibliography, https://dblp.org},
|
|
biburl = {https://dblp.org/rec/bib/books/daglib/0025849},
|
|
timestamp = {Mon, 13 Mar 2017 16:08:10 +0100},
|
|
url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118801326.html},
|
|
}
|
|
|
|
@Article{Matsuda2018,
|
|
author = {Kohei Matsuda and Tatsuya Fujii and Natsu Shoji and Takeshi Sugawara and Kazuo Sakiyama and Yu-Ichi Hayashi and Makoto Nagata and Noriyuki Miura},
|
|
title = {A 286 F2/Cell Distributed Bulk-Current Sensor and Secure Flush Code Eraser Against Laser Fault Injection Attack on Cryptographic Processor},
|
|
journal = {{IEEE} Journal of Solid-State Circuits},
|
|
year = {2018},
|
|
volume = {53},
|
|
number = {11},
|
|
pages = {3174--3182},
|
|
month = nov,
|
|
doi = {10.1109/jssc.2018.2869142},
|
|
publisher = {Institute of Electrical and Electronics Engineers ({IEEE})},
|
|
url = {https://doi.org/10.1109/jssc.2018.2869142},
|
|
}
|
|
|
|
@InProceedings{244048,
|
|
title = {TPM-FAIL: {TPM} meets Timing and Lattice Attacks},
|
|
booktitle = {29th {USENIX} Security Symposium ({USENIX} Security 20)},
|
|
year = {2020},
|
|
address = {Boston, MA},
|
|
month = aug,
|
|
publisher = {{USENIX} Association},
|
|
url = {https://www.usenix.org/conference/usenixsecurity20/presentation/moghimi},
|
|
}
|
|
|
|
@InProceedings{aes2006,
|
|
author = {Osvik, Dag Arne and Shamir, Adi and Tromer, Eran},
|
|
title = {Cache Attacks and Countermeasures: The Case of AES},
|
|
booktitle = {Topics in Cryptology -- CT-RSA 2006},
|
|
year = {2006},
|
|
editor = {Pointcheval, David},
|
|
pages = {1--20},
|
|
address = {Berlin, Heidelberg},
|
|
publisher = {Springer Berlin Heidelberg},
|
|
abstract = {We describe several software side-channel attacks based on inter-process leakage through the state of the CPU's memory cache. This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. The attacks allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing and virtualization. Some of our methods require only the ability to trigger services that perform encryption or MAC using the unknown key, such as encrypted disk partitions or secure network links. Moreover, we demonstrate an extremely strong type of attack, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache. We discuss in detail several such attacks on AES, and experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux's dm-crypt encrypted partitions (in the latter case, the full key can be recovered after just 800 writes to the partition, taking 65 milliseconds). Finally, we describe several countermeasures for mitigating such attacks.},
|
|
isbn = {978-3-540-32648-9},
|
|
}
|
|
|
|
@InProceedings{lucky13,
|
|
author = {Al Fardan, Nadhem J. and Paterson, Kenneth G.},
|
|
title = {Lucky Thirteen: Breaking the TLS and DTLS Record Protocols},
|
|
booktitle = {Proceedings of the 2013 IEEE Symposium on Security and Privacy},
|
|
year = {2013},
|
|
series = {SP '13},
|
|
pages = {526--540},
|
|
address = {Washington, DC, USA},
|
|
publisher = {IEEE Computer Society},
|
|
acmid = {2498132},
|
|
doi = {10.1109/SP.2013.42},
|
|
isbn = {978-0-7695-4977-4},
|
|
keywords = {CBC-mode encryption, DTLS, TLS, plaintext recovery, timing attack},
|
|
numpages = {15},
|
|
url = {https://doi.org/10.1109/SP.2013.42},
|
|
}
|
|
|
|
@InProceedings{openssl2014,
|
|
author = {Benger, Naomi and van de Pol, Joop and Smart, Nigel P. and Yarom, Yuval},
|
|
title = {``Ooh Aah... Just a Little Bit'' : A Small Amount of Side Channel Can Go a Long Way},
|
|
booktitle = {Cryptographic Hardware and Embedded Systems -- CHES 2014},
|
|
year = {2014},
|
|
editor = {Batina, Lejla and Robshaw, Matthew},
|
|
pages = {75--92},
|
|
address = {Berlin, Heidelberg},
|
|
publisher = {Springer Berlin Heidelberg},
|
|
abstract = {We apply the Flush+Reload side-channel attack based on cache hits/misses to extract a small amount of data from OpenSSL ECDSA signature requests. We then apply a ``standard'' lattice technique to extract the private key, but unlike previous attacks we are able to make use of the side-channel information from almost all of the observed executions. This means we obtain private key recovery by observing a relatively small number of executions, and by expending a relatively small amount of post-processing via lattice reduction. We demonstrate our analysis via experiments using the curve secp256k1 used in the Bitcoin protocol. In particular we show that with as little as 200 signatures we are able to achieve a reasonable level of success in recovering the secret key for a 256-bit curve. This is significantly better than prior methods of applying lattice reduction techniques to similar side channel information.},
|
|
isbn = {978-3-662-44709-3},
|
|
}
|
|
|
|
@InProceedings{gpg2014,
|
|
author = {Yuval Yarom and Katrina Falkner},
|
|
title = {FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack},
|
|
booktitle = {23rd {USENIX} Security Symposium ({USENIX} Security 14)},
|
|
year = {2014},
|
|
pages = {719--732},
|
|
address = {San Diego, CA},
|
|
month = aug,
|
|
publisher = {{USENIX} Association},
|
|
isbn = {978-1-931971-15-7},
|
|
url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom},
|
|
}
|
|
|
|
@TechReport{europol19,
|
|
author = {Joint Reports},
|
|
title = {{{First report of the observatory function on encryption}}},
|
|
institution = {EUROPOL - EC3},
|
|
year = {2019},
|
|
}
|
|
|
|
@Article{kerr2017,
|
|
author = {Orin S. Kerr and Bruce Schneier},
|
|
title = {Encryption Workarounds},
|
|
journal = {{SSRN} Electronic Journal},
|
|
year = {2017},
|
|
doi = {10.2139/ssrn.2938033},
|
|
publisher = {Elsevier {BV}},
|
|
url = {https://doi.org/10.2139/ssrn.2938033},
|
|
}
|
|
|
|
@Comment{jabref-meta: databaseType:bibtex;}
|