• Publications
  • Influence
Power analysis attacks - revealing the secrets of smart cards
TLDR
This volume explains how power analysis attacks work and provides an extensive discussion of countermeasures like shuffling, masking, and DPA-resistant logic styles to decide how to protect smart cards.
Spectre Attacks: Exploiting Speculative Execution
TLDR
This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim's process that violate the security assumptions underpinning numerous software security mechanisms.
Meltdown: Reading Kernel Memory from User Space
TLDR
It is shown that the KAISER defense mechanism for KASLR has the important (but inadvertent) side effect of impeding Meltdown, which breaks all security guarantees provided by address space isolation as well as paravirtualized environments.
Flush+Flush: A Fast and Stealthy Cache Attack
TLDR
The Flush+Flush attack is developed, which runs in a higher frequency and thus is faster than any existing cache attack and is also stealthy, i.e., the spy process cannot be detected based on cache hits and misses, or state-of-the-art detection mechanisms.
Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints
TLDR
A novel side-channel analysis resistant logic style called MDPL is described that is a masked and dual-rail pre-charge logic style and can be implemented using common CMOS standard cell libraries, making it perfectly suitable for semi-custom designs.
DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks
TLDR
DRAMA attacks are introduced, a novel class of attacks that exploit the DRAM row buffer that is shared, even in multi-processor systems and enables practical Rowhammer attacks on DDR4.
Meltdown
TLDR
It is shown that the KAISER defense mechanism for KASLR has the important (but inadvertent) side effect of impeding Meltdown, which enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges.
A Side-Channel Analysis Resistant Description of the AES S-Box
TLDR
This article introduces a new masking countermeasure which is not only secure against first-order side-channel attacks, but which also leads to relatively small implementations compared to other masking schemes implemented in dedicated hardware.
Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches
TLDR
An automated attack on the T-table-based AES implementation of OpenSSL that is as efficient as state-of-the-art manual cache attacks and can reduce the entropy per character from log2(26) = 4.7 to 1.4 bits on Linux systems is performed.
Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
TLDR
This work shows that caches can be forced into fast cache eviction to trigger the Rowhammer bug with only regular memory accesses, and demonstrates a fully automated attack that requires nothing but a website with JavaScript to trigger faults on remote hardware.
...
1
2
3
4
5
...