IEICE Technical Committee Submission System
Conference Paper's Information
Online Proceedings
[Sign in]
Tech. Rep. Archives
 Go Top Page Go Previous   [Japanese] / [English] 

Paper Abstract and Keywords
Presentation 2015-06-11 15:45
The Analysis of the CREAM vulnerability against OpenSSL
Jun Hasegawa, Yuhei Watanabe, Masakatu Morii (Kobe Univ.) IA2015-6 ICSS2015-6
Abstract (in Japanese) (See Japanese page) 
(in English) In this paper we discuss vulnerability of "CREAM", which was originally created by Daniel J. Bernstein in 2005 and named by Tony Arcieri later. This attack exploits the cache hits and misses that occur during the encryption process and recovers full AES key by measuring the total execution time of an encryption. Although it requires several unrealistic conditions, cloud computing can make the attack more practical. We propose the interaction between processes running on the different VMs as an alternative means of getting accurate clock cycles. We also cover POODLE attack. It's a kind of Man-in-the-middle attack against SSLv3.0, allowing to extract secure HTTP cookies. We prove the feasibility of this attack with a practical experiment.
Keyword (in Japanese) (See Japanese page) 
(in English) SSL / TLS / Cache-timing attacks / CREAM / POODLE / / / /  
Reference Info. IEICE Tech. Rep., vol. 115, no. 81, ICSS2015-6, pp. 27-32, June 2015.
Paper # ICSS2015-6 
Date of Issue 2015-06-04 (IA, ICSS) 
ISSN Print edition: ISSN 0913-5685    Online edition: ISSN 2432-6380
Copyright
and
reproduction
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034)
Download PDF IA2015-6 ICSS2015-6

Conference Information
Committee IA ICSS  
Conference Date 2015-06-11 - 2015-06-12 
Place (in Japanese) (See Japanese page) 
Place (in English) Kyushu Institute of Technology Univ. 
Topics (in Japanese) (See Japanese page) 
Topics (in English) Internet Security, etc. 
Paper Information
Registration To ICSS 
Conference Code 2015-06-IA-ICSS 
Language Japanese 
Title (in Japanese) (See Japanese page) 
Sub Title (in Japanese) (See Japanese page) 
Title (in English) The Analysis of the CREAM vulnerability against OpenSSL 
Sub Title (in English)  
Keyword(1) SSL / TLS  
Keyword(2) Cache-timing attacks  
Keyword(3) CREAM  
Keyword(4) POODLE  
Keyword(5)  
Keyword(6)  
Keyword(7)  
Keyword(8)  
1st Author's Name Jun Hasegawa  
1st Author's Affiliation Kobe University (Kobe Univ.)
2nd Author's Name Yuhei Watanabe  
2nd Author's Affiliation Kobe University (Kobe Univ.)
3rd Author's Name Masakatu Morii  
3rd Author's Affiliation Kobe University (Kobe Univ.)
4th Author's Name  
4th Author's Affiliation ()
5th Author's Name  
5th Author's Affiliation ()
6th Author's Name  
6th Author's Affiliation ()
7th Author's Name  
7th Author's Affiliation ()
8th Author's Name  
8th Author's Affiliation ()
9th Author's Name  
9th Author's Affiliation ()
10th Author's Name  
10th Author's Affiliation ()
11th Author's Name  
11th Author's Affiliation ()
12th Author's Name  
12th Author's Affiliation ()
13th Author's Name  
13th Author's Affiliation ()
14th Author's Name  
14th Author's Affiliation ()
15th Author's Name  
15th Author's Affiliation ()
16th Author's Name  
16th Author's Affiliation ()
17th Author's Name  
17th Author's Affiliation ()
18th Author's Name  
18th Author's Affiliation ()
19th Author's Name  
19th Author's Affiliation ()
20th Author's Name  
20th Author's Affiliation ()
Speaker Author-1 
Date Time 2015-06-11 15:45:00 
Presentation Time 20 minutes 
Registration for ICSS 
Paper # IA2015-6, ICSS2015-6 
Volume (vol) vol.115 
Number (no) no.80(IA), no.81(ICSS) 
Page pp.27-32 
#Pages
Date of Issue 2015-06-04 (IA, ICSS) 


[Return to Top Page]

[Return to IEICE Web Page]


The Institute of Electronics, Information and Communication Engineers (IEICE), Japan