Paper Abstract and Keywords |
Presentation |
2015-06-11 15:45
The Analysis of the CREAM vulnerability against OpenSSL Jun Hasegawa, Yuhei Watanabe, Masakatu Morii (Kobe Univ.) IA2015-6 ICSS2015-6 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
In this paper we discuss vulnerability of "CREAM", which was originally created by Daniel J. Bernstein in 2005 and named by Tony Arcieri later. This attack exploits the cache hits and misses that occur during the encryption process and recovers full AES key by measuring the total execution time of an encryption. Although it requires several unrealistic conditions, cloud computing can make the attack more practical. We propose the interaction between processes running on the different VMs as an alternative means of getting accurate clock cycles. We also cover POODLE attack. It's a kind of Man-in-the-middle attack against SSLv3.0, allowing to extract secure HTTP cookies. We prove the feasibility of this attack with a practical experiment. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
SSL / TLS / Cache-timing attacks / CREAM / POODLE / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 115, no. 81, ICSS2015-6, pp. 27-32, June 2015. |
Paper # |
ICSS2015-6 |
Date of Issue |
2015-06-04 (IA, ICSS) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
IA2015-6 ICSS2015-6 |
Conference Information |
Committee |
IA ICSS |
Conference Date |
2015-06-11 - 2015-06-12 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Kyushu Institute of Technology Univ. |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Internet Security, etc. |
Paper Information |
Registration To |
ICSS |
Conference Code |
2015-06-IA-ICSS |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
The Analysis of the CREAM vulnerability against OpenSSL |
Sub Title (in English) |
|
Keyword(1) |
SSL / TLS |
Keyword(2) |
Cache-timing attacks |
Keyword(3) |
CREAM |
Keyword(4) |
POODLE |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Jun Hasegawa |
1st Author's Affiliation |
Kobe University (Kobe Univ.) |
2nd Author's Name |
Yuhei Watanabe |
2nd Author's Affiliation |
Kobe University (Kobe Univ.) |
3rd Author's Name |
Masakatu Morii |
3rd Author's Affiliation |
Kobe University (Kobe Univ.) |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2015-06-11 15:45:00 |
Presentation Time |
20 minutes |
Registration for |
ICSS |
Paper # |
IA2015-6, ICSS2015-6 |
Volume (vol) |
vol.115 |
Number (no) |
no.80(IA), no.81(ICSS) |
Page |
pp.27-32 |
#Pages |
6 |
Date of Issue |
2015-06-04 (IA, ICSS) |
|