| Presentation | 2015-06-11 The Analysis of the CREAM vulnerability against OpenSSL Jun Hasegawa, Yuhei Watanabe, Masakatu Morii, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In this paper we discuss vulnerability of "CREAM", which was originally created by Daniel J. Bernstein in 2005 and named by Tony Arcieri later. This attack exploits the cache hits and misses that occur during the encryption process and recovers full AES key by measuring the total execution time of an encryption. Although it requires several unrealistic conditions, cloud computing can make the attack more practical. We propose the interaction between processes running on the different VMs as an alternative means of getting accurate clock cycles. We also cover POODLE attack. It's a kind of Man-in-the-middle attack against SSLv3.0, allowing to extract secure HTTP cookies. We prove the feasibility of this attack with a practical experiment. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | SSL / TLS / Cache-timing attacks / CREAM / POODLE |
| Paper # | IA2015-6,ICSS2015-6 |
| Date of Issue | 2015-06-04 (IA, ICSS) |
| Conference Information | |
| Committee | IA / ICSS |
|---|---|
| Conference Date | 2015/6/11(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Kyushu Institute of Technology Univ. |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Internet Security, etc. |
| Chair | Ken-ichi Yoshida(Univ. of Tsukuba) / Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Hiroyuki Osaki(Kwansei Gakuin Univ.) / Masahiro Jibiki(NICT) / Yutaka Nakamura(Kyushu Inst. of Tech.) / Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
| Secretary | Hiroyuki Osaki(Tokyo Inst. of Tech.) / Masahiro Jibiki(Osaka Univ.) / Yutaka Nakamura(Mitsubishi Electric) / Takashi Nishide(NII) / Yoshiaki Shiraishi |
| Assistant | Yuichiro Hei(KDDI R&D Labs.) / Hiroshi Yamamoto(Ritsumeikan Univ.) / Toshiki Watanabe(NEC) / Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture / Technical Committee on Information and Communication System Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | The Analysis of the CREAM vulnerability against OpenSSL |
| Sub Title (in English) | |
| Keyword(1) | SSL / TLS |
| Keyword(2) | Cache-timing attacks |
| Keyword(3) | CREAM |
| Keyword(4) | POODLE |
| 1st Author's Name | Jun Hasegawa |
| 1st Author's Affiliation | Kobe University(Kobe Univ.) |
| 2nd Author's Name | Yuhei Watanabe |
| 2nd Author's Affiliation | Kobe University(Kobe Univ.) |
| 3rd Author's Name | Masakatu Morii |
| 3rd Author's Affiliation | Kobe University(Kobe Univ.) |
| Date | 2015-06-11 |
| Paper # | IA2015-6,ICSS2015-6 |
| Volume (vol) | vol.115 |
| Number (no) | IA-80,ICSS-81 |
| Page | pp.pp.27-32(IA), pp.27-32(ICSS), |
| #Pages | 6 |
| Date of Issue | 2015-06-04 (IA, ICSS) |