- 1
- 2
- 3
- 4
> We demonstrate key extraction even from an implementation of Curve25519 Elliptic Curve Diffie-Hellman, which was explicitly designed
to minimize side channel leakage, but becomes susceptible due to use of high-level JavaScript
> Concretely, we have embedded the attack code in an advertisement, which we submitted to a commercial web advertisement service
Тут свежую атаку из жабаскрипта подвезли, они там опять ебут процессорный кэш и угадывают поведение control flow и составляющие ключа по времени доступа к памяти
https://eprint.iacr.org/2018/119
g0_1494089156986 01.02.2018 10:27 # −3
3.14159265 01.02.2018 16:14 # +2
О. Годно.
Но уязвимы ли жс-интерпретаторы?
j123123 01.02.2018 22:29 # +2
Soul_re@ver 01.02.2018 22:31 # +2
Fike 02.02.2018 00:50 # +1
syoma 02.02.2018 10:25 # −1
Что это такое?
Fike 02.02.2018 13:31 # 0
Stallman 01.02.2018 18:49 # +1
Fike 02.02.2018 00:51 # +2
> Thus, we use an alternative technique, based on an intentional inter-thread
race condition (see [62] for a recent survey of JavaScript timing sources, including this one).
In this approach, we allocate a SharedArrayBuffer array within the main JavaScript context,
and pass it to a "Timer" Web Worker which iteratively increments the value in the first cell of the
array in a tight loop. To acquire the value of our timer, the main context simply has to read that
value from the array. The naive implementation, accessing the array directly, did not work due to
runtime optimizations: since the incrementing iteration runs in a separate context of Web Worker,
the engine assumes that repeatedly reading the same memory location will yield the same result,
and optimizes the code to return a constant value. To overcome this, we used the Atomics API to
force reading from the array (with sufficiently small performance penalty).
[62], судя по всему, тоже тот еще охуенчик: Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
bormand 02.02.2018 07:04 # +3
vistefan 02.02.2018 14:20 # 0
vistefan 02.02.2018 14:26 # 0
vistefan 02.02.2018 16:11 # 0
bormand 02.02.2018 18:26 # 0
bormand 02.02.2018 19:29 # +1
g0_1494089156986 02.02.2018 22:27 # 0