You are here: silicon.com > Resources > White Papers > Security > Security Administration > Security Management

Security Management White Papers

Cache-Collision Timing Attacks Against AES

Overview This paper describes several novel timing attacks against the common table-driven software implementation of the AES cipher. The authors define a general attack strategy using a simplified model of the cache to predict timing variation due to cache-collisions in the sequence of lookups performed by the encryption. The attacks presented should be applicable to most high-speed software AES implementations and computing platforms, the authors have implemented them against OpenSSL v. 0.9.8.(a) running on Pentium III, Pentium IV Xeon, and UltraSPARC III+ machines. While the task of defending AES against all timing attacks is challenging, a small patch can significantly reduce the vulnerability to these specific attacks with no performance penalty.

Further White Paper Details
Publisher	Microsoft	File Format	PDF
Date Published	July 2006	Downloads	40
Format	White Papers
Topics	Security Management, SSL - TLS, Network Security

Did you find this white paper useful? 1 out of 3 users found this white paper useful

Windows hacks available on the net

The PCT vulnerability puts Web servers that use Secure Sockets Layer encryption features at risk. Symantec confirmed that it has also captured a version of the AgoBot program, known as PhatBot, that appears to have the ability to attack systems...

Channel:
Security Strategy

Two critical Windows vulnerabilities announced

According to Symantec, in a web-based attack scenario, an attacker would have to host a website that contains a web page used to exploit this vulnerability. The first critical problem involves a vulnerability in the "Task Scheduler" stemming from...

Channel:
Security Strategy

HP sharpens its blade's cutting edge

The Pentium M comes with 1MB of high-speed cache memory rather than the 512KB in the Pentium III and supports faster double data rate (DDR) memory. HP is to upgrade its ProLiant BL10e blade server with a 1GHz Pentium M - a processor code-named...

Channel:
Servers

Intel pulls 'flawed' top-end server chip

The chip giant began shipping the Pentium III Xeon 900MHz processor with 2MB of high-speed cache in March but has withdrawn it after a customer reported a flaw. Intel said it has replicated the problem in its labs but was forced to pull it after it...

Channel:
Servers

Cyber attack targets unpatched Excel flaw

Some experts believe the timing of the new attack is no coincidence. A new, yet-to-be-patched security vulnerability in Microsoft's Excel has been exploited in at least one targeted cyber attack, experts warned on Friday.

Channel:
Malware
Tags:
excel,
flaw,
patch,
microsoft

Attack code alert over unpatched IE flaw

Some experts believe the timing of the new attack is no coincidence, suggesting attackers look to take advantage of a full month before Microsoft is scheduled to release its next bunch of fixes. In recent months, word of new attacks has repeatedly...

Channel:
Security Strategy
Tags:
flaw,
exploit

Featured White Papers

IDC reports on Novell's Secure Desktop Solution: A Modern-Day Marriage of Business Benefit and Risk Reduction

This IDC whitepaper examines how companies are turning to integrated security solutions, such as Novell Secure Desktop Solution, to deal with the vulnerability of mobile assets and implement a comprehensive security strategy.

Publisher:
Novell

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Balancing Security Against Productivity

What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried IT security professionals on the topic, intriguing insight into the effectiveness of security management came to light.

Publisher:
Novell

Also on silicon.com

Site Navigation:

Security Management White Papers

Cache-Collision Timing Attacks Against AES

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific