Re: [Cfrg] considering new topics for CFRG

Henrick Hellström <henrick@streamsec.se> Sat, 04 January 2014 03:02 UTC

Return-Path: <henrick@streamsec.se>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36A341AE04E for <cfrg@ietfa.amsl.com>; Fri, 3 Jan 2014 19:02:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.45
X-Spam-Level: *
X-Spam-Status: No, score=1.45 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1e1WkqB1RSc for <cfrg@ietfa.amsl.com>; Fri, 3 Jan 2014 19:02:32 -0800 (PST)
Received: from vsp7.ballou.se (vsp7.ballou.se [91.189.40.103]) by ietfa.amsl.com (Postfix) with SMTP id B94211AE04A for <cfrg@irtf.org>; Fri, 3 Jan 2014 19:02:31 -0800 (PST)
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp7.ballou.se (Halon Mail Gateway) with ESMTP for <cfrg@irtf.org>; Sat, 4 Jan 2014 04:02:21 +0100 (CET)
Received: from [192.168.0.195] (c-a2c1e555.06-134-73746f39.cust.bredbandsbolaget.se [85.229.193.162]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id BF1F9128F6B for <cfrg@irtf.org>; Sat, 4 Jan 2014 04:02:21 +0100 (CET)
Message-ID: <52C779AC.5060002@streamsec.se>
Date: Sat, 04 Jan 2014 04:02:04 +0100
From: Henrick Hellström <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <52C755AA.70200@cisco.com> <1388803303.28448.66396277.268F74FA@webmail.messagingengine.com>
In-Reply-To: <1388803303.28448.66396277.268F74FA@webmail.messagingengine.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Cfrg] considering new topics for CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jan 2014 03:02:33 -0000

On 2014-01-04 03:41, David Wagner wrote:
> Back in 2005, David Molnar, Matt Piotrowski, David Schultz,
> and I proposed a simple method for testing for side channel
> vulnerabilities.  You instrument the program with gcov, then run it
> many times with many different randomly chosen keys (but with
> all other inputs held fixed), using gcov to gather a set of statement
> coverage statistics separately for each different key.  Then, you
> look at the statement coverage statistics that gcov produced.
> If you find any line in the code that was executed more times
> for some keys than for others, you have found a potential
> side channel vulnerability, as you've found some evidence that
> whether or not that line will be executed depends upon the value
> of the key.

This method will not detect timing differences caused by cache misses. 
(Think table look-ups, or branch-less pointer swapping.)