References

From Cryptography Coding Standard

Jump to: navigation, search

Contents

1 Secure coding
2 Software side channels and countermeasures
3 AES cache-timing attacks and defenses
4 Libraries, APIs, and toolkits

Secure coding

CERT Secure Coding Standards

JPL Institutional Coding Standard for the C Programming Language

OWASP Secure Coding Principles

Secure Programming for Linux and Unix HOWTO -- Creating Secure Software

Peter Gutmann. The Crypto Gardening Guide and Planting Tips.

Software side channels and countermeasures

Tony Arcieri. Thoughts on Rust Cryptography (video)

OpenSSL. crypto/constant_time_locl.h .

Emilia Käsper. Fast elliptic curve cryptography in OpenSSL. Financial Cryptography 2011.

Pascal Junod. Open-Source Cryptographic Libraries and Embedded Platforms. Hashdays 2010.

Nate Lawson. Side-channel attacks on cryptographic software. IEEE Security & Privacy, Nov.-Dec. 2009.

David Brumley, Dan Boneh. Remote timing attacks are practical. Usenix Security 2003.

Paul Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. CRYPTO 1996.

Adam Langley. ctgrind, Checking that functions are constant time with Valgrind.

AES cache-timing attacks and defenses

Raphael Spreitzer, Thomas Plos On the Applicability of Time-Driven Cache Attacks on Mobile Devices. NSS 2013.

Keaton Mowery, Sriram Keelveedhi, and Hovav Shacham Are AES x86 Cache Timing Attacks Still Feasible?. CCSW 2012.

Andy Polyakov openssl / crypto / aes / asm / aes-586.pl .

Thomas Pornin. Known methods for constant time (table-free) AES implementation using 'standard' operations?. 2011.

Endre Bangerter, David Gullasch, Stephan Krenn. Cache Games - Bringing Access Based Cache Attacks on AES to Practice. COSADE 2011.

Mike Hamburg. Accelerating AES with Vector Permute Instructions. CHES 2009.

Emilia Käsper, Peter Schwabe. Faster and Timing-Attack Resistant AES-GCM. CHES 2009.

Ernie Brickell, Gary Graunke, Michael Neve, Jean-Pierre Seifert. Software mitigations to hedge AES against cache-based software side channel vulnerabilities. 2006.

Eran Tromer, Dag Arne Osvik, Adi Shamir. Efficient cache attacks on AES, and countermeasures. CT-RSA 2006.

Daniel J. Bernstein. Cache-timing attacks on AES. 2004.

Libraries, APIs, and toolkits

Disclaimer: these links are not endorsements nor recommendations, etc.

asmcrypto.js

BoringSSL

Botan

BouncyCastle

BSAFE

Calico

Charm

cifra

CommmonCrypto

Conceal

Cryptlib

cryptography

CryptoJS

Crypto++

Go's pkg/crypto and x/crypto

GnuTLS

Inferno

Keyczar

LibreSSL (and libtls)

LibTomCrypt

mbed TLS (formerly PolarSSL)

MS CryptoAPI

NaCl (and TweetNaCl, tweetnacl-js)

NSS

OpenSSL

php-encryption

pidcrypt

PyCrypto

PyCryptoPlus

Pycryptopp

RELIC

s2n

SJCL

Snowshoe

Sodium (and libsodium.js)

TLS Lite

WolfSSL (formerly CyaSSL)

Retrieved from "http://cryptocoding.net/index.php?title=References&oldid=190"

Personal tools

Log in / create account

Toolbox