From Cryptography Coding Standard
Revision as of 14:43, 20 January 2016 by Jpa
- Peter Gutmann. The Crypto Gardening Guide and Planting Tips.
Software side channels and countermeasures
- OpenSSL. crypto/constant_time_locl.h .
- Emilia Käsper. Fast elliptic curve cryptography in OpenSSL. Financial Cryptography 2011.
- Pascal Junod. Open-Source Cryptographic Libraries and Embedded Platforms. Hashdays 2010.
- Nate Lawson. Side-channel attacks on cryptographic software. IEEE Security & Privacy, Nov.-Dec. 2009.
- David Brumley, Dan Boneh. Remote timing attacks are practical. Usenix Security 2003.
- Paul Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. CRYPTO 1996.
- Adam Langley. ctgrind, Checking that functions are constant time with Valgrind.
AES cache-timing attacks and defenses
- Raphael Spreitzer, Thomas Plos On the Applicability of Time-Driven Cache Attacks on Mobile Devices. NSS 2013.
- Keaton Mowery, Sriram Keelveedhi, and Hovav Shacham Are AES x86 Cache Timing Attacks Still Feasible?. CCSW 2012.
- Andy Polyakov openssl / crypto / aes / asm / aes-586.pl .
- Thomas Pornin. Known methods for constant time (table-free) AES implementation using 'standard' operations?. 2011.
- Endre Bangerter, David Gullasch, Stephan Krenn. Cache Games - Bringing Access Based Cache Attacks on AES to Practice. COSADE 2011.
- Mike Hamburg. Accelerating AES with Vector Permute Instructions. CHES 2009.
- Emilia Käsper, Peter Schwabe. Faster and Timing-Attack Resistant AES-GCM. CHES 2009.
- Ernie Brickell, Gary Graunke, Michael Neve, Jean-Pierre Seifert. Software mitigations to hedge AES against cache-based software side channel vulnerabilities. 2006.
- Eran Tromer, Dag Arne Osvik, Adi Shamir. Efficient cache attacks on AES, and countermeasures. CT-RSA 2006.
- Daniel J. Bernstein. Cache-timing attacks on AES. 2004.
Libraries, APIs, and toolkits
Disclaimer: these links are not endorsements nor recommendations, etc.
- mbed TLS (formerly PolarSSL)
- WolfSSL (formerly CyaSSL)