Abstract
We present a new generic cache template attack technique, LBTA, layered binary templating attacks.
LBTA uses multiple coarsergrained side channels to speed up cache-line granularity templating, ranging from 64 B to 2 MB in practice and in theory beyond.
We discover first-come-first-serve data placement and data deduplication during compilation and linking as novel security issues that introduce sidechannel-friendly binary layouts.
We exploit this in inter-keystroke timing attacks and, depending on the target, even full keylogging attacks , e.g., on Chrome, Signal, Threema, Discord, and the passky password manager, indicating that all Chromium-based apps are affected.
LBTA uses multiple coarsergrained side channels to speed up cache-line granularity templating, ranging from 64 B to 2 MB in practice and in theory beyond.
We discover first-come-first-serve data placement and data deduplication during compilation and linking as novel security issues that introduce sidechannel-friendly binary layouts.
We exploit this in inter-keystroke timing attacks and, depending on the target, even full keylogging attacks , e.g., on Chrome, Signal, Threema, Discord, and the passky password manager, indicating that all Chromium-based apps are affected.
Originalsprache | englisch |
---|---|
Titel | Applied Cryptography and Network Security |
Untertitel | 21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, Proceedings, Part I |
Erscheinungsort | Cham |
Herausgeber (Verlag) | Springer |
Seitenumfang | 27 |
DOIs | |
Publikationsstatus | Veröffentlicht - 2023 |
Veranstaltung | 21st International Conference on Applied Cryptography and Network Security: ACNS 2023 - Kyoto, Japan Dauer: 19 Juni 2023 → 22 Juni 2023 |
Publikationsreihe
Name | Lecture Notes in Computer Science |
---|---|
Band | 13905 |
Konferenz
Konferenz | 21st International Conference on Applied Cryptography and Network Security |
---|---|
Kurztitel | ACNS 2023 |
Land/Gebiet | Japan |
Ort | Kyoto |
Zeitraum | 19/06/23 → 22/06/23 |