all InfoSec news
Towards Efficient Verification of Constant-Time Cryptographic Implementations
Feb. 22, 2024, 5:11 a.m. | Luwei Cai, Fu Song, Taolue Chen
cs.CR updates on arXiv.org arxiv.org
Abstract: Timing side-channel attacks exploit secret-dependent execution time to fully or partially recover secrets of cryptographic implementations, posing a severe threat to software security. Constant-time programming discipline is an effective software-based countermeasure against timing side-channel attacks, but developing constant-time implementations turns out to be challenging and error-prone. Current verification approaches/tools suffer from scalability and precision issues when applied to production software in practice. In this paper, we put forward practical verification approaches based on a novel …
arxiv attacks channel cryptographic cs.cr cs.se current discipline error exploit programming recover secret secrets security side-channel side-channel attacks software software security threat verification
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Cyber Security Engineer
@ ASSYSTEM | Bridgwater, United Kingdom
Security Analyst
@ Northwestern Memorial Healthcare | Chicago, IL, United States
GRC Analyst
@ Richemont | Shelton, CT, US
Security Specialist
@ Peraton | Government Site, MD, United States
Information Assurance Security Specialist (IASS)
@ OBXtek Inc. | United States
Cyber Security Technology Analyst
@ Airbus | Bengaluru (Airbus)