[cryptography] AES side channel attack using a weakness in the Linux scheduler
iang at iang.org
Fri Nov 26 17:31:58 EST 2010
On 25/11/10 3:26 AM, Jack Lloyd wrote:
> What are people's thoughts on these kinds of local cache attacks, in
> terms of actual systems security? While obviously very powerful, I
> tend to think that once you have a focused attacker in an unprivledged
> account on your machine, you have bigger problems than losing your AES
> keys (maybe Midori or Coyotos or L4 will fix this someday).
I would call this a medium security architecture, no more. Anything
that allows an attacker that close to a machine can't be considered to
be hi-sec. Another giveaway for med-sec is using a random selection of
letters for your security model...
So if you've decided that you're only doing a medium security system
then it's probably likely that you have not done a full analysis, and
can easily accept the esoteric risk of a cache attack.
PS: Didn't one of the authors of Rijdael write a toungue-in-cheek paper
revealing a timing attack on AES?
More information about the cryptography