FreshRSS

Normální zobrazení

Jsou dostupné nové články, klikněte pro obnovení stránky.
PředevčíremHlavní kanál

Data Memory-Dependent Prefetchers Pose SW Security Threat By Breaking Cryptographic Implementations

A technical paper titled “GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers” was presented at the August 2024 USENIX Security Symposium by researchers at University of Illinois Urbana-Champaign, University of Texas at Austin, Georgia Institute of Technology, University of California Berkeley, University of Washington, and Carnegie Mellon University.

Abstract:

“Microarchitectural side-channel attacks have shaken the foundations of modern processor design. The cornerstone defense against these attacks has been to ensure that security-critical programs do not use secret-dependent data as addresses. Put simply: do not pass secrets as addresses to, e.g., data memory instructions. Yet, the discovery of data memory-dependent prefetchers (DMPs)—which turn program data into addresses directly from within the memory system—calls into question whether this approach will continue to remain secure.

This paper shows that the security threat from DMPs is significantly worse than previously thought and demonstrates the first end-to-end attacks on security-critical software using the Apple m-series DMP. Undergirding our attacks is a new understanding of how DMPs behave which shows, among other things, that the Apple DMP will activate on behalf of any victim program and attempt to “leak” any cached data that resembles a pointer. From this understanding, we design a new type of chosen-input attack that uses the DMP to perform end-to-end key extraction on popular constant-time implementations of classical (OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum cryptography (CRYSTALS-Kyber and CRYSTALS-Dilithium).”

Find the technical paper here. Published August 2024.

Chen, Boru, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella, and Daniel Genkin. “GoFetch: Breaking constant-time cryptographic implementations using data memory-dependent prefetchers.” In Proc. USENIX Secur. Symp, pp. 1-21. 2024.

Further Reading
Chip Security Now Depends On Widening Supply Chain
How tighter HW-SW integration and increasing government involvement are changing the security landscape for chips and systems.

 

The post Data Memory-Dependent Prefetchers Pose SW Security Threat By Breaking Cryptographic Implementations appeared first on Semiconductor Engineering.

  • ✇Latest
  • Banning Flavored Tobacco Products Doesn't Work—We Have the Trash To Prove ItSofia Hamilton
    In recent years, Massachusetts, New York, California, and Washington, D.C., have all implemented bans on flavored tobacco products in an attempt to reduce smoking rates among younger populations. Despite these bans, flavored tobacco products are still easily accessible—and it's never been more apparent.  Walk into the nearest convenience store and you'll likely find an assortment of flavored tobacco products to choose from—strawberry banana, blue
     

Banning Flavored Tobacco Products Doesn't Work—We Have the Trash To Prove It

23. Červen 2024 v 13:00
Green trash can that says, "Keep New York City Clean." | Photo 58512828 © Daniel Kaesler | Dreamstime.com

In recent years, Massachusetts, New York, California, and Washington, D.C., have all implemented bans on flavored tobacco products in an attempt to reduce smoking rates among younger populations. Despite these bans, flavored tobacco products are still easily accessible—and it's never been more apparent. 

Walk into the nearest convenience store and you'll likely find an assortment of flavored tobacco products to choose from—strawberry banana, blue raspberry, spearmint, black cherry. Whether or not your city or state bans these products, they'll likely be fully stocked and at your disposal.

In 2021, the D.C. Council banned the sale of flavored tobacco products within a quarter-mile of middle schools and high schools. New York City took things a step further by banning the sale of flavored tobacco products throughout its five boroughs.

Yet, citywide bans on the sale and purchase of flavored tobacco products have utterly failed. Two new studies conducted by the market researcher WSPM Group show just how many tobacco products are being consumed and disposed of in Washington, D.C., and New York City. Researchers went through the trash in the two cities and found that over 99 percent of the vapes collected from the urban trash cans were flavored tobacco products, despite consumers in those cities being barred from legally purchasing those products.

Something similar happened when Massachusetts banned menthol cigarettes in 2019. Proponents of the ban argued that it would lower smoking rates among black adults, the primary consumers of menthol tobacco products. In reality, the prevalence of smoking among black adults increased after the ban was implemented, as did the sale of menthol cigarettes in surrounding states. Bay Staters were driving out-of-state to purchase menthol cigarettes in higher quantities to stockpile for their own use or to sell on the newly created black market. Smokers were undeniably worse off after their state government took away their right to choose and forced them into a black market.

And who supplies vendors with these illicit flavored vapes filling the shelves of corner stores across the nation? China, of course—though most consumers likely aren't aware of that. Of the 2,000 e-vapor products collected from the trash in Washington, D.C., and the surrounding cities of Arlington, Alexandria, Bethesda, and Silver Spring, 99.5 percent of the packaging and products were exported from China. When the nearest 7-Eleven carries a variety of flavored vapes, few will consider where they came from or imagine that they are illegally imported items. Last year, the FDA sent out notices to 22 retailers warning them of coming fines if they did not stop selling unauthorized e-cigarettes, but those banned products can still be seen on store shelves and in smokers' hands throughout the country.

Adults should be able to purchase whatever tobacco products they please—and the trash tells us they will do just that. Banning flavored tobacco products will never stop people from smoking—instead, lawmakers are once again causing unregulated and potentially dangerous black markets to rise up and meet the demand. It's time that policy makers discard the idea that they can control individuals' personal choices.

The post Banning Flavored Tobacco Products Doesn't Work—We Have the Trash To Prove It appeared first on Reason.com.

❌
❌