Abstract:
Various Open Source Cryptographic Libraries are being used these days to implement the general purpose cryptographic functions and to provide a secure communication channel over the internet. These libraries, that implement SSL/TLS, have been targeted by various side channel attacks in the past that result in leakage of sensitive information flowing over the network. Side channel attacks rely on inadvertent leakage of information from devices through observable attributes of online communication. Some of the common side channel attacks discovered so far rely on packet arrival and departure times (Timing Attacks), power usage and packet sizes. Our research explores novel side channel attack that relies on CPU architecture and instruction sets. In this research, we explored such side channel vectors against popular SSL/TLS implementations which were previously believed to be patched against padding oracle attacks, like the POODLE attack. We were able to successfully extract the plaintext bits in the information exchanged using the APIs of two popular SSL/TLS libraries.