Layered Binary Templating

Martin Schwarzl; Erik Kraft; Daniel Gruss

doi:10.1007/978-3-031-33488-7_2

Layered Binary Templating

Martin Schwarzl^*, Erik Kraft, Daniel Gruss

^*Corresponding author for this work

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

We present a new generic cache template attack technique, LBTA, layered binary templating attacks.
LBTA uses multiple coarsergrained side channels to speed up cache-line granularity templating, ranging from 64 B to 2 MB in practice and in theory beyond.
We discover first-come-first-serve data placement and data deduplication during compilation and linking as novel security issues that introduce sidechannel-friendly binary layouts.
We exploit this in inter-keystroke timing attacks and, depending on the target, even full keylogging attacks , e.g., on Chrome, Signal, Threema, Discord, and the passky password manager, indicating that all Chromium-based apps are affected.

Original language	English
Title of host publication	Applied Cryptography and Network Security
Subtitle of host publication	21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, Proceedings, Part I
Place of Publication	Cham
Publisher	Springer
Number of pages	27
DOIs	https://doi.org/10.1007/978-3-031-33488-7_2
Publication status	Published - 2023
Event	21st International Conference on Applied Cryptography and Network Security: ACNS 2023 - Kyoto, Japan Duration: 19 Jun 2023 → 22 Jun 2023

Publication series

Name	Lecture Notes in Computer Science
Volume	13905

Conference

Conference	21st International Conference on Applied Cryptography and Network Security
Abbreviated title	ACNS 2023
Country/Territory	Japan
City	Kyoto
Period	19/06/23 → 22/06/23

Access to Document

10.1007/978-3-031-33488-7_2

lbtSubmitted manuscript, 741 KB

Cite this

Layered Binary Templating. / Schwarzl, Martin; Kraft, Erik; Gruss, Daniel.
Applied Cryptography and Network Security : 21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, Proceedings, Part I. Cham: Springer, 2023. (Lecture Notes in Computer Science ; Vol. 13905).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Schwarzl, M, Kraft, E & Gruss, D 2023, Layered Binary Templating. in Applied Cryptography and Network Security : 21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, Proceedings, Part I. Lecture Notes in Computer Science , vol. 13905, Springer, Cham, 21st International Conference on Applied Cryptography and Network Security, Kyoto, Japan, 19/06/23. https://doi.org/10.1007/978-3-031-33488-7_2

@inproceedings{86777c45653446e7b090b836da74d2bd,

title = "Layered Binary Templating",

abstract = "We present a new generic cache template attack technique, LBTA, layered binary templating attacks. LBTA uses multiple coarsergrained side channels to speed up cache-line granularity templating, ranging from 64 B to 2 MB in practice and in theory beyond.We discover first-come-first-serve data placement and data deduplication during compilation and linking as novel security issues that introduce sidechannel-friendly binary layouts. We exploit this in inter-keystroke timing attacks and, depending on the target, even full keylogging attacks , e.g., on Chrome, Signal, Threema, Discord, and the passky password manager, indicating that all Chromium-based apps are affected.",

author = "Martin Schwarzl and Erik Kraft and Daniel Gruss",

year = "2023",

doi = "10.1007/978-3-031-33488-7_2",

language = "English",

series = "Lecture Notes in Computer Science ",

publisher = "Springer",

booktitle = "Applied Cryptography and Network Security",

note = "21st International Conference on Applied Cryptography and Network Security : ACNS 2023, ACNS 2023 ; Conference date: 19-06-2023 Through 22-06-2023",

}

TY - GEN

T1 - Layered Binary Templating

AU - Schwarzl, Martin

AU - Kraft, Erik

AU - Gruss, Daniel

PY - 2023

Y1 - 2023

N2 - We present a new generic cache template attack technique, LBTA, layered binary templating attacks. LBTA uses multiple coarsergrained side channels to speed up cache-line granularity templating, ranging from 64 B to 2 MB in practice and in theory beyond.We discover first-come-first-serve data placement and data deduplication during compilation and linking as novel security issues that introduce sidechannel-friendly binary layouts. We exploit this in inter-keystroke timing attacks and, depending on the target, even full keylogging attacks , e.g., on Chrome, Signal, Threema, Discord, and the passky password manager, indicating that all Chromium-based apps are affected.

AB - We present a new generic cache template attack technique, LBTA, layered binary templating attacks. LBTA uses multiple coarsergrained side channels to speed up cache-line granularity templating, ranging from 64 B to 2 MB in practice and in theory beyond.We discover first-come-first-serve data placement and data deduplication during compilation and linking as novel security issues that introduce sidechannel-friendly binary layouts. We exploit this in inter-keystroke timing attacks and, depending on the target, even full keylogging attacks , e.g., on Chrome, Signal, Threema, Discord, and the passky password manager, indicating that all Chromium-based apps are affected.

U2 - 10.1007/978-3-031-33488-7_2

DO - 10.1007/978-3-031-33488-7_2

M3 - Conference paper

T3 - Lecture Notes in Computer Science

BT - Applied Cryptography and Network Security

PB - Springer

CY - Cham

T2 - 21st International Conference on Applied Cryptography and Network Security

Y2 - 19 June 2023 through 22 June 2023

ER -

Layered Binary Templating

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this