Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications
This work provides insights for side-channel researchers, cryptographic software developers, and users to help fortify applications against vulnerabilities.
The paper systematizes software side-channel attacks in cryptographic implementations by surveying literature to categorize vulnerabilities and countermeasures, then evaluates popular libraries and applications with quantitative measurements of vulnerability severity, response time, and coverage.
We systematize software side-channel attacks with a focus on vulnerabilities and countermeasures in the cryptographic implementations. Particularly, we survey past research literature to categorize vulnerable implementations, and identify common strategies to eliminate them. We then evaluate popular libraries and applications, quantitatively measuring and comparing the vulnerability severity, response time and coverage. Based on these characterizations and evaluations, we offer some insights for side-channel researchers, cryptographic software developers and users. We hope our study can inspire the side-channel research community to discover new vulnerabilities, and more importantly, to fortify applications against them.