Ben StockDec 16, 2022
Tomorrow at @USENIXSecurity #usesec22, my PhD student @s3br0th will present our most recent work on the Security Lottery. Sebastian will be looking for Postdoc positions soon (tm), so try to find him when you are offering and attending the conference :-) https://twitter.com/s3br0th/status/1538782043563343872
Sebastian Roth on Twitter

“Ever wondered if all clients get the same level of security? In our newest @USENIXSecurity paper, we discovered that sometimes the configuration of security headers depends on client characteristics. Read it here: https://t.co/tDIFqJP5O7 CC: @stecalzavara @kcotsneb @CISPA”

Twitter
Ben StockDec 16, 2022
Going to events like @USENIXSecurity #usesec22 is one of the things I love most about my job. Had great discussions with many old friends and upcoming talents. Already looking forward to the next iteration, albeit all conferences are rather west coast-heavy for the next year ;) https://t.co/U8DwPs3doI
Ben Stock on Twitter

“Going to events like @USENIXSecurity #usesec22 is one of the things I love most about my job. Had great discussions with many old friends and upcoming talents. Already looking forward to the next iteration, albeit all conferences are rather west coast-heavy for the next year ;)”

Twitter
Ben StockDec 16, 2022
What's it like to faculty @CISPA? Video-based answers from @misc0110, @cathykxx, @BurkholzRebekka, @LucjanHanzlik, and myself coming soon, for now let's stick with the teaser only. Want to know more? Ping me through a DM and we can catch up at @USENIXSecurity #usesec22 next week https://t.co/XgXLVQ6Kj6
Ben Stock on Twitter

“What's it like to faculty @CISPA? Video-based answers from @misc0110, @cathykxx, @BurkholzRebekka, @LucjanHanzlik, and myself coming soon, for now let's stick with the teaser only. Want to know more? Ping me through a DM and we can catch up at @USENIXSecurity #usesec22 next week”

Twitter
Nicola TuveriAug 12, 2022

RT @[email protected]

It is 2022, and your computer now runs at 3 MHz.

“Do you mean 3 GHz?”

Nope! A malicious hyperthread can make shared libraries run up to ~1000x slower, resulting in a huge SNR boost for side-channel attacks.

[HyperDegrade, by @[email protected]] #usesec22

🐦🔗: https://twitter.com/PurnalToon/status/1557825749842857984

Antoon Purnal on Twitter

“It is 2022, and your computer now runs at 3 MHz. “Do you mean 3 GHz?” Nope! A malicious hyperthread can make shared libraries run up to ~1000x slower, resulting in a huge SNR boost for side-channel attacks. [HyperDegrade, by @acaldaya] #usesec22”

Twitter
DEFCON 201Aug 11, 2022

Another better late than never, here is the #DCG201 guide to
#usenix & #soups this year!

https://defcon201.medium.com/hacker-double-summer-2022-guides-part-eleven-usenix-soups-c5261b03a6ca

Next Up: The BIG #defcon Guide...

#usenix #soups #hackersummercamp #soups2022 #usesec22

HACKER DOUBLE SUMMER 2022 GUIDES — Part Eleven: USENIX + SOUPS

Welcome to the DCG 201 guide to Hacker Double Summer! This is part of a series where we are going to cover all the various hacker conventions and shenanigans at the start of July to the end of August…

Medium
Nicola TuveriOct 6, 2021

📣 Happy to announce that "OpenSSLNTRU: Faster post-quantum TLS key exchange" has been accepted at @USENIXSecurity 2022! 🎉

Exciting collaboration with @hashbreaker, @NISEC_TAU Billy Bob Brumley, & Ming-Shing Chen!

 Visit opensslntru.cr.yp.to for updated demo, FOSS artifacts, & preprint!

#usesec22 #nistpqc #pqcrypto

Nicola TuveriOct 6, 2021
Happy to announce that "OpenSSLNTRU: Faster post-quantum TLS key exchange" has been accepted at @[email protected] 2022!
Exciting collaboration with @[email protected], @[email protected] Billy Bob Brumley, & Ming-Shing Chen!
http://opensslntru.cr.yp.to for demo, FOSS artifacts, & preprint!
#usesec22
Nicola TuveriSep 22, 2021

RT @[email protected]

"HyperDegrade: From GHz to MHz Effective CPU Frequencies" to appear @[email protected] #usesec22 Congrats to @[email protected]! Updated #ePrint
https://arxiv.org/abs/2101.01077 #ResearchImpactEU

🐦🔗: https://twitter.com/NISEC_TAU/status/1440550644679516169

HyperDegrade: From GHz to MHz Effective CPU Frequencies

Performance degradation techniques are an important complement to side-channel attacks. In this work, we propose HyperDegrade -- a combination of previous approaches and the use of simultaneous multithreading (SMT) architectures. In addition to the new technique, we investigate the root causes of performance degradation using cache eviction, discovering a previously unknown slowdown origin. The slowdown produced is significantly higher than previous approaches, which translates into an increased time granularity for Flush+Reload attacks. We evaluate HyperDegrade on different Intel microarchitectures, yielding significant slowdowns that achieve, in select microbenchmark cases, three orders of magnitude improvement over state-of-the-art. To evaluate the efficacy of performance degradation in side-channel amplification, we propose and evaluate leakage assessment metrics. The results evidence that HyperDegrade increases time granularity without a meaningful impact on trace quality. Additionally, we designed a fair experiment that compares three performance degradation strategies when coupled with Flush+Reload from an attacker perspective. We developed an attack on an unexploited vulnerability in OpenSSL in which HyperDegrade excels -- reducing by three times the number of required Flush+Reload traces to succeed. Regarding cryptography contributions, we revisit the recently proposed Raccoon attack on TLS-DH key exchanges, demonstrating its application to other protocols. Using HyperDegrade, we developed an end-to-end attack that shows how a Raccoon-like attack can succeed with real data, filling a missing gap from previous research.