{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,28]],"date-time":"2025-12-28T07:52:41Z","timestamp":1766908361266},"reference-count":98,"publisher":"IEEE","license":[{"start":{"date-parts":[[2020,5,1]],"date-time":"2020-05-01T00:00:00Z","timestamp":1588291200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,5,1]],"date-time":"2020-05-01T00:00:00Z","timestamp":1588291200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2020,5,1]],"date-time":"2020-05-01T00:00:00Z","timestamp":1588291200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,5]]},"DOI":"10.1109\/sp40000.2020.00046","type":"proceedings-article","created":{"date-parts":[[2020,7,30]],"date-time":"2020-07-30T20:48:34Z","timestamp":1596142114000},"page":"1241-1258","source":"Crossref","is-referenced-by-count":18,"title":["Pseudorandom Black Swans: Cache Attacks on CTR_DRBG"],"prefix":"10.1109","author":[{"given":"Shaanan","family":"Cohney","sequence":"first","affiliation":[]},{"given":"Andrew","family":"Kwong","sequence":"additional","affiliation":[]},{"given":"Shahar","family":"Paz","sequence":"additional","affiliation":[]},{"given":"Daniel","family":"Genkin","sequence":"additional","affiliation":[]},{"given":"Nadia","family":"Heninger","sequence":"additional","affiliation":[]},{"given":"Eyal","family":"Ronen","sequence":"additional","affiliation":[]},{"given":"Yuval","family":"Yarom","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74735-2_1"},{"key":"ref38","article-title":"Wait a minute! a fast, cross-VM attack on AES","author":"irazoqui","year":"2014","journal-title":"RAID"},{"article-title":"Intel SGX for dummies (Intel SGX design objectives)","year":"2013","author":"h","key":"ref33"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.22"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813613"},{"key":"ref30","article-title":"A memory encryption engine suitable for general purpose processors","author":"gueron","year":"2016","journal-title":"IACR ePrint Archive"},{"year":"2017","key":"ref37","article-title":"Intel software guard extensions SSL"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00306-6_21"},{"article-title":"Mining your Ps and Qs: Detection of widespread weak keys in network devices","year":"2012","author":"heninger","key":"ref35"},{"key":"ref34","article-title":"High-resolution side channels for untrusted operating systems","author":"h\u00e4hnel","year":"2017","journal-title":"USENIX ATC"},{"article-title":"Cache template attacks: Automating attacks on inclusive last-level caches","year":"2015","author":"gruss","key":"ref28"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53140-2_16"},{"key":"ref29","article-title":"Flush+Flush: A fast and stealthy cache attack","author":"gruss","year":"2016","journal-title":"DIMVA"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243756"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516653"},{"article-title":"Prime+Abort: A timer-free high-precision L3 cache attack using Intel TSX","year":"2017","author":"disselkoen","key":"ref21"},{"article-title":"Twitter thread on OpenSSL","year":"0","author":"green","key":"ref24"},{"journal-title":"GnuPG","year":"2019","key":"ref23"},{"article-title":"Wonk post: Chosen ciphertext security in publickey encryption (part 2)","year":"2018","author":"green","key":"ref26"},{"article-title":"The strange story of “extended random","year":"2017","author":"green","key":"ref25"},{"article-title":"Inferring fine-grained control flow inside SGX enclaves with branch shadowing","year":"2016","author":"lee","key":"ref50"},{"article-title":"Redhat bug 1150286 - rdrand instruction fails after resume on AMD CPU","year":"2019","author":"leung","key":"ref51"},{"year":"2019","key":"ref59","article-title":"Announcing issuance of federal information processing standard (FIPS) 140-3, security requirements for cryptographic modules"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74462-7_11"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/2381913.2381917"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8017"},{"key":"ref55","article-title":"CacheZoom: How SGX amplifies the power of cache attacks","author":"moghimi","year":"2017","journal-title":"CHES"},{"article-title":"PSS: Provably secure encoding method for digital signatures","year":"1998","author":"mihir bellare","key":"ref54"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36095-4_9"},{"article-title":"Meltdown: Reading kernel memory from user space","year":"2018","author":"lipp","key":"ref52"},{"year":"2019","author":"jungheim","key":"ref40"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44709-3_5"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1093\/oseo\/instance.00080850"},{"article-title":"Fast-key-erasure random-number generators","year":"2017","author":"bernstein","key":"ref6"},{"article-title":"Cache-timing attacks on AES","year":"2005","author":"bernstein","key":"ref5"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-5906-5_619"},{"key":"ref49","article-title":"RAMBleed: Reading bits in memory without accessing them","author":"kwong","year":"2020","journal-title":"IEEE SP"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0052259"},{"key":"ref9","article-title":"Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1","author":"bleichenbacher","year":"1998","journal-title":"Crypto"},{"article-title":"Some SecureRandom thoughts","year":"2013","author":"klyubin","key":"ref46"},{"key":"ref45","doi-asserted-by":"crossref","DOI":"10.1145\/2678373.2665726","article-title":"Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors","author":"kim","year":"2014","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"ref48","article-title":"From random block corruption to privilege escalation: A filesystem attack vector for Rowhammer-like attacks","author":"kurmus","year":"2017","journal-title":"WOOT"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"ref42","article-title":"Analysis of underlying assumptions in NIST DRBGs","author":"kan","year":"2007","journal-title":"IACR ePrint archive 2007\/345"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2313"},{"article-title":"FIPS PUB 186-4: Digital signature standard (DSS)","year":"2013","author":"kerry","key":"ref44"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/2724718"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-27257-8_5"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8446"},{"year":"2019","key":"ref71","article-title":"OpenSSL security assessment"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6979"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53887-6_16"},{"key":"ref77","article-title":"On the possibility of a back door in the NIST SP800-90 dual EC PRNG","author":"shumow","year":"2007","journal-title":"Crypto"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2018.1331033"},{"key":"ref75","article-title":"SoK: Security models for pseudo-random number generators","author":"ruhault","year":"2017","journal-title":"FSE"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40026-1_13"},{"year":"2003","key":"ref79","article-title":"OpenSSL: The open source toolkit for SSL\/TLS"},{"year":"2018","key":"ref60","article-title":"SSL\/TLS Client"},{"year":"2013","key":"ref62","article-title":"User guide for the OpenSSL FIPS object module v2.0"},{"year":"2016","key":"ref61","article-title":"OpenSSL software failure for RSA 16K modulus"},{"year":"2015","key":"ref63","article-title":"[openssl.org #4063] re: Client hello longer than 214 bytes are rejected"},{"key":"ref64","article-title":"Cache attacks and counter-measures: The case of AES","author":"osvik","year":"2006","journal-title":"CT-RSA"},{"key":"ref65","article-title":"Cache missing for fun and profit","author":"percival","year":"2005","journal-title":"BSDCan"},{"article-title":"Constant-time callees with variable-time callers","year":"2017","author":"pereida garc\u00eda","key":"ref66"},{"article-title":"Government announces steps to restore confidence on encryption standards","year":"2013","author":"perlroth","key":"ref67"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134023"},{"article-title":"Audit of OpenSSL’s randomness generation","year":"2018","author":"aumasson","key":"ref2"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24586-2_13"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991084"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644896"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133974"},{"article-title":"Flush+Reload: A high resolution, low noise, L3 cache side-channel attack","year":"2014","author":"yarom","key":"ref93"},{"key":"ref92","article-title":"Recovering OpenSSL ECDSA nonces using the Flush+Reload cache side-channel attack","author":"yarom","year":"2014","journal-title":"IACR ePrint Archive"},{"article-title":"Cache telepathy: Leveraging shared resource attacks to learn DNN architectures","year":"2018","author":"yan","key":"ref91"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660356"},{"article-title":"mbedtls-SGX","year":"2018","author":"zhang","key":"ref96"},{"key":"ref97","article-title":"TruSpy: Cache side-channel information leakage from the secure world on ARM devices","author":"zhang","year":"2016","journal-title":"IACR ePrint Archive"},{"key":"ref10","article-title":"Robust final-round cache-trace attacks against AES","author":"bonneau","year":"2006","journal-title":"IACR ePrint archive 2006\/374"},{"key":"ref11","article-title":"Software grand exposure: SGX cache attacks are practical","author":"brasser","year":"2017","journal-title":"WOOT"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-32101-7_1"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.3390\/app9050944"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2017.61"},{"key":"ref15","article-title":"Security bounds for the NIST codebook-based deterministic random bit generator","author":"campagna","year":"2006","journal-title":"IACR ePrint archive 2006\/379"},{"article-title":"A systematic evaluation of transient execution attacks and defenses","year":"2019","author":"canella","key":"ref16"},{"article-title":"Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution","year":"2018","author":"van bulck","key":"ref82"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363219"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/3152701.3152706"},{"article-title":"On the practical exploitability of dual EC in TLS implementations","year":"2014","author":"checkoway","key":"ref18"},{"key":"ref84","article-title":"Dragonblood: A security analysis of WPA3’s SAE handshake","author":"vanhoef","year":"2020","journal-title":"IEEE SP"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978395"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00087"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-009-9049-y"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134016"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134038"},{"article-title":"Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution","year":"2018","author":"weisse","key":"ref86"},{"key":"ref87","article-title":"An analysis of the NIST SP 800-90A standard","author":"woodage","year":"2019","journal-title":"Eurocrypt"},{"year":"2019","key":"ref88","article-title":"Systemd issue #11810 - can’t suspend again after suspending one time"}],"event":{"name":"2020 IEEE Symposium on Security and Privacy (SP)","start":{"date-parts":[[2020,5,18]]},"location":"San Francisco, CA, USA","end":{"date-parts":[[2020,5,21]]}},"container-title":["2020 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9144328\/9152199\/09152663.pdf?arnumber=9152663","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,30]],"date-time":"2022-06-30T11:17:00Z","timestamp":1656587820000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9152663\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,5]]},"references-count":98,"URL":"https:\/\/doi.org\/10.1109\/sp40000.2020.00046","relation":{},"subject":[],"published":{"date-parts":[[2020,5]]}}}