Denial-of-Service Attack

A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses. The network or server will not be able to find the return address of the attacker when sending the authentication approval, causing the server to wait before closing the connection. When the server closes the connection, the attacker sends more authentication messages with invalid return addresses. Hence, the process of authentication and server wait will begin again, keeping the network or server busy. This paper presents how DoS attacks are performed, the techniques used, the attack tools, the prevention of an attack and the some of the famous DoS attacks.

RASSLE: Return Address Stack based Side-channel LEakage

Microarchitectural attacks on computing systems often stem from simple artefacts in the underlying architecture. In this paper, we focus on the Return Address Stack (RAS), a small hardware stack present in modern processors to reduce the branch miss penalty by storing the return addresses of each function call. The RAS is useful to handle specifically the branch predictions for the RET instructions which are not accurately predicted by the typical branch prediction units. In particular, we envisage a spy process who crafts an overflow condition in the RAS by filling it with arbitrary return addresses, and wrestles with a concurrent process to establish a timing side channel between them. We call this attack principle, RASSLE 1 (Return Address Stack based Side-channel Leakage), which an adversary can launch on modern processors by first reverse engineering the RAS using a generic methodology exploiting the established timing channel. Subsequently, we show three concrete attack scenarios: i) How a spy can establish a covert channel with another co-residing process? ii) How RASSLE can be utilized to determine the secret key of the P-384 curves in OpenSSL (v1.1.1 library)? iii) How an Elliptic Curve Digital Signature Algorithm (ECDSA) secret key on P-256 curve of OpenSSL can be revealed using Lattice Attack on partially leaked nonces with the aid of RASSLE? In this attack, we show that the OpenSSL implementation of scalar multiplication on this curve has varying number of add-and-sub function calls, which depends on the secret scalar bits. We demonstrate through several experiments that the number of add-and-sub function calls can be used to template the secret bit, which can be picked up by the spy using the principles of RASSLE. Finally, we demonstrate a full end-to-end attack on OpenSSL ECDSA using curve parameters of curve P-256. In this part of our experiments with RASSLE, we abuse the deadline scheduler policy to attain perfect synchronization between the spy and victim, without any aid of induced synchronization from the victim code. This synchronization and timing leakage through RASSLE is sufficient to retrieve the Most Significant Bits (MSB) of the ephemeral nonces used while signature generation, from which we subsequently retrieve the secret signing key of the sender applying the Hidden Number Problem. 1RASSLE is a non-standard spelling for wrestle.

Turing’s Zeitgeist

This chapter reviews the history of Alan Turing’s design proposal for an Automatic Computing Engine (ACE) and how he came to write it in 1945, and takes a fresh look at the numerous formative ideas it included. All of these ideas resurfaced in the young computing industry over the following fifteen years. We cannot tell to what extent Turing’s unpublished foresights were passed on to other pioneers, or to what extent they were rediscovered independently as their time came. In any case, they all became part of the Zeitgeist of the computing industry. At some universities, such as ours in New Zealand, the main computer in 1975 was a Burroughs B6700, a ‘stack’ machine. In this kind of machine, data, including items such as the return address for a subroutine, are stored on top of one another so that the last one in becomes the first one out. In effect, each new item on the stack ‘buries’ the previous one. Apart from the old English Electric KDF9, and the recently introduced Digital Equipment Corporation PDP-11, stack machines were unusual. Where had this idea come from? It just seemed to be part of computing’s Zeitgeist, the intellectual climate of the discipline, and it remains so to this day. Computer history was largely American in the 1970s—the computer was called the von Neumann machine and everybody knew about the early American machines such as ENIAC and EDVAC. Early British computers were viewed as a footnote; the fact that the first stored program in history ran in Manchester was largely overlooked, which is probably why the word ‘program’ is usually spelt in the American way. There was a tendency to assume that all the main ideas in computing, such as the idea of a stack, had originated in the United States. At that time, Alan Turing was known as a theoretician and for his work on artificial intelligence. The world didn’t know that he was a cryptanalyst, didn’t know that he tinkered with electronics, didn’t know that he designed a computer, and didn’t know that he was gay. He was hardly mentioned in the history of practical computing.