Vigil@nce: Bouncy Castle JCE, timing attack
January 2010 by Vigil@nce
An attacker can measure the computation time of Bouncy Castle JCE,
in order to obtain potentially sensitive information.
– Severity: 1/4
– Consequences: data reading
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 14/01/2010
IMPACTED PRODUCTS
– Bouncy Castle Java Cryptography Extension
DESCRIPTION OF THE VULNERABILITY
The Bouncy Castle JCE library implements several modes for its
encryption algorithms:
– CCM : Counter with CBC-MAC
– GCM : Galois Counter Mode
– etc.
However, the computation time for CCM and GCM mode depends on data
to compute.
An attacker can therefore measure the computation time of Bouncy
Castle JCE, in order to obtain potentially sensitive information.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-9349
– Url: http://vigilance.fr/vulnerability/Bouncy-Castle-JCE-timing-attack-9349