{"id":"https://openalex.org/W2907549405","doi":"https://doi.org/10.1109/sp.2019.00062","title":"The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations","display_name":"The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations","publication_year":2019,"publication_date":"2019-05-01","ids":{"openalex":"https://openalex.org/W2907549405","doi":"https://doi.org/10.1109/sp.2019.00062","mag":"2907549405"},"language":"en","primary_location":{"id":"doi:10.1109/sp.2019.00062","is_oa":true,"landing_page_url":"https://doi.org/10.1109/sp.2019.00062","pdf_url":"https://ieeexplore.ieee.org/ielx7/8826229/8835208/08835216.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/8826229/8835208/08835216.pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5000713291","display_name":"Eyal Ronen","orcid":"https://orcid.org/0000-0002-6013-7426"},"institutions":[{"id":"https://openalex.org/I16391192","display_name":"Tel Aviv University","ror":"https://ror.org/04mhzgx49","country_code":"IL","type":"education","lineage":["https://openalex.org/I16391192"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"Eyal Ronen","raw_affiliation_strings":["Tel Aviv University"],"affiliations":[{"raw_affiliation_string":"Tel Aviv University","institution_ids":["https://openalex.org/I16391192"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011923518","display_name":"Robert Gillham","orcid":null},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Robert Gillham","raw_affiliation_strings":["University of Adelaide"],"affiliations":[{"raw_affiliation_string":"University of Adelaide","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029386182","display_name":"Daniel Genkin","orcid":"https://orcid.org/0000-0003-2720-9288"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan\u2013Ann Arbor","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daniel Genkin","raw_affiliation_strings":["University of Michigan"],"affiliations":[{"raw_affiliation_string":"University of Michigan","institution_ids":["https://openalex.org/I27837315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009126679","display_name":"Adi Shamir","orcid":"https://orcid.org/0000-0002-5422-905X"},"institutions":[{"id":"https://openalex.org/I53964585","display_name":"Weizmann Institute of Science","ror":"https://ror.org/0316ej306","country_code":"IL","type":"education","lineage":["https://openalex.org/I53964585"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Adi Shamir","raw_affiliation_strings":["Weizmann Institute"],"affiliations":[{"raw_affiliation_string":"Weizmann Institute","institution_ids":["https://openalex.org/I53964585"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112446061","display_name":"David Wong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"David Wong","raw_affiliation_strings":["NCC Group"],"affiliations":[{"raw_affiliation_string":"NCC Group","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056484605","display_name":"Yuval Yarom","orcid":"https://orcid.org/0000-0003-0401-4197"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Yuval Yarom","raw_affiliation_strings":["University of Adelaide"],"affiliations":[{"raw_affiliation_string":"University of Adelaide","institution_ids":["https://openalex.org/I5681781"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5000713291"],"corresponding_institution_ids":["https://openalex.org/I16391192"],"apc_list":null,"apc_paid":null,"fwci":3.9204,"has_fulltext":true,"cited_by_count":45,"citation_normalized_percentile":{"value":0.94861863,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"435","last_page":"452"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8463925123214722},{"id":"https://openalex.org/keywords/padding","display_name":"Padding","score":0.7978172302246094},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.6035546660423279},{"id":"https://openalex.org/keywords/downgrade","display_name":"Downgrade","score":0.5018362998962402},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4881654381752014},{"id":"https://openalex.org/keywords/ciphertext","display_name":"Ciphertext","score":0.48134931921958923},{"id":"https://openalex.org/keywords/plaintext","display_name":"Plaintext","score":0.44374001026153564},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4140802323818207},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.41111159324645996},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.34997761249542236},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.30230098962783813}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8463925123214722},{"id":"https://openalex.org/C165435473","wikidata":"https://www.wikidata.org/wiki/Q1509884","display_name":"Padding","level":2,"score":0.7978172302246094},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.6035546660423279},{"id":"https://openalex.org/C2779628075","wikidata":"https://www.wikidata.org/wiki/Q1253258","display_name":"Downgrade","level":2,"score":0.5018362998962402},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4881654381752014},{"id":"https://openalex.org/C93974786","wikidata":"https://www.wikidata.org/wiki/Q1589480","display_name":"Ciphertext","level":3,"score":0.48134931921958923},{"id":"https://openalex.org/C92717368","wikidata":"https://www.wikidata.org/wiki/Q1162538","display_name":"Plaintext","level":3,"score":0.44374001026153564},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4140802323818207},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.41111159324645996},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.34997761249542236},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.30230098962783813},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp.2019.00062","is_oa":true,"landing_page_url":"https://doi.org/10.1109/sp.2019.00062","pdf_url":"https://ieeexplore.ieee.org/ielx7/8826229/8835208/08835216.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1109/sp.2019.00062","is_oa":true,"landing_page_url":"https://doi.org/10.1109/sp.2019.00062","pdf_url":"https://ieeexplore.ieee.org/ielx7/8826229/8835208/08835216.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320307102","display_name":"Intel Corporation","ror":"https://ror.org/01ek73717"},{"id":"https://openalex.org/F4320320869","display_name":"Robert Bosch Stiftung","ror":"https://ror.org/012kqkf58"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2907549405.pdf","grobid_xml":"https://content.openalex.org/works/W2907549405.grobid-xml"},"referenced_works_count":88,"referenced_works":["https://openalex.org/W50107694","https://openalex.org/W185864230","https://openalex.org/W1427174644","https://openalex.org/W1467126665","https://openalex.org/W1488058190","https://openalex.org/W1499791368","https://openalex.org/W1503814339","https://openalex.org/W1511943692","https://openalex.org/W1519351129","https://openalex.org/W1520399166","https://openalex.org/W1555558540","https://openalex.org/W1580599221","https://openalex.org/W1673604584","https://openalex.org/W1733713784","https://openalex.org/W1809974132","https://openalex.org/W1934458198","https://openalex.org/W1964389195","https://openalex.org/W1977886630","https://openalex.org/W1996360405","https://openalex.org/W2001759130","https://openalex.org/W2042923641","https://openalex.org/W2058546698","https://openalex.org/W2061354941","https://openalex.org/W2085179296","https://openalex.org/W2119028650","https://openalex.org/W2126132644","https://openalex.org/W2141040012","https://openalex.org/W2146573211","https://openalex.org/W2159520802","https://openalex.org/W2163005041","https://openalex.org/W2166093784","https://openalex.org/W2266218113","https://openalex.org/W2299561166","https://openalex.org/W2337480911","https://openalex.org/W2484027757","https://openalex.org/W2502815150","https://openalex.org/W2532945044","https://openalex.org/W2533043266","https://openalex.org/W2536548552","https://openalex.org/W2550858797","https://openalex.org/W2559892799","https://openalex.org/W2562036180","https://openalex.org/W2564856904","https://openalex.org/W2593994116","https://openalex.org/W2604789199","https://openalex.org/W2735733036","https://openalex.org/W2751989915","https://openalex.org/W2765820137","https://openalex.org/W2769061097","https://openalex.org/W2791034507","https://openalex.org/W2795231660","https://openalex.org/W2887705474","https://openalex.org/W2888928781","https://openalex.org/W2890914193","https://openalex.org/W2891365211","https://openalex.org/W2891653310","https://openalex.org/W2916447643","https://openalex.org/W2950168363","https://openalex.org/W2963311060","https://openalex.org/W2963788615","https://openalex.org/W3049152512","https://openalex.org/W3101072679","https://openalex.org/W3150881812","https://openalex.org/W4210531213","https://openalex.org/W4232836212","https://openalex.org/W4242926647","https://openalex.org/W6602012643","https://openalex.org/W6628261430","https://openalex.org/W6628656099","https://openalex.org/W6629297748","https://openalex.org/W6630983443","https://openalex.org/W6633448724","https://openalex.org/W6634822291","https://openalex.org/W6637027414","https://openalex.org/W6638489149","https://openalex.org/W6678580460","https://openalex.org/W6683828722","https://openalex.org/W6703549403","https://openalex.org/W6722264988","https://openalex.org/W6725024107","https://openalex.org/W6729667700","https://openalex.org/W6734345789","https://openalex.org/W6736329903","https://openalex.org/W6743325655","https://openalex.org/W6747544890","https://openalex.org/W6749329287","https://openalex.org/W6753937820","https://openalex.org/W6766106223"],"related_works":["https://openalex.org/W2997530193","https://openalex.org/W2942137924","https://openalex.org/W4236344152","https://openalex.org/W4310649982","https://openalex.org/W1589129854","https://openalex.org/W2802117553","https://openalex.org/W2939324531","https://openalex.org/W2011667854","https://openalex.org/W4294104609","https://openalex.org/W2571528214"],"abstract_inverted_index":{"At":[0],"CRYPTO'98,":[1],"Bleichenbacher":[2],"published":[3],"his":[4],"seminal":[5],"paper":[6],"which":[7,45,171,233,249],"described":[8],"a":[9,33,119,127,131,198,230,253],"padding":[10,204],"oracle":[11,150],"attack":[12,74,121,189,232],"against":[13,122],"RSA":[14,242,285],"implementations":[15,65,87,102],"that":[16,90,214],"follow":[17],"the":[18,24,51,98,109,135,147,154,167,188,216,227,237,241,245],"PKCS":[19],"#1":[20],"v1.5":[21],"standard.":[22],"Over":[23],"last":[25],"twenty":[26],"years":[27],"researchers":[28],"and":[29,40,278],"implementors":[30],"had":[31],"spent":[32],"huge":[34],"amount":[35],"of":[36,54,73,84,88,100,111,149,169,183,211,229,240,268,273],"effort":[37],"in":[38,61,134,261],"developing":[39],"deploying":[41],"numerous":[42],"mitigation":[43],"techniques":[44],"were":[46,94],"supposed":[47],"to":[48,69,96,117,126,145,180,191,201,251],"plug":[49],"all":[50,164,236],"possible":[52],"sources":[53],"Bleichenbacher-like":[55,203],"leakages.":[56],"However,":[57],"as":[58],"we":[59,91,93,141,196,224],"show":[60],"this":[62,177,222],"paper,":[63],"most":[64],"are":[66],"still":[67],"vulnerable":[68,128],"several":[70],"novel":[71],"types":[72],"based":[75],"on":[76,284],"leakage":[77],"from":[78,256],"various":[79],"microarchitectural":[80],"side":[81,281],"channels:":[82],"Out":[83],"nine":[85],"popular":[86],"TLS":[89,124,212,259],"tested,":[92],"able":[95],"break":[97],"security":[99],"seven":[101],"with":[103,166],"practical":[104],"proof-of-concept":[105],"attacks.":[106],"We":[107],"demonstrate":[108,226],"feasibility":[110,228],"using":[112,130],"those":[113],"Cache-like":[114],"ATacks":[115],"(CATs)":[116],"perform":[118,146],"downgrade":[120,231],"any":[123,208],"connection":[125],"server,":[129],"BEAST-like":[132],"Man":[133],"Browser":[136],"attack.":[137],"The":[138],"main":[139],"difficulty":[140],"face":[142],"is":[143,159],"how":[144],"thousands":[148],"queries":[151],"required":[152],"before":[153],"browser's":[155],"imposed":[156],"timeout":[157],"(which":[158],"30":[160,263],"seconds":[161],"for":[162],"almost":[163],"browsers,":[165],"exception":[168],"Firefox":[170],"can":[172,225,271],"be":[173,192,272],"tricked":[174],"into":[175],"extending":[176],"period).":[178],"Due":[179],"its":[181],"use":[182],"adaptive":[184],"chosen":[185],"ciphertext":[186],"queries,":[187],"seems":[190],"inherently":[193],"sequential,":[194],"but":[195],"describe":[197],"new":[199],"way":[200],"parallelize":[202],"attacks":[205,270,283],"by":[206],"exploiting":[207],"available":[209,258],"number":[210],"servers":[213,260],"share":[215],"same":[217],"public":[218],"key":[219],"certificate.":[220],"With":[221],"improvement,":[223],"could":[234],"recover":[235],"2048":[238],"bits":[239],"plaintext":[243],"(including":[244],"premaster":[246],"secret":[247],"value,":[248],"suffices":[250],"establish":[252],"secure":[254],"connection)":[255],"five":[257],"under":[262],"seconds.":[264],"This":[265],"sequential-to-parallel":[266],"transformation":[267],"such":[269],"independent":[274],"interest,":[275],"speeding":[276],"up":[277],"facilitating":[279],"other":[280],"channel":[282],"implementations.":[286]},"counts_by_year":[{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":10},{"year":2020,"cited_by_count":10},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}