Side-Channel Analysis and Cryptography Engineering : Getting OpenSSL Closer to Constant-Time

As side-channel attacks reached general purpose PCs and started to be more practical for attackers to exploit, OpenSSL adopted in 2005 a flagging mechanism to protect against SCA. The opt-in mechanism allows to flag secret values, such as keys, with the BN_FLG_CONSTTIME flag. Whenever a flag is checked and detected, the library changes its execution flow to SCA-secure functions that are slower but safer, protecting these secret values from being leaked. This mechanism favors performance over security, it is error-prone, and is obscure for most library developers, increasing the potential for side-channel vulnerabilities. This dissertation presents an extensive side-channel analysis of OpenSSL and criticizes its fragile flagging mechanism. This analysis reveals several flaws affecting the library resulting in multiple side-channel attacks, improved cache-timing attack techniques, and a new side channel vector. The first part of this dissertation introduces the main topic and the necessary related work, including the microarchitecture, the cache hierarchy, and attack techniques; then it presents a brief troubled history of side-channel attacks and defenses in OpenSSL, setting the stage for the related publications. This dissertation includes seven original publications contributing to the area of side-channel analysis, microarchitecture timing attacks, and applied cryptography. From an SCA perspective, the results identify several vulnerabilities and flaws enabling protocol-level attacks on RSA, DSA, and ECDSA, in addition to full SCA of the SM2 cryptosystem. With respect to microarchitecture timing attacks, the dissertation presents a new side-channel vector due to port contention in the CPU execution units. And finally, on the applied cryptography front, OpenSSL now enjoys a revamped code base securing several cryptosystems against SCA, favoring a secure-by-default protection against side-channel attacks, instead of the insecure opt-in flagging mechanism provided by the fragile BN_FLG_CONSTTIME flag

Methods for finding the sources of leakage in cache-timing attacks and removing the profiling phase

Cryptographic algorithms are widely used in daily life in order to ensure data confidentiality and privacy. These algorithms are extensively analyzed by scientists against a theoretical deficiency. However, these theoretically verified algorithms could still posses security risks if they are not cautiously implemented. Side-channel analysis can infer the secret key by using the information leakage due to implementation flaws. One of the most studied side-channel attack is the Bernstein’s cache-timing attack. This attack owes its reputation to its ability to succeed without a spy process, which is needed to create intentional cache contentions in other cache attacks. However, the exact leakage sources of the Bernstein’s attack remained uncertain to a large extent. Moreover, the need for an identical target system to perform its profiling phase makes the attack unrealistic for real world computing platforms. In this dissertation we address these two problems. Firstly, we propose a methodology to reveal the exact sources of the information leakage. The iv proposed methodology makes use of hardware performance counters to count the number of cache misses, to which the code blocks in the program are subject. Our methodology can help the developers analyze their implementations and fix their code in the early phases of the development. Secondly, we present an approach to extract simplified cache timing-behavior models analytically and propose to use these generated models instead of a profiling phase. The fact that the attack can be accomplished without a profiling phase will lead the attack to be considered a more realistic threat than the attack originally proposed by Bernstein. We believe that, this improved version of the attack will encourage the cryptographic system designers to take further precautions against the attack