Advances in side-channel cryptanalysis : microarchitectural attacks

Cryptographic devices leak timing and power consumption information that is easily measurable, radiation of various levels, and more. Such devices also have additional inputs, other than plaintext and keys, like voltage, which can be modified to force the device to produce certain faulty outputs that can be used to reveal the secret key. Side-channel cryptanalysis uses the information that leaks through one or more side channels of a cryptographic system to obtain secret information. The initial focus of side-channel research was on smart card security. There are two main reasons why smart cards were the first type of devices that was analyzed extensively from the side-channel point of view. Smart cards store secret values inside the card and they are especially designed to protect and process these secret values. Therefore, there is a serious financial gain involved in cracking smart cards, as well as, analyzing them and developing more secure smart card technologies. The recent promises from Trusted Computing community indicate the security assurance of storing such secret values in PC platforms, c.f. [99]. These promises have made the side-channel analysis of PC platforms as desirable as that of smart cards. The second reason of the high attention to side-channel analysis of smart cards is due to the ease of applying such attacks to them. The measurements of side-channel information on smart cards are almost “noiseless”, which makes such attacks very practical. On the other hand, there are many factors that affect such measurements on real commodity computer systems. These factors create noise, and therefore it is much more difficult to develop and perform successful attacks on such “real” computers within our daily life. Thus, until very recently the vulnerability of systems even running on servers was not “really” considered to be harmful by such side-channel attacks. This was changed with the work of Brumley and Boneh, c.f. [21], who demonstrated a remote timing attack over a local network. Because of the above reasons, we have seen an increased research effort on the security analysis of the daily life PC platforms from the side-channel point of view. Here, it has been especially shown that the functionality of the common components of processor architectures creates an indisputable security risk, c.f. [1, 2, 5, 14, 73, 80], which comes in different forms. In this thesis, we focus on side-channel cryptanalysis of cryptosystems on commodity computer platforms. Especially, we analyze two main CPU components, cache and branch prediction unit, from side-channel point of view. We show that the functionalities of these two components create very serious security risks in software systems, especially in software based cryptosystems

Deconstructing New Cache Designs For Thwarting Software Cachebased Side Channel Attacks

Software cache-based side channel attacks present a serious threat to computer systems. Previously proposed counter-measures were either too costly for practical use or only effective against particular attacks. Thus, a recent work identified cache interferences in general as the root cause and proposed two new cache designs, namely partition-locked cache (PLcache) and random permutation cache (RP-cache), to defeat cache-based side channel attacks by eliminating/obfuscating cache interferences. In this paper, we analyze these new cache designs and identify significant vul-nerabilities and shortcomings of those new cache designs. We also propose possible solutions and improvements over the original new cache designs to overcome the identified shortcomings. Copyright 2008 ACM

Hardware-software integrated approaches to defend against software cache-based side channel attacks

Software cache-based side channel attacks present serious threats to modern computer systems. Using caches as a side channel, these attacks are able to derive secret keys used in cryptographic operations through legitimate activities. Among existing countermeasures, software solutions are typically application specific and incur substantial performance overhead. Recent hardware proposals including the Partition-Locked cache (PLcache) and Random-Permutation cache (RPcache) [23], although very effective in reducing performance overhead while enhancing the security level, may still be vulnerable to advanced cache attacks. In this paper, we propose three hardware-software approaches to defend against software cache-based attacks - they present different tradeoffs between hardware complexity and performance overhead. First, we propose to use preloading to secure the PLcache. Second, we leverage informing loads, which is a lightweight architectural support originally proposed to improve memory performance, to protect the RPcache. Third, we propose novel software permutation to replace the random permutation hardware in the RPcache. This way, regular caches can be protected with hardware support for informing loads. In our experiments, we analyze various processor models for their vulnerability to cache attacks and demonstrate that even to the processor model that is most vulnerable to cache attacks, our proposed software-hardware integrated schemes provide strong security protection. © 2008 IEEE

Amplifying side channels through performance degradation

Interference between processes executing on shared hardware can be used to mount performance-degradation attacks. However, in most cases, such attacks offer little benefit for the adversary. In this paper, we demonstrate that software-based performancedegradation attacks can be used to amplify side-channel leaks, enabling the adversary to increase both the amount and the quality of information captured. We identify a new information leak in the OpenSSL implementation of the ECDSA digital signature algorithm, albeit seemingly unexploitable due to the limited granularity of previous trace procurement techniques. To overcome this imposing hurdle, we combine the information leak with a microarchitectural performancedegradation attack that can slow victims down by a factor of over 150. We demonstrate how this combination enables the amplification of a side-channel sufficiently to exploit this new information leak. Using the combined attack, an adversary can break a private key of the secp256k1 curve, used in the Bitcoin protocol, after observing only 6 signatures-a four-fold improvement over all previously described attacks.Thomas Allan, Billy Bob Brumley, Katrina Falkner, Joop van de Pol, Yuval Yaro