19 research outputs found
Fault Attack revealing Secret Keys of Exponentiation Algorithms from Branch Prediction Misses
Performance monitors are provided in modern day computers for observing various features of the underlying microarchitectures. However the combination of underlying micro-architectural features and performance counters lead to side-channels which can be exploited for attacking cipher implementations. In this paper, to the best of our knowledge we study for the first time, the combination of branch-predictor algorithms and performance counters to demonstrate a fault attack on the popular square-and-multiply based exponentiation algorithm, used in the RSA. The attacks exploiting branching event like branch taken can be foiled by Montgomery Ladder based implementation of the exponentiation algorithm, while attacks based on branch miss are more devastating. We demonstrate the power of the attack exploiting branch misses from performance monitors by formalizing a fault attack model, where the adversary is capable of performing a bit flip at a desired bit position of the secret exponent. The paper characterizes the branch predictors using the popular two-bit predictor and formulates the dependence on the number of branch misses on the fault induced. This characterization is exploited to develop an iterative attack algorithm where knowledge of the previously determined key-bits and the difference of branch misses (as gathered from the performance counters) are utilised to determine the next bit. The attack has been validated on several standard Intel platforms, and puts to threat several implementations of exponentiation algorithms ranging from standard square-and-multiply, Montgomery Ladder to RSA-CRT and which are often used as side-channel counter measures. The attacks show that using the fault attack model featuring branch predictors one can attack implementations of exponentiation: both square and multiply, and Montgomery ladder, which forms the central algorithm for several standard public key ciphers
Who watches the watchmen? : Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms
Asymmetric-key cryptographic algorithms when implemented
on systems with branch predictors, are subjected
to side-channel attacks
exploiting the deterministic branch
predictor behavior due to their key-dependent input sequences. We show that branch predictors can also
leak information through the hardware
performance monitors which are
accessible by an adversary at the
user-privilege level. This paper presents
an iterative attack which target the
key-bits of 1024 bit RSA, where in
offline phase, the system’s underlying
branch predictor is approximated
by a theoretical predictor in literature.
Subsimulations are performed
to classify the message-space into
distinct partitions based on the event
branch misprediction and the target key
bit value. In online phase, we ascertain
the secret key bit using branch mispredictions
obtained from the hardware performance
monitors which reflect the information of branch
miss due to the underlying predictor hardware.
We theoretically prove that the probability
of success of the attack is equivalent to the accurate
modelling of the theoretical predictor to the underlying system predictor. Experimentations reveal that the
success-rate increases with message-count and reaches such a significant value so as to consider side-channel
from the performance counters as a real threat
to RSA-like ciphers due
to the underlying branch predictors and
needs to be considered for developing secured-systems
Curious case of Rowhammer: Flipping Secret Exponent Bits using Timing Analysis
Rowhammer attacks have exposed a serious vulnerability in modern DRAM chips to induce bit flips in data which is stored in memory. In this paper, we develop a methodology to combine timing analysis to perform the hammering in a controlled manner to create bit flips in cryptographic keys which are stored in memory. The attack would require only user level privilege for Linux kernel versions before 4.0 and is unaware of the memory location of the key. An intelligent combination of timing Prime + Probe attack and row-buffer collision is shown to induce bit flip faults in a 1024 bit RSA key on modern processors using realistic number of hammering attempts. This demonstrates the feasibility of fault analysis of ciphers using purely software means on commercial x86 architectures, which to the best of our knowledge has not been reported earlier. The attack is also relevant for the newest Linux kernel in a Cross-VM environment where the VMs having root privilege are not denied to access the pagemap
A practical key-recovery attack on LWE-based key-encapsulation mechanism schemes using Rowhammer
Physical attacks are serious threats to cryptosystems deployed in the real
world. In this work, we propose a microarchitectural end-to-end attack
methodology on generic lattice-based post-quantum key encapsulation mechanisms
to recover the long-term secret key. Our attack targets a critical component of
a Fujisaki-Okamoto transform that is used in the construction of almost all
lattice-based key encapsulation mechanisms. We demonstrate our attack model on
practical schemes such as Kyber and Saber by using Rowhammer. We show that our
attack is highly practical and imposes little preconditions on the attacker to
succeed. As an additional contribution, we propose an improved version of the
plaintext checking oracle, which is used by almost all physical attack
strategies on lattice-based key-encapsulation mechanisms. Our improvement
reduces the number of queries to the plaintext checking oracle by as much as
for Saber and approximately for Kyber768. This can be of
independent interest and can also be used to reduce the complexity of other
attacks
Performance Counters to Rescue: A Machine Learning based safeguard against Micro-architectural Side-Channel-Attacks
Micro-architectural side-channel-attacks are presently daunting threats to most mathematically elegant encryption algorithms. Even though there exist various defense mechanisms, most of them come with the extra overhead of implementation. Recent studies have prevented some particular categories of these attacks but fail to address the detection of other classes. This paper presents a generic machine learning based multi-layer detection approach targeting these micro-architectural side-channel-attacks, without concentrating on a single category. The proposed approach work by proling low-level hardware events using Linux perf event API and then by analyzing these data with some appropriate machine learning techniques. This paper also presents a novel approach, using time-series data, to correlate the execution trace of the adversary with the secret key of encryption for dealing with false-positives and unknown attacks. The experimental results and performance of the proposed approach suggest its superiority with high detection accuracy and low performance overhead
On the Evaluation of User Privacy in Deep Neural Networks using Timing Side Channel
Recent Deep Learning (DL) advancements in solving complex real-world tasks
have led to its widespread adoption in practical applications. However, this
opportunity comes with significant underlying risks, as many of these models
rely on privacy-sensitive data for training in a variety of applications,
making them an overly-exposed threat surface for privacy violations.
Furthermore, the widespread use of cloud-based Machine-Learning-as-a-Service
(MLaaS) for its robust infrastructure support has broadened the threat surface
to include a variety of remote side-channel attacks. In this paper, we first
identify and report a novel data-dependent timing side-channel leakage (termed
Class Leakage) in DL implementations originating from non-constant time
branching operation in a widely used DL framework PyTorch. We further
demonstrate a practical inference-time attack where an adversary with user
privilege and hard-label black-box access to an MLaaS can exploit Class Leakage
to compromise the privacy of MLaaS users. DL models are vulnerable to
Membership Inference Attack (MIA), where an adversary's objective is to deduce
whether any particular data has been used while training the model. In this
paper, as a separate case study, we demonstrate that a DL model secured with
differential privacy (a popular countermeasure against MIA) is still vulnerable
to MIA against an adversary exploiting Class Leakage. We develop an
easy-to-implement countermeasure by making a constant-time branching operation
that alleviates the Class Leakage and also aids in mitigating MIA. We have
chosen two standard benchmarking image classification datasets, CIFAR-10 and
CIFAR-100 to train five state-of-the-art pre-trained DL models, over two
different computing environments having Intel Xeon and Intel i7 processors to
validate our approach.Comment: 15 pages, 20 figure
Rowhammer Induced Intermittent Fault Attack on ECC-hardened memory
Fault attack is a class of active implementation based attacks which introduces controlled perturbations in the normal operation of a system to produce faulty outcomes. In case of ciphers, these faulty outcomes can lead to leakage of secret information, such as the secret key. The effectiveness and practicality of fault attacks largely depend on the underlying fault model and the type of fault induced. In this paper, we analyse the drawbacks of persistent fault model in case of error correction code (ECC) enabled systems. We further propose a novel fault attack called Intermittent Fault Attack which is well suited for ECC-enabled DRAM modules. We demonstrate the practicality of our attack model by inducing single bit faults using pinpointed Rowhammer technique in S-Boxes of block ciphers in an ECC protected system