322 research outputs found
Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software
Trusted execution environments (TEEs) provide an environment for running
workloads in the cloud without having to trust cloud service providers, by
offering additional hardware-assisted security guarantees. However, main memory
encryption as a key mechanism to protect against system-level attackers trying
to read the TEE's content and physical, off-chip attackers, is insufficient.
The recent Cipherleaks attacks infer secret data from TEE-protected
implementations by analyzing ciphertext patterns exhibited due to deterministic
memory encryption. The underlying vulnerability, dubbed the ciphertext
side-channel, is neither protected by state-of-the-art countermeasures like
constant-time code nor by hardware fixes.
Thus, in this paper, we present a software-based, drop-in solution that can
harden existing binaries such that they can be safely executed under TEEs
vulnerable to ciphertext side-channels, without requiring recompilation. We
combine taint tracking with both static and dynamic binary instrumentation to
find sensitive memory locations, and mitigate the leakage by masking secret
data before it gets written to memory. This way, although the memory encryption
remains deterministic, we destroy any secret-dependent patterns in encrypted
memory. We show that our proof-of-concept implementation protects various
constant-time implementations against ciphertext side-channels with reasonable
overhead.Comment: Jan Wichelmann and Anna P\"atschke contributed equally to this wor
Strength in Numbers: Threshold ECDSA to Protect Keys in the Cloud
Side-channel attacks utilize information leakage in the implementation of an otherwise secure cryptographic algorithm to extract secret information. For example, adversaries can extract the secret key used in a cryptographic algorithm by observing cache-timing data. Threshold cryptography enables the division of private keys into shares, distributed among several nodes; the knowledge of a subset of shares does not leak information about the private key, thereby defending against memory disclosure and side-channel attacks. This work shows that applying threshold cryptography to ECDSA—the elliptic curve variant of DSA—yields a fully distributive signature protocol that does not feature a single point of failure. Our security analysis shows that Threshold ECDSA protects against a wide range of side-channel attacks, including cache attacks, and counteracts memory disclosure attacks. We further provide the first performance analysis of Threshold ECDSA, and provide a proof of concept of the protocol in practice
Implementation Attacks on Post-Quantum Cryptographic Schemes
Post-quantum cryptographic schemes have been developed in the last decade in response to the rise of quantum computers. Fortunately, several schemes have been developed with quantum resistance. However, there is very little effort in evaluating and comparing these schemes in the embedded settings. Low cost embedded devices represents a highly-constraint environment that challenges all post-quantum cryptographic schemes. Moreover, there are even fewer efforts in evaluating the security of these schemes against implementation attacks including side-channel and fault attacks. It is commonly accepted that, any embedded cryptographic module that is built without a sound countermeasure, can be easily broken. Therefore, we investigate the question: Are we ready to implement post-quantum cryptographic schemes on embedded systems? We present an exhaustive survey of research efforts in designing embedded modules of post-quantum cryptographic schemes and the efforts in securing these modules against implementation attacks. Unfortunately, the study shows that: we are not ready yet to implement any post-quantum cryptographic scheme in practical embedded systems. There is still a considerable amount of research that needs to be conducted before reaching a satisfactory level of security
- …