RASSLE: Return Address Stack based Side-channel LEakage

Anirban Chakraborty,Manaar Alam,Debdeep Mukhopadhyay,Sikhar Patranabis,Sarani Bhattacharya

doi:10.46586/tches.v2021.i2.275-303

Abstract

Microarchitectural attacks on computing systems often stem from simple artefacts in the underlying architecture. In this paper, we focus on the Return Address Stack (RAS), a small hardware stack present in modern processors to reduce the branch miss penalty by storing the return addresses of each function call. The RAS is useful to handle specifically the branch predictions for the RET instructions which are not accurately predicted by the typical branch prediction units. In particular, we envisage a spy process who crafts an overflow condition in the RAS by filling it with arbitrary return addresses, and wrestles with a concurrent process to establish a timing side channel between them. We call this attack principle, RASSLE 1 (Return Address Stack based Side-channel Leakage), which an adversary can launch on modern processors by first reverse engineering the RAS using a generic methodology exploiting the established timing channel. Subsequently, we show three concrete attack scenarios: i) How a spy can establish a covert channel with another co-residing process? ii) How RASSLE can be utilized to determine the secret key of the P-384 curves in OpenSSL (v1.1.1 library)? iii) How an Elliptic Curve Digital Signature Algorithm (ECDSA) secret key on P-256 curve of OpenSSL can be revealed using Lattice Attack on partially leaked nonces with the aid of RASSLE? In this attack, we show that the OpenSSL implementation of scalar multiplication on this curve has varying number of add-and-sub function calls, which depends on the secret scalar bits. We demonstrate through several experiments that the number of add-and-sub function calls can be used to template the secret bit, which can be picked up by the spy using the principles of RASSLE. Finally, we demonstrate a full end-to-end attack on OpenSSL ECDSA using curve parameters of curve P-256. In this part of our experiments with RASSLE, we abuse the deadline scheduler policy to attain perfect synchronization between the spy and victim, without any aid of induced synchronization from the victim code. This synchronization and timing leakage through RASSLE is sufficient to retrieve the Most Significant Bits (MSB) of the ephemeral nonces used while signature generation, from which we subsequently retrieve the secret signing key of the sender applying the Hidden Number Problem. 1RASSLE is a non-standard spelling for wrestle.

Highlights

The evolution of computer architecture has taken place through several inventions of sophisticated and ingenious techniques, like out-of-order execution, caching mechanism, Licensed under Creative Commons License CC-BY 4.0.Received: 2020-10-15Accepted: 2020-12-15Published: 2021-02-23branch-prediction, speculative execution, and a host of other optimizations to maximize throughput and enhance performance
We show an exploit in the Elliptic Curve Cryptography (ECC) scalar multiplication of P-384 in OpenSSL, wherein the number of function calls is dependent on secret key bits
We validate the results obtained by timing information using information from Hardware Performance Counters (HPCs)

Summary

Introduction

The evolution of computer architecture has taken place through several inventions of sophisticated and ingenious techniques, like out-of-order execution, caching mechanism, Licensed under Creative Commons License CC-BY 4.0.Received: 2020-10-15Accepted: 2020-12-15Published: 2021-02-23branch-prediction, speculative execution, and a host of other optimizations to maximize throughput and enhance performance. As the foremost criteria of these architectural optimizations have been performance, they need a closer investigation from the security point of view. With the growing impetus for security in applications where modern computing finds usages, a multitude of microarchitectural attacks have been unearthed by security researchers that exploit information leakage due to the functioning of these artifacts. These attacks have been shown to threaten the secret keys of cryptographic algorithms when run on these platforms, a risk that puts to threat several critical operations where these machines are expected to operate

Objectives

Results

Conclusion