Abstract

Side channels have long been recognized as a threat to the security of cryptographic applications. Implementations can unintentionally leak secret information through many channels, such as microarchitectural state changes in processors, changes in power consumption, or electromagnetic radiation. As a result of these threats, many implementations have been hardened to defend against these attacks. Despite these mitigations, this work presents a novel side-channel attack against ECDSA and DSA. The attack targets a common implementation pattern that is found in many cryptographic libraries. In fact, about half of the libraries that were tested exhibited the vulnerable pattern. This pattern is exploited in a full proof of concept attack against OpenSSL, demonstrating that it is possible to extract a 256-bit ECDSA private key using a simple cache attack after observing only a few thousand signatures. The target of this attack is a previously unexplored part of (EC)DSA signature generation, which explains why mitigations are lacking and the issue is so widespread. Finally, estimates are provided for the minimum number of signatures needed to perform the attack, and countermeasures are suggested to protect against this attack.

Highlights

  • Cryptographic systems are incredibly important for the security of modern technology

  • In order to demonstrate the feasibility of the attack, a Flush+Reload attack was performed on a recent version of OpenSSL

  • The attack targets version 1.1.0g, which is shipped with Ubuntu 18.04, the current long term support (LTS) release, and the attack was performed on an Intel i7-6600u CPU

Read more

Summary

Introduction

Cryptographic systems are incredibly important for the security of modern technology. They are used to protect traffic on the internet [DR08, YL06] as well as banking information and government documents [NSS+17]. There are countless ways that information can leak from a privileged context to an unprivileged one, and these are known as side channels. The recent Spectre [KGG+18] and Meltdown [LSG+18] vulnerabilities could be used to leak sensitive information past privilege boundaries and do so by abusing speculative execution and out-of-order execution respectively. Side-channel attacks are not just limited to microarchitectural state either: electronic devices can leak information via electrical signals [GPP+16a] or even the acoustic emanations of vibrating electrical components [GST14]

Methods
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.