Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations

Size: px

Start display at page:

Download "Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations"

Scott Blake
5 years ago
Views:

ID: CRYP-T18 Session Classification: Advanced Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff,

1 Introduction Clavier et al s Paper This Paper Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations Aurélie Bauer Éliane Jaulmes Emmanuel Prouff Justine Wild ANSSI Session ID: CRYP-T18 Session Classification: Advanced Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 1 / 17

2 Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 2 / 17

3 Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 3 / 17

4 Introduction Clavier et al s Paper This Paper Side-Channel Analysis On RSA consumption time emanations exploited leak m = c d mod N Big Mac SPA DPA Horizontal CPA MIA Correlation Timing Attack Analysis Attacks Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 3 / 17

5 Introduction Clavier et al s Paper This Paper Side-Channel Analysis On RSA consumption time emanations exploited leak m = c d mod N Big Mac SPA DPA Horizontal CPA MIA Correlation Timing Attack Analysis Attacks Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 3 / 17

DPA CPA TA MIA Vertical Attacks Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff,

6 Introduction Clavier et al s Paper This Paper Side-Channel Analysis On RSA consumption time emanations exploited leak m = c d mod N Big Mac HCA Horizontal SPA DPA CPA TA MIA Vertical Attacks Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 3 / 17

7 Introduction Clavier et al s Paper This Paper A Unified Framework [This paper] Vertical Analysis Horizontal Analysis 1 st execution 2 nd period 1 st period N th period 2 nd execution N th execution several acquisitions traces treatment a single acquisition sub-traces treatment SPA, DPA, CPA, Big Mac, MIA, Template, Timing, HCA, Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 4 / 17

8 Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

9 Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 R 0 = 1 m, d 3 = 1, k = 0, i = 2 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

10 Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 R 0 = 1 m, d 3 = 1, k = 0, i = 2 R 0 = m m, d 2 = 0, k = 0, i = 1 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

11 Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 R 0 = 1 m, d 3 = 1, k = 0, i = 2 R 0 = m m, d 2 = 0, k = 0, i = 1 R 0 = m 2 m 2, d 1 = 1, k = 1, i = 1 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

12 Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 R 0 = 1 m, d 3 = 1, k = 0, i = 2 R 0 = m m, d 2 = 0, k = 0, i = 1 R 0 = m 2 m 2, d 1 = 1, k = 1, i = 1 R 0 = m 4 m, d i = 1 R R R d i = 0 d i = 1 d i+1 = 1 d i+1 = 0 R M R R Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

13 Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 6 / 17

Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Horizontal Side-Channel Analysis [Clavier et al, Horizontal Correlation Analysis on Exponentiation, (ICICS 2010)]

14 Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Horizontal Side-Channel Analysis [Clavier et al, Horizontal Correlation Analysis on Exponentiation, (ICICS 2010)] Square & Multiply Atomic Only multiplications: R R R or R R M (bit 1) 1 Multiplication Do we multiply by the message or not? Horizontal core idea: distinguish R R from R M with a single trace Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 6 / 17

15 Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Zoom on the Long Integer Multiplication R = (r t 1,,r 1,r 0 ) 2 ω X = (x t 1,,x 1,x 0 ) 2 ω Mult(R,X ) leak trace leak value time Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 7 / 17

16 Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Zoom on the Long Integer Multiplication R = (r t 1,,r 1,r 0 ) 2 ω X = (x t 1,,x 1,x 0 ) 2 ω Mult(R,X ) leak trace modeling leak value time Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 7 / 17

17 Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Zoom on the Long Integer Multiplication R = (r t 1,,r 1,r 0 ) 2 ω X = (x t 1,,x 1,x 0 ) 2 ω Mult(R,X ) leak trace modeling leak value time l(r 0 x 0 ) l(r 0 x 1 ) l(r 0 x t 1 ) l(r 1 x 0 ) l(r 1 x 1 ) l(r 1 x t 1 ) l(r t 1 x 0 ) l(r t 1 x 1 ) l(r t 1 x t 1 ) Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 7 / 17

18 Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Horizontal Correlation Analysis M known Hypothesis: X = M Simulation l(r 0 x 0 ) l(r 0 x 1 ) l(r 0 x t 1 ) l(r 1 x 0 ) l(r 1 x 1 ) l(r 1 x t 1 ) l(r t 1 x 0 ) l(r t 1 x 1 ) l(r t 1 x t 1 ) Observation { X = M bit = 1 X M bit = 0 HW (r 0 m 0 ) HW (r 0 m 1 ) HW (r 0 m t 1 ) HW (r 1 m 0 ) HW (r 1 m 1 ) HW (r 1 m t 1 ) HW (r t 1 m 0 ) HW (r t 1 m 1 ) HW (r t 1 m t 1 ) ρ( l(r i x j ), HW (r i m j ) ) Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 8 / 17

19 Introduction Clavier et al s Paper This Paper s against Horizontal Attacks Actual s Analysis Single curve Exposant/Message randomisation ineffective Clavier et al s countermeasures Blind the r i x j Replace r i x j by (r i a 1 )(x j a 2 ) Blind the x j, permute the r i Replace r i x j by r α[i] (x j a 2 ) l( r 0 x 0 ) l( r 0 x t 1 ) l( r 1 x 0 ) l( r 1 x t 1 ) l( r t 1 x 0 ) l( r t 1 x t 1 ) Permute the r i and the x j Replace r i x j by r α[i] x β[j] Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 9 / 17

20 Introduction Clavier et al s Paper This Paper s against Horizontal Attacks Actual s Analysis Single curve Exposant/Message randomisation ineffective Clavier et al s countermeasures Blind the r i x j Replace r i x j by (r i a 1 )(x j a 2 ) Blind the x j, permute the r i Replace r i x j by s α[i] (x j a 2 ) l(r α[0] x 0 ) l(r α[0] x t 1 ) l(r α[1] x 0 ) l(r α[1] x t 1 ) l(r α[t 1] x 0 ) l(r α[t 1] x t 1 ) Permute the r i and the x j Replace r i x j by r α[i] x β[j] Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 9 / 17

21 Introduction Clavier et al s Paper This Paper s against Horizontal Attacks Actual s Analysis Single curve Exposant/Message randomisation ineffective Clavier et al s countermeasures Blind the r i x j Replace r i x j by (r i a 1 )(x j a 2 ) Blind the x j, permute the r i Replace r i x j by s α[i] (x j a 2 ) l(r α[0] x β[0] ) l(r α[0] x β[t 1] ) l(r α[1] x β[0] ) l(r α[1] x β[t 1] ) l(r α[t 1] x β[0] ) l(r α[t 1] x β[t 1] ) Permute the r i and the x j Replace r i x j by r α[i] x β[j] Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 9 / 17

22 Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 10 / 17

23 Introduction Clavier et al s Paper This Paper Attacks on Clavier et al s Attacks on the Clavier et al s countermeasures Blind the r i x j (Replace r i x j by (r i a 1 )(x j a 2 )) R = (r i a 1 ) i Mult( R X ) X = (x j a 2 ) j r 0 x 0 r 0 x 1 r 0 x t 1 r 1 x 0 r 1 x 1 r 1 x t 1 r t 1 x 0 r t 1 x 1 r t 1 x t 1 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 10 / 17

24 Introduction Clavier et al s Paper This Paper Attacks on Clavier et al s Attacks on the Clavier et al s countermeasures Blind the r i x j (Replace r i x j by (r i a 1 )(x j a 2 )) R = (r i a 1 ) i Mult( R X ) X = (x j a 2 ) j r 0 x 0 r 0 x 1 r 0 x t 1 R R R r 1 x 0 r 1 x 1 r 1 x t 1 r t 1 x 0 r t 1 x 1 r t 1 x t 1 Correlation between the r i x j and the r i m j When t increases, R = R Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 10 / 17

25 Introduction Clavier et al s Paper This Paper Attacks on Clavier et al s Attacks on the Clavier et al s countermeasures Blind the x j and permute the r i r α[0] x 0 r α[0] x t 1 r α[1] x 0 r α[1] x t 1 r α[t 1] x 0 r α[t 1] x t 1 Permute the r i and the x j r α[0] x β[0] r α[0] x β[t 1] r α[1] x β[0] r α[1] x β[t 1] r α[t 1] x β[0] r α[t 1] x β[t 1] Weakness: α and β are independent Exhaustive research on β t! possibilities Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 11 / 17

26 Introduction Clavier et al s Paper This Paper New against Horizontal Attacks New Permute simultaneously the r i and the x j Use a t 2 -size permutation in order to randomize simultaneously the r i and the x j Leak modelisation: l(r 1 x 2 ) l(r 1 x 0 ) l(r 2 x 0 ) l(r 0 x 2 ) l(r 2 x 2 ) l(r 1 x 1 ) l(r 2 x 1 ) l(r 0 x 1 ) l(r 0 x 0 ) Find the permutation: t 2! possibilities Third countermeasure of Clavier et al: t! possibilities Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 12 / 17

27 Introduction Clavier et al s Paper This Paper Simulation Results of Our Attacks Attack on Architecture 8 bits size of R and X in base 2 ω RSA 1024 SECURE INSECURE Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 13 / 17

28 Introduction Clavier et al s Paper This Paper Simulation Results of Our Attacks Architecture 8 bits Architecture 16 bits SECURE RSA 1024 RSA 2048 SECURE INSECURE INSECURE RSA 4096 SECURE INSECURE t: size of R and X in base 2 ω Works also on 16 and 32 bits When ω, security level Architecture 32 bits Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 14 / 17

29 Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 15 / 17

30 Introduction Clavier et al s Paper This Paper Several traces Side-Channel Analysis Methods One trace Vertical Horizontal s Exposant Blinding Message Blinding Regular Algorithm Clavier et al Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 15 / 17

31 Introduction Clavier et al s Paper This Paper Several traces Side-Channel Analysis Methods One trace Vertical Horizontal s Exposant Blinding Message Blinding Regular Algorithm Clavier et al New countermeasure Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 15 / 17

32 Introduction Clavier et al s Paper This Paper And more in our paper Framework: model both Horizontal and Vertical Attacks Attacks on Square and Multiply Always More Simulations: Attacks on variant Clavier et al first countermeasure Variant of our attack (no average) Test the robustness of our countermeasure Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 16 / 17

33 Introduction Clavier et al s Paper This Paper Thank you for your attention Questions? Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 17 / 17

34 Detecting a Timing Bias on RSA implementation of POLARSSL Timing Attack against protected RSA-CRT implementation used in PolarSSL Cyril Arnaud and Pierre-Alain Fouque Defense Ministry and Rennes 1 University February 26, 2013 C Arnaud and PA Fouque Timing Attack 1/ 32

35 Detecting a Timing Bias on RSA implementation of POLARSSL Overview 1 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 2/ 32

36 Detecting a Timing Bias on RSA implementation of POLARSSL Overview Introduction Finding a bias is the set of extra bit observable? 1 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 3/ 32

37 Detecting a Timing Bias on RSA implementation of POLARSSL State of the Art Introduction Finding a bias is the set of extra bit observable? Related Work 1996 : Timing Attacks on Implementations of Diffie-Hellman,RSA, DSS, and Other Systems [Kocher] at CRYPTO : Timing attack on RSA-CRT [Schindler] at CHES : Remote timing attacks are practical [Brumley et Boneh] at Usenix : Improving Brumley and Boneh timing attack on unprotected SSL implementation [O Aciiçmez, et al] at CCS 05 Attacks s of OPENSSL avoided Exploit timing bias induced by RSA optimizations Old monocore processors C Arnaud and PA Fouque Timing Attack 4/ 32

38 Detecting a Timing Bias on RSA implementation of POLARSSL State of the Art Introduction Finding a bias is the set of extra bit observable? Related Work 1996 : Timing Attacks on Implementations of Diffie-Hellman,RSA, DSS, and Other Systems [Kocher] at CRYPTO : Timing attack on RSA-CRT [Schindler] at CHES : Remote timing attacks are practical [Brumley et Boneh] at Usenix : Improving Brumley and Boneh timing attack on unprotected SSL implementation [O Aciiçmez, et al] at CCS 05 Attacks s of OPENSSL avoided Exploit timing bias induced by RSA optimizations Old monocore processors C Arnaud and PA Fouque Timing Attack 4/ 32

39 Detecting a Timing Bias on RSA implementation of POLARSSL Why using a Timing Attack? Introduction Finding a bias is the set of extra bit observable? Side-Channel Cryptanalysis Electromagnetic emanation and power consumption hard to apply on a computer Computation Time : cannot be detected allows to factor RSA modulus by measuring the time to decrypt possible on network Timing measurement : 2 instructions C Arnaud and PA Fouque Timing Attack 5/ 32

40 Detecting a Timing Bias on RSA implementation of POLARSSL Measurement of computation time Introduction Finding a bias is the set of extra bit observable? Time Stamp Counter (TSC) 64-bit counter that records cycle of the FSB bus Common to each CPU core Use of RDTSC instruction : do not use any privilege Performance Counter (PMC) Counter used in the CPU microarchitecture Allow to measure each tick of a core Reading using the RDMSR instruction : require privilege Require a specific kernel module C Arnaud and PA Fouque Timing Attack 6/ 32

41 Detecting a Timing Bias on RSA implementation of POLARSSL Target choice Introduction Finding a bias is the set of extra bit observable? RSA of POLARSSL 114 Opensource library developed in C Operational version (Adobe flash player, ) Use countermeasures suggested by Boneh and Brumley and Schindler (One subroutine for multiplication and a dummy substraction) RSA decryption in constant time Protected against timing attacks C Arnaud and PA Fouque Timing Attack 7/ 32

42 Detecting a Timing Bias on RSA implementation of POLARSSL Goals and Results Introduction Finding a bias is the set of extra bit observable? Goals Evaluate the countermeasure Mount an attack Determining efficient countermeasures Work on recent processors (Intel Core 2 Duo and Core i7) Results Detection of an unknown bias Attack verified on a chosen ciphertext attack for RSA 512, 1024 and 2048 bits Propose two countermeasures avoiding this attack C Arnaud and PA Fouque Timing Attack 8/ 32

43 Detecting a Timing Bias on RSA implementation of POLARSSL Goals and Results Introduction Finding a bias is the set of extra bit observable? Goals Evaluate the countermeasure Mount an attack Determining efficient countermeasures Work on recent processors (Intel Core 2 Duo and Core i7) Results Detection of an unknown bias Attack verified on a chosen ciphertext attack for RSA 512, 1024 and 2048 bits Propose two countermeasures avoiding this attack C Arnaud and PA Fouque Timing Attack 8/ 32

44 Detecting a Timing Bias on RSA implementation of POLARSSL RSA Implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? RSA Decryption To decrypt c (Z/nZ) : modular exponentiation using the private exponent : m = c d mod n RSA decryption optimizations of POLARSSL Chinese Remainder Theorem using Garner recombination Montgomery Multiplication using one countermeasure Modular Exponentiation using the sliding window method C Arnaud and PA Fouque Timing Attack 9/ 32

45 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? Multiprecision Montgomery Modular Multiplication Number representations A = i=s 1 i=0 a i r i, size of words is denoted by w s represents the number of required words of size w r = 2 w R = r s w w-bit multiplication to multiply a word with a large integer C Arnaud and PA Fouque Timing Attack 10/ 32

46 Detecting a Timing Bias on RSA implementation of POLARSSL Schindler s observation Introduction Finding a bias is the set of extra bit observable? Extra reduction - Time variance in MULTIMONTMUL Montgomery representation Ā = AR mod P Suppose B is uniformly distributed in Z P P (extra-reduction in MULTIMONTMUL( X,B,P)) = X mod P 2R P (extra-reduction in MULTIMONTMUL(B,B,P)) = P 3R C Arnaud and PA Fouque Timing Attack 11/ 32

47 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? PolarSSL s Multiprecision Montgomery multiplication Ṛunning times to execute the branch condition is identical for all inputs Dummy subtraction used in MULTIMONTMUL(A, B, P) makes the time to perform the multiplication independent on the A and B C Arnaud and PA Fouque Timing Attack 12/ 32

48 Detecting a Timing Bias on RSA implementation of POLARSSL Extra bit Introduction Finding a bias is the set of extra bit observable? The condition of MULTIMONTMUL is ABR 1 Z < P + ABR 1 We suppose that R <P< R (key lengths multiple of world size) 2 Then Z < 2R Hence, if Z > R then z s = 1, this bit is called extra bit Extra bit in source code in the s th loop of MULTIMONTMUL, if Z > R then the extra bit is set by a carry propagation up to the top most significant word of Z is extra bit imply a timing variance? C Arnaud and PA Fouque Timing Attack 13/ 32

49 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? An attacker can observe a timing difference Methodology We generate : We sort : Random numbers A, B with known size, converted in Montgomery representation a prime number Q where R 2 < Q < R the time in CPU s clock ticks to perform MULTIMONTMUL(A, B, Q) according to the size numbers if an extra bit, an extra-reduction without extra bit or neither of them is carried out C Arnaud and PA Fouque Timing Attack 14/ 32

50 Detecting a Timing Bias on RSA implementation of POLARSSL Results Introduction Finding a bias is the set of extra bit observable? Z<Q R<Z Q<Z<R Z<Q R<Z Q<Z<R Time in CPU cycles Time in CPU cycles A size B size A size B size FIGURE: Q = 512 FIGURE: Q = 1024 A timing difference is observable when Z > R Extra-reduction (Q Z < R) : masked by dummy subtraction Bias is proportional to the bitsize of Q C Arnaud and PA Fouque Timing Attack 15/ 32

51 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? Results of timing attacks against POLARSSL Kocher Attack (1996) ḍoes not apply to RSA-CRT Schindler s Attack (2000) ẉorks only with the square-&-multiply algorithm Schindler s Attack (2005) ḍoes not work due to the window in the sliding windows exponentiation Brumley-Boneh Attacks (2003) can work C Arnaud and PA Fouque Timing Attack 16/ 32

52 Detecting a Timing Bias on RSA implementation of POLARSSL Overview Cryptographic Analysis Statistical Tools Results against PolarSSL Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 17/ 32

53 Detecting a Timing Bias on RSA implementation of POLARSSL Probability of an extra bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 ṀULTIMONTMUL(A,B,P), 0 A,B < P The probability of an extra bit is not null iff P > Probability of an extra bit B is uniformly distributed and C is a fixed value : For P > R P MULTIMONTMUL(B,B,P) = P + 2(R P) (R P)R (R P) 3R 3P 2 R P C = P MULTIMONTMUL(C,B,P) = C 2R + (R P)2 R 2CP R and X,Y (R P) R ( ) (R P)R,P, if X > Y then P P X > P Y C Arnaud and PA Fouque Timing Attack 18/ 32

54 Detecting a Timing Bias on RSA implementation of POLARSSL Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Attack Characteristics Allows to recover the p most significant bits of p or q 2 Search each bit gradually using an approximation of p or q Use Coppersmith algorithm to complete the attack Recovering a 1024 key size with RDMSR instruction in inter-process Around ten minutes queries C Arnaud and PA Fouque Timing Attack 19/ 32

55 Detecting a Timing Bias on RSA implementation of POLARSSL Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Attack Characteristics Allows to recover the p most significant bits of p or q 2 Search each bit gradually using an approximation of p or q Use Coppersmith algorithm to complete the attack Recovering a 1024 key size with RDMSR instruction in inter-process Around ten minutes queries C Arnaud and PA Fouque Timing Attack 19/ 32

56 Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 p k = 0 Decryption time p k = 1 Decryption time c q c p 1 c 2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 20/ 32

57 Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 p k = 0 Decryption time p k = 1 Decryption time c q c p 1 c 2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 20/ 32

58 Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 p k = 0 Decryption time p k = 1 Decryption time c q c p 1 c 2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 20/ 32

59 Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 p k = 0 Decryption time p k = 1 Decryption time c q c p 1 c 2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 20/ 32

60 Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 Decryption time c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 Decryption time c q c p 1 c 2 Ṭwo timing samples for values close to c 1 + ε 1 and c 2 + ε 2 : ζ c1 and ζ c2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 21/ 32

61 Detecting a Timing Bias on RSA implementation of POLARSSL Cryptographic Analysis Statistical Tools Results against PolarSSL 114 How can we quantify the difference between the two samples ζ c1 and ζ c2? C Arnaud and PA Fouque Timing Attack 22/ 32

62 Detecting a Timing Bias on RSA implementation of POLARSSL Cryptographic Analysis Statistical Tools Results against PolarSSL 114 How can we check that the measure of the two samples ζ c1 and ζ c2 is correct? C Arnaud and PA Fouque Timing Attack 22/ 32

63 Detecting a Timing Bias on RSA implementation of POLARSSL Statistical Tests Cryptographic Analysis Statistical Tools Results against PolarSSL 114 T-test Allow to compare the means of two samples generated by 2 populations with equal variance If t observed > t threshold, p k = 0 otherwise p k = 1 Fisher-Snedecor Test Allows to compare the variances of two samples generated from 2 populations If F observed > F threshold : replay otherwise the value of t observed allows to determine p k In practice Ṣearch the intervalle I or F observed is maximal then compute t-test on I C Arnaud and PA Fouque Timing Attack 23/ 32

64 Detecting a Timing Bias on RSA implementation of POLARSSL Same process Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Modulus size #query/bit ratio of replay # query 512 bits 600 2% bits % bits % TABLE: RDTSC instruction Modulus size #query/bit ratio of replay # query 512 bits 600 2% bits % bits % TABLE: RDMSR instruction C Arnaud and PA Fouque Timing Attack 24/ 32

65 Detecting a Timing Bias on RSA implementation of POLARSSL Inter-process via TCP IP Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Modulus size #query/bit ratio of replay # query 512 bits % bits % bits % TABLE: RDTSC instruction Modulus size #query/bit ratio of replay # query 512 bits % bits % bits % TABLE: RDMSR instruction C Arnaud and PA Fouque Timing Attack 25/ 32

66 Detecting a Timing Bias on RSA implementation of POLARSSL Amplifying the bias by repetiting Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Ṭhe bias in our case is very small and is consequently hard to detect Sliding Exponentiation PolarSSL uses a CLNW (Constant Length Non-Zero Window) method whereas OpenSSL uses a VLNW method (Variable) Precomputation phase As in the CCS 05 paper, we use the precomputation phase many multiplications are used with the same value c 1 or c 2 to compute the precomputation table 31 multiplications with the same value if the window length is 5 C Arnaud and PA Fouque Timing Attack 26/ 32

67 Detecting a Timing Bias on RSA implementation of POLARSSL Distribution of modulus Cryptographic Analysis Statistical Tools Results against PolarSSL 114 We generated randomly keys with PolarSSL s key generation routine (p > q) ]05R; 5 1 R] ] 5 1 R, 07R] ]07R; 08R] ]08R; R] 2 2 Distribution of p size 0% 0011% 1333% 8666% Distribution of q size 1878% 2446% 3132% 2544% TABLE: Distribution of modulus Our attack is always feasible in practice C Arnaud and PA Fouque Timing Attack 27/ 32

68 Detecting a Timing Bias on RSA implementation of POLARSSL Overview State of the Art Alternatives to blinding 1 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 28/ 32

69 Detecting a Timing Bias on RSA implementation of POLARSSL OPENSSL State of the Art Alternatives to blinding Blinding Use a random before each decryption Efficient for all parameter size Slow down performance by a factor between 10 to 25% C Arnaud and PA Fouque Timing Attack 29/ 32

70 Detecting a Timing Bias on RSA implementation of POLARSSL Cancelling out extra bit State of the Art Alternatives to blinding Use particular modulus size ịf Q = kw, extra-bit is cancelling out Modify PolarSSL s key generation routine Generate keys where prime factors are less than R C Arnaud and PA Fouque Timing Attack 30/ 32

71 Detecting a Timing Bias on RSA implementation of POLARSSL Overview 1 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 31/ 32

72 Detecting a Timing Bias on RSA implementation of POLARSSL s Constant time cryptographic implementations are hard to achieve Known attacks exploit the bias of the extra-reduction due to an extra bit Our contributions Practical Timing Attack against a protected implementation Use statistical tests to reduce the number of chosen ciphertexts Introduce a new bias Propose 2 countermeasures for specific key sizes C Arnaud and PA Fouque Timing Attack 32/ 32

Timing Attack against protected RSA-CRT implementation used in PolarSSL

Timing Attack against protected RSA-CRT implementation used in PolarSSL Cyril Arnaud 1 and Pierre-Alain Fouque 1 École de l Air, cy.arnaud@orange.fr Université Rennes 1 pierre-alain.fouque@ens.fr Abstract.