Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers

Similar documents
Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer

Efficient randomized regular modular exponentiation using combined Montgomery and Barrett multiplications

A DPA attack on RSA in CRT mode

Public Key Perturbation of Randomized RSA Implementations

Differential Cache Trace Attack Against CLEFIA

1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:

Concurrent Error Detection in S-boxes 1

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers

DIFFERENTIAL FAULT ANALYSIS ATTACK RESISTANT ARCHITECTURES FOR THE ADVANCED ENCRYPTION STANDARD *

Elliptic Curve Cryptography and Security of Embedded Devices

Differential Fault Analysis of AES using a Single Multiple-Byte Fault

Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations

Partial Key Exposure: Generalized Framework to Attack RSA

Hardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow

A DPA Attack against the Modular Reduction within a CRT Implementation of RSA

Remote Timing Attacks are Practical

Side-channel analysis in code-based cryptography

Side-channel attacks on PKC and countermeasures with contributions from PhD students

Algorithmic Number Theory and Public-key Cryptography

Differential Fault Analysis on the families of SIMON and SPECK ciphers

Practical Fault Countermeasures for Chinese Remaindering Based RSA

Introduction to Modern Cryptography. Benny Chor

New Strategy for Doubling-Free Short Addition-Subtraction Chain

Public-Key Cryptosystems CHAPTER 4

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Square Always Exponentiation

Efficient Leak Resistant Modular Exponentiation in RNS

Energy Exhaustion Attack on Barrett s Reduction

Side-Channel Analysis on Blinded Regular Scalar Multiplications

Side Channel Analysis. Chester Rebeiro IIT Madras

CIS 551 / TCOM 401 Computer and Network Security

Public Key Cryptography

Square Always Exponentiation

Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity

Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems

IIT KHARAGPUR FDTC September 23, South Korea, Busan. FDTC 2014 (South Korea, Busan) IIT KHARAGPUR September 23, / 67

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents

Notes for Lecture 17

1 Number Theory Basics

A new security notion for asymmetric encryption Draft #10

Protecting RSA Against Fault Attacks: The Embedding Method

The odd couple: MQV and HMQV

Numbers. Çetin Kaya Koç Winter / 18

Lazy Leak Resistant Exponentiation in RNS

Hardware Acceleration of the Tate Pairing in Characteristic Three

A new security notion for asymmetric encryption Draft #12

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

A new security notion for asymmetric encryption Draft #8

Power Analysis to ECC Using Differential Power between Multiplication and Squaring

Gurgen Khachatrian Martun Karapetyan

Hardware Security Side channel attacks

Lecture 11: Key Agreement

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

Side Channel Analysis and Protection for McEliece Implementations

Discrete Logarithm Problem

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks

On some physical attacks of RSA

Discrete Mathematics GCD, LCM, RSA Algorithm

Other Public-Key Cryptosystems

Cryptographically Robust Large Boolean Functions. Debdeep Mukhopadhyay CSE, IIT Kharagpur

Resistance of Randomized Projective Coordinates Against Power Analysis

The Montgomery Powering Ladder

CPSC 467: Cryptography and Computer Security

PKCS #1 v2.0 Amendment 1: Multi-Prime RSA

Error-free protection of EC point multiplication by modular extension

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

CSc 466/566. Computer Security. 5 : Cryptography Basics

THEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER. A. A. Zadeh and Howard M. Heys

Cryptography IV: Asymmetric Ciphers

Public-Key Encryption: ElGamal, RSA, Rabin

Introduction to Side Channel Analysis. Elisabeth Oswald University of Bristol

recover the secret key [14]. More recently, the resistance of smart-card implementations of the AES candidates against monitoring power consumption wa

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Hardware implementations of ECC

DPA-Resistance without routing constraints?

Attacking DSA Under a Repeated Bits Assumption

International Journal of Advanced Research in Computer Science and Software Engineering

RSA RSA public key cryptosystem

Cryptography and Security Midterm Exam

A Fault Attack on the LED Block Cipher

FPGA IMPLEMENTATION FOR ELLIPTIC CURVE CRYPTOGRAPHY OVER BINARY EXTENSION FIELD

A Pseudo-Random Encryption Mode

CRYPTOGRAPHY AND NUMBER THEORY

Public Key Cryptography

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Efficient RSA Cryptosystem with Key Generation using Matrix

Timing Attack against protected RSA-CRT implementation used in PolarSSL

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent

Correcting Errors in Private Keys Obtained from Cold Boot Attacks

Provable Security Proofs and their Interpretation in the Real World

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Lecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004

Computers and Mathematics with Applications

A Sound Method for Switching between Boolean and Arithmetic Masking

Transcription:

Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August 20, 2016 PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 1 / 25

Overview of the talk Introduction Motivation of the problem Exponentiation primitives for Public key cryptography Formalizing Differential of branch misses simulated from 2-bit predictor Developing the Attack Algorithm Experimental validation over Hardware Performance Counters Conclusion PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 2 / 25

Introduction Asymmetric key algorithm have been threatened via timing side channels due to the behavior of the underlying branch predictors. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25

Introduction Asymmetric key algorithm have been threatened via timing side channels due to the behavior of the underlying branch predictors. Effect of faults on such predictors and the consequences thereof on security of crypto-algorithms have not been studied. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25

Introduction Asymmetric key algorithm have been threatened via timing side channels due to the behavior of the underlying branch predictors. Effect of faults on such predictors and the consequences thereof on security of crypto-algorithms have not been studied. We develop a formal analysis of such a bimodal predictor under the effect of faults. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25

Introduction Asymmetric key algorithm have been threatened via timing side channels due to the behavior of the underlying branch predictors. Effect of faults on such predictors and the consequences thereof on security of crypto-algorithms have not been studied. We develop a formal analysis of such a bimodal predictor under the effect of faults. Analysis shows that differences of branch misses under the effect of bit faults can be exploited to attack implementations of RSA-like asymmetric key algorithms, based on square and multiplication operations. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25

Introduction Asymmetric key algorithm have been threatened via timing side channels due to the behavior of the underlying branch predictors. Effect of faults on such predictors and the consequences thereof on security of crypto-algorithms have not been studied. We develop a formal analysis of such a bimodal predictor under the effect of faults. Analysis shows that differences of branch misses under the effect of bit faults can be exploited to attack implementations of RSA-like asymmetric key algorithms, based on square and multiplication operations. The attack is also threatening against Montgomery ladder of CRT-RSA (RSA implemented using Chinese Remainder Theorem). PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25

Contributions The difference of branch misses observed through HPCs between the correct and the faulty execution can be modeled efficiently to develop a key recovery attack. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 4 / 25

Contributions The difference of branch misses observed through HPCs between the correct and the faulty execution can be modeled efficiently to develop a key recovery attack. We develop an iterative attack strategy, which simulates the branches corresponding to partially known exponent bits and observes the difference of branch misses from HPCs to reveal the next bit. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 4 / 25

Contributions The difference of branch misses observed through HPCs between the correct and the faulty execution can be modeled efficiently to develop a key recovery attack. We develop an iterative attack strategy, which simulates the branches corresponding to partially known exponent bits and observes the difference of branch misses from HPCs to reveal the next bit. The theoretical simulations are validated on secret key-dependent modular exponentiation algorithms as well as on CRT-RSA implementation. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 4 / 25

Vulnerability of system due to HPCs in presence of fault The scenario where the secret key gets flipped or corrupted can manifest as a fault. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25

Vulnerability of system due to HPCs in presence of fault The scenario where the secret key gets flipped or corrupted can manifest as a fault. However, fault can also be introduced by skipping some target instructions as well [1]. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25

Vulnerability of system due to HPCs in presence of fault The scenario where the secret key gets flipped or corrupted can manifest as a fault. However, fault can also be introduced by skipping some target instructions as well [1]. On platforms such as Xilinx Microblaze where the HPC accesses are provided [2], the instruction skip phenomenon can be exploited to reveal secret by monitoring events such as branching. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25

Vulnerability of system due to HPCs in presence of fault The scenario where the secret key gets flipped or corrupted can manifest as a fault. However, fault can also be introduced by skipping some target instructions as well [1]. On platforms such as Xilinx Microblaze where the HPC accesses are provided [2], the instruction skip phenomenon can be exploited to reveal secret by monitoring events such as branching. In recent processors, Rowhammer is a term coined for disturbances observed in DRAM devices, where repeated row activation causes the DRAM cells to electrically interact within themselves [3, 4]. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25

Vulnerability of system due to HPCs in presence of fault The scenario where the secret key gets flipped or corrupted can manifest as a fault. However, fault can also be introduced by skipping some target instructions as well [1]. On platforms such as Xilinx Microblaze where the HPC accesses are provided [2], the instruction skip phenomenon can be exploited to reveal secret by monitoring events such as branching. In recent processors, Rowhammer is a term coined for disturbances observed in DRAM devices, where repeated row activation causes the DRAM cells to electrically interact within themselves [3, 4]. Authors in [5] has exploited this Rowhammer vulnerability to flip secret exponent bits residing in the memory of a x86 system. This motivates the study of differential analysis of HPCs when there is a fault. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25

In fault analysis attacks as well as their countermeasures, the adversary may be prevented in getting useful information but the hardware events reflects the systems internal state which may have a dependence on the secret. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 6 / 25

In fault analysis attacks as well as their countermeasures, the adversary may be prevented in getting useful information but the hardware events reflects the systems internal state which may have a dependence on the secret. HPCs can be of potential threat with respect to fault analysis attacks and more notably against their countermeasures. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 6 / 25

Exponentiation and Underlying Multiplication Primitive Inputs(M) are encrypted and decrypted by performing modular exponentiation with modulus N on public or private keys represented as n bit binary string. Square and Multiply Exponentiation Algorithm 1: Binary version of Square and Multiply Exponentiation Algorithm S M ; for i from 1 to n 1 do S S S mod N ; if d i = 1 then S S M mod N ; end end return S ; Conditional execution of instruction and their dependence on secret exponent is exploited by the simple power and timing side-channels [6]. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 7 / 25

Montgomery Ladder Exponentiation Algorithm A naïve modification is to have a balanced ladder structure having equal number of squarings and multiplications. Most popular exponentiation primitive for Asymmetric-key cryptographic implementations. Algorithm 2: Montgomery Ladder Algorithm R 0 1 ; R 1 M ; for i from 0 to n 1 do if d i = 0 then R 1 (R 0 R 1 ) mod N ; R 0 (R 0 R 0 ) mod N ; end else R 0 (R 0 R 1 ) mod N ; R 1 (R 1 R 1 ) mod N ; end end return R 0 ; PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 8 / 25

Approximating the System predictor with 2-bit branch predictor [7] Taken 4360 Predict Taken Taken Not Taken Taken Not Taken Predict Taken Not Taken Observed branch misses from Perf 4350 4340 4330 4320 4310 4300 Predict Not Taken Predict Not Taken 4290 470 480 490 500 510 520 530 540 550 560 Predicted branch misses from 2-bit dynamic predictor Taken Not Taken Figure: Variation of branch-misses from performance counters with increase in branch miss from 2-bit predictor algorithm Direct correlation observed for the branch misses from HPCs and from the simulated 2-bit dynamic predictor over a sample of exponent bitstream. This confirms assumption of 2-bit dynamic predictor being an approximation to the underlying system branch predictor. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 9 / 25

Formalizing the differential of 2-bit predictor in fault attack setup We model the strong effect of the bimodal predictor to exploit the side-channel leakage of branch misses from the performance counters. Also we characterize the differential of branch misses from correct and faulty branching sequences based on the behavior of 2-bit predictor. Various parameters used during the analysis are defined as follows: There is a sequence of n branches denoted as (b 0, b 1,, b n 1 ) generated from execution of the algorithm under attack. A fault at the i th execution of the algorithm changes the branching decision for the i th instance. Difference in branch misses ( i ) between the correct branching sequence (b 0, b 1,, b i,, b n 1 ) and the faulty sequence (b 0, b 1,, b i,, b n 1 ) simulated theoretically over a 2-bit predictor algorithm can be atleast 3 and atmost 3. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 10 / 25

Some more parameters Symbols Table: Tabular Representation of Symbols Meanings with respect to their analysis (b 0, b 1,, b i 1 ) Sequence of taken or not-taken known branches Stj K State of 2-bit predictor after j conditional branches with respect to the Correct Sequence St F i j P K j+1 State of 2-bit predictor after j conditional branches with respect to the Faulty Sequence Branch predicted by 2-bit predictor for branch statement corresponding to (j + 1) th bit of Correct Sequence P F i j+1 Branch predicted by 2-bit predictor for branch statement corresponding to (j + 1) th bit of Faulty Sequence PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 11 / 25

Formalizing 2-bit predictor behavior Properties Property 1: If St K i 1 = S 0 or St K i 1 = S 2, then P K i = P F i = b i 1. Property 2: If St K i 1 = S 0 or St K i 1 = S 2, then there are guaranteed mispredictions for branch statement at the i th instance for either K or F i. If the branch statement corresponding to (i + 1) th instance is not same as the predicted P K i, then there is a mismatch between the correct and the faulty sequence in the predictor s output for the (i + 2) th position as P K i+2 PF i i+2. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 12 / 25

Differentials over 2-bit predictor If St K i 1 = S 0 and b i = 0 then i {0, 1, 2, 3} Sti 1 = S0 Sti 1 = S0 i 1 bits 0 0 i 1 bits 0 1 0 bi 1 bi bi+1 0 0 0 P K i 1 Pi K P K i+1 = 1 bi 1 bi bi+1 bi+2 0 0 1 0 P K i 1 Pi K P K i+1 P K i+2 P K i+3 = 2 P F i 1 Pi F P F i+1 P F i 1 Pi F P F i+1 P F i+2 P F i+3 bi 1 bi bi+1 0 1 0 bi 1 bi bi+1 bi+2 0 1 1 0 i 1 bits 1 0 i 1 bits 1 1 1 (a) i = 1 (b) i = 2 Figure: Variation of simulated branch-misses on the i th branching decision having St i 1 = S 0 PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 13 / 25

If St K i 1 = S 0 and b i = 0 then i {0, 1, 2, 3} i 1 bits Sti 1 = S0 0 1 1 i 1 bits Sti 1 = S0 0 1 0 0 bi 1 bi bi+1 bi+2 0 0 1 1 P K i 1 Pi K P K i+1 P K i+2 P K i+3 = 0 bi 1 bi bi+1 bi+2 bi+3 0 0 1 0 0 P K i 1 Pi K P K i+1 P K i+2 P K i+3 = 3 P F i 1 Pi F P F i+1 P F i+2 P F i+3 P F i 1 Pi F P F i+1 P F i+2 P F i+3 bi 1 bi bi+1 bi+2 0 1 1 1 bi 1 bi bi+1 bi+2 bi+3 0 1 1 0 0 i 1 bits 1 1 0 i 1 bits 1 1 1 1 (a) i = 0 (b) Maximum Variation Figure: Variation of simulated branch-misses on the i th branching decision having St i 1 = S 0 PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 14 / 25

1 If Sti 1 K = S 0 and b i = 0 then i {0, 1, 2, 3} 2 If Sti 1 K = S 0 and b i = 1 then i {0, 1, 2, 3} 3 If Sti 1 K = S 2 and b i = 0 then i {0, 1, 2, 3}, and 4 If Sti 1 K = S 2 and b i = 1 then i {0, 1, 2, 3} PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 15 / 25

Differential behavior of HPC due to an i th bit fault The secret and faulty sequences only differ at the i th bit, the previous 0 th to (i 1) th bits being same for both the exponents, the branch sequences corresponding to secret and its faulty counterpart varies only at the i th bit. Initially the adversary observes the number of branch misses for exponentiation operation using the secret exponent from HPCs. In the next step, a fault induced at the target bit of secret key, simultaneously observing the number of branch misses from HPCs for exponentiation using the faulty exponent. The difference of branch misses obtained through HPCs is denoted as δ i. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 16 / 25

30 25 i th branch taken i th branch not-taken 40 35 i th branch taken i th branch not-taken 30 Frequencies 20 15 10 Frequencies 25 20 15 10 5 5 0-2000 -1500-1000 -500 0 500 1000 1500 2000 2500 Differences of branch misses 0-2000 -1500-1000 -500 0 500 1000 1500 2000 Differences of branch misses (a) when St K i 1 = S 0 (b) St K i 1 = S 2 Figure: Variation of branch-misses from performance counters based on the i th branching decision If St K i 1 = S 0, If b i = 0, then δ i > 0 Else if b i = 1, then δ i < 0 If St K i 1 = S 2, If b i = 0, then δ i < 0 Else if b i = 1, then δ i > 0 PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 17 / 25

Developing the Attack Algorithm Let δ i be the differences of branch misses over the secret and faulty exponent observed from the HPCs. We determine the next bit nb i as, If St K i 1 = S 0/S 2 : If δ i < 0, nb i = 0, if St K i 1 = S 2 and nb i = 1, when St K i 1 = S 0. Else if δ i > 0 nb i = 0, if St K i 1 = S 0 and nb i = 1, when St K i 1 = S 2. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 18 / 25

Else if, St K i 1 = S 1/S 3 : If we flip the (i 1) th bit, the state upto (i 1) th bit changes to S 0 or S 2. the characteristic property for St i 1 = S 1 /S 3 is such that b i 2 = P i 1 = P i b i 1. If we inject a fault at (i 1) th position then branching decision b i 1 gets complemented. Effectively, if Sti 1 K = S 1 previously then after fault St F i 1 i 1 becomes S 0. Similarly, if Sti 1 K = S 3 previously then after fault St F i 1 i 1 becomes S 2. Let δ i 1,i be the differences of branch misses over the faulty exponents observed from the HPCs. We determine the next bit nb i as, If δ i 1,i < 0, nb i = 0, if St K i 1 = S 3 and nb i = 1, when St K i 1 = S 1. Else if δ i 1,i > 0 nb i = 0, if St K i 1 = S 1 and nb i = 1, when St K i 1 = S 3. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 19 / 25

Modelling the System Noise Frequencies 450 400 350 300 250 200 150 100 50 0-50 3000 3500 4000 4500 5000 5500 6000 Branch misses Frequencies 6000 5000 4000 3000 2000 1000 0-1000 3000 3500 4000 4500 5000 5500 6000 6500 Branch misses (a) Due to exponentiation on secret exponent (b) Due to environmental processes running in the system Figure: Distribution of branch-misses of secret and faulty exponent on square and multiply implementation from HPCs having St i 1 = S 0 Fig.(a) has similar nature to this noise distribution in Fig.(b) with a shift in the respective statistics with an increase in branch misprediction due to the conditional statements from the secret exponents. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 20 / 25

Validation of the Attack Algorithm We present the validation of previous discussion through experiments on 1024 bits of RSA. The fault model is simulated in software. Experiments are performed on various platforms as Core-2 Duo E7400, Intel Core i3 M350 and Intel Core i5-3470. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 21 / 25

Experiments on Square and Multiply Algorithm Frequencies 60 50 40 30 20 10 0-10 3000 3500 4000 4500 5000 5500 6000 Branch misses Secret Exponent Faulty Exponent Frequencies 450 400 350 300 250 200 150 100 50 0-50 3000 3500 4000 4500 5000 5500 6000 Branch misses Secret Exponent Faulty Exponent (a) b i = 0 and δ i = 14.014 (b) b i = 1 and δ i = 35.79 Figure: Distribution of branch-misses of secret and faulty exponent on square and multiply implementation from HPCs having St i 1 = S 0 Fig.(a) show distribution of branch misses from the square and multiply exponentiation having St i 1 = S 0 for b i = 0 and the fault being introduced at i = 1019 th position. δ i = 14.014 and since St i 1 = S 0, and with positive value of δ i, the next branch is decided as nb i = 0 and k i = b i. Similarly, Fig.(b) i = 548 th location having b i = 1 and St i 1 = S 0, we observed δ i = 35.79 which correctly decides the i th branch as 1. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 22 / 25

Experiments on Montgomery Ladder Frequencies 60 50 40 30 20 10 0-10 3000 3500 4000 4500 5000 5500 6000 Branch misses Secret Exponent Faulty Exponent Frequencies 50 45 40 35 30 25 20 15 10 5 0 3000 3500 4000 4500 5000 5500 6000 Branch misses Secret Exponent Faulty Exponent (a) b i = 0 and δ i = 9.828 (b) b i = 1 and δ i = 139.086 Figure: Distribution of branch-misses of secret and faulty exponent on Montgomery Ladder implementation from HPCs having St i 1 = S 0 Fig.(a) shows for k i = 1 for i = 248 where St i 1 = S 0, b i = 0 and the branch misses from HPCs δ i = 9.828 reveals a positive difference correctly identifying nb i = 0. While Fig.(b) shows a negative difference δ i = 139.086 correctly identifying k 1 = 0 for i = 337. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 23 / 25

Attacks on CRT-RSA implementation 140 120 Secret Exponent Faulty Exponent 140 120 Secret Exponent Faulty Exponent 100 100 Frequencies 80 60 40 Frequencies 80 60 40 20 20 0 0-20 20000 22000 24000 26000 28000 30000 32000 34000-20 20000 22000 24000 26000 28000 30000 32000 34000 Branch misses Branch misses (a) d pi = 0 and δ i = 243.212 (b) d pi = 1 and δ i = 136.029 Figure: Distribution of branch-misses of secret and faulty exponent on CRT-RSA implementation from HPCs having St i 1 = S 0 Fig.(a),(b) show two instances of the CRT-RSA implementation with square and multiply and simulated fault induced in d p, while exponentiation for d q is computed unaffected. In both situation, the target exponent bits of d p are shown to be retrieved correctly and uniquely. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 24 / 25

Conclusion HPCs used as performance monitors in modern systems can be observed by adversaries to determine critical information of secret key bits. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25

Conclusion HPCs used as performance monitors in modern systems can be observed by adversaries to determine critical information of secret key bits. The attack we illustrate exploit strong correlation of the 2-bit dynamic predictor to unknown underlying branch predictor of the system. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25

Conclusion HPCs used as performance monitors in modern systems can be observed by adversaries to determine critical information of secret key bits. The attack we illustrate exploit strong correlation of the 2-bit dynamic predictor to unknown underlying branch predictor of the system. We present a differential fault analysis to show that difference of branch misses for a 2-bit predictor can be utilized to reveal information of key bits. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25

Conclusion HPCs used as performance monitors in modern systems can be observed by adversaries to determine critical information of secret key bits. The attack we illustrate exploit strong correlation of the 2-bit dynamic predictor to unknown underlying branch predictor of the system. We present a differential fault analysis to show that difference of branch misses for a 2-bit predictor can be utilized to reveal information of key bits. The attacks can be adapted to embedded soft-core processors with practical faults being introduced by instruction skips. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25

Conclusion HPCs used as performance monitors in modern systems can be observed by adversaries to determine critical information of secret key bits. The attack we illustrate exploit strong correlation of the 2-bit dynamic predictor to unknown underlying branch predictor of the system. We present a differential fault analysis to show that difference of branch misses for a 2-bit predictor can be utilized to reveal information of key bits. The attacks can be adapted to embedded soft-core processors with practical faults being introduced by instruction skips. Interestingly, fault attack countermeasures which stop or randomize the output when a fault occurs can still be attacked using these techniques. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25

Conclusion HPCs used as performance monitors in modern systems can be observed by adversaries to determine critical information of secret key bits. The attack we illustrate exploit strong correlation of the 2-bit dynamic predictor to unknown underlying branch predictor of the system. We present a differential fault analysis to show that difference of branch misses for a 2-bit predictor can be utilized to reveal information of key bits. The attacks can be adapted to embedded soft-core processors with practical faults being introduced by instruction skips. Interestingly, fault attack countermeasures which stop or randomize the output when a fault occurs can still be attacked using these techniques. The work raises the question of secured implementation of ciphers in presence of HPCs in modern processors where fault inductions are feasible. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25

AVR Freaks. Instruction skipping after spurious interrupt, http://www.avrfreaks.net/forum/solved-instruction-skipping-after-spurious-interrupt, 2015. mp-fpga. Performance Counter for Microblaze, http://mp-fpga.blogspot.in/2007/10/performance-counter-for-microblaze.html, 2007. Wikipedia. Rowhammer wikipedia page, https://en.wikipedia.org/wiki/row-hammer, 2016. Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Minneapolis, MN, USA, June 14-18, 2014, pages 361 372. IEEE Computer Society, 2014. Sarani Bhattacharya and Debdeep Mukhopadhyay. Curious case of rowhammer: Flipping secret exponent bits using timing analysis. In CHES, 2015. Paul C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Neal Koblitz, editor, CRYPTO 96: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, volume 1109 of Lecture Notes in Computer Science, pages 104 113, London, UK, 1996. Springer-Verlag. Sarani Bhattacharya and Debdeep Mukhopadhyay. Who watches the watchmen?: Utilizing performance monitors for compromising keys of RSA on intel platforms. In Tim Güneysu and Helena Handschuh, editors, Cryptographic Hardware and Embedded Systems - CHES 2015-17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, volume 9293 of Lecture Notes in Computer Science, pages 248 266. Springer, 2015. PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback