Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations

Similar documents
Timing Attack against protected RSA-CRT implementation used in PolarSSL

Elliptic Curve Cryptography and Security of Embedded Devices

Remote Timing Attacks are Practical

Algorithmic Number Theory and Public-key Cryptography

Efficient randomized regular modular exponentiation using combined Montgomery and Barrett multiplications

Side-channel attacks on PKC and countermeasures with contributions from PhD students

1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:

A DPA attack on RSA in CRT mode

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer

Square Always Exponentiation

Timing Attacks on Software Implementation of RSA

Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur

Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers

Blinded Fault Resistant Exponentiation FDTC 06

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis

RSA. Ramki Thurimella

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Attacks on RSA

On the Use of Masking to Defeat Power-Analysis Attacks

Lazy Leak Resistant Exponentiation in RNS

Exponent Blinding Does not Always Lift (Partial) SPA Resistance to Higher-Level Security

Dynamic Runtime Methods to Enhance Private Key Blinding

Efficient Leak Resistant Modular Exponentiation in RNS

Hardware Security Side channel attacks

Comparison of some mask protections of DES against power analysis Kai Cao1,a, Dawu Gu1,b, Zheng Guo1,2,c and Junrong Liu1,2,d

Side-Channel Analysis on Blinded Regular Scalar Multiplications

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

1 Number Theory Basics

Side-channel analysis in code-based cryptography

In fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.

Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity

Side Channel Analysis. Chester Rebeiro IIT Madras

A DPA Attack against the Modular Reduction within a CRT Implementation of RSA

Théorie de l'information et codage. Master de cryptographie Cours 10 : RSA. 20,23 et 27 mars Université Rennes 1

Efficient regular modular exponentiation using multiplicative half-size splitting

Partial Key Exposure: Generalized Framework to Attack RSA

Introduction to Modern Cryptography. Benny Chor

Formal Verification of Side-Channel Countermeasures

7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents

Known Plaintext Only Attack on RSA CRT with Montgomery Multiplication

Introduction to Side Channel Analysis. Elisabeth Oswald University of Bristol

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Introduction to Modern Cryptography. Benny Chor

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi

Public-Key Encryption: ElGamal, RSA, Rabin

Question: Total Points: Score:

Toward Secure Implementation of McEliece Decryption

Investigations of Power Analysis Attacks on Smartcards *

Reduce-by-Feedback: Timing resistant and DPA-aware Modular Multiplication plus: How to Break RSA by DPA

Four-Dimensional GLV Scalar Multiplication

Lecture V : Public Key Cryptography

Hardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow

Correcting Errors in Private Keys Obtained from Cold Boot Attacks

Deep Learning to Evaluate Secure RSA Implementations

Exercise Sheet Cryptography 1, 2011

Introduction to Cryptology. Lecture 20

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Intro to Physical Side Channel Attacks

Attacking DSA Under a Repeated Bits Assumption

Attacks on RSA & Using Asymmetric Crypto

Practice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017

Lecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004

Efficient Application of Countermeasures for Elliptic Curve Cryptography

Attacking unbalanced RSA-CRT using SPA. Our goal

Leak Resistant Arithmetic

RSA RSA public key cryptosystem

5199/IOC5063 Theory of Cryptology, 2014 Fall

FPGA IMPLEMENTATION FOR ELLIPTIC CURVE CRYPTOGRAPHY OVER BINARY EXTENSION FIELD

Resistance of Randomized Projective Coordinates Against Power Analysis

Lecture Notes, Week 6

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Start Simple and then Refine: Bias-Variance Decomposition as a Diagnosis Tool for Leakage Profiling

MASKING is the most widely deployed countermeasure

Public-Key Cryptosystems CHAPTER 4

Practical Fault Countermeasures for Chinese Remaindering Based RSA

Exam Security January 19, :30 11:30

Power Consumption Analysis. Arithmetic Level Countermeasures for ECC Coprocessor. Arithmetic Operators for Cryptography.

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

Recovering Private Keys Generated With Weak PRNGs

10 Concrete candidates for public key crypto

Breaking Plain ElGamal and Plain RSA Encryption

recover the secret key [14]. More recently, the resistance of smart-card implementations of the AES candidates against monitoring power consumption wa

Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems

Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security

ASYMMETRIC ENCRYPTION

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

one eciently recover the entire key? There is no known method for doing so. Furthermore, the common belief is that no such ecient algorithm exists. Th

Chapter 11 : Private-Key Encryption

Side Channel Analysis and Protection for McEliece Implementations

New attacks on RSA with Moduli N = p r q

Public Key Perturbation of Randomized RSA Implementations

Introduction to Public-Key Cryptosystems:

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents

Numbers. Çetin Kaya Koç Winter / 18

Reconstruction and Error Correction of RSA Secret Parameters from the MSB Side

Power Analysis to ECC Using Differential Power between Multiplication and Squaring

Multiple-Differential Side-Channel Collision Attacks on AES

CPSC 467b: Cryptography and Computer Security

Transcription:

Introduction Clavier et al s Paper This Paper Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations Aurélie Bauer Éliane Jaulmes Emmanuel Prouff Justine Wild ANSSI Session ID: CRYP-T18 Session Classification: Advanced Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 1 / 17

Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 2 / 17

Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 3 / 17

Introduction Clavier et al s Paper This Paper Side-Channel Analysis On RSA consumption time emanations exploited leak m = c d mod N Big Mac SPA DPA Horizontal CPA MIA Correlation Timing Attack Analysis Attacks Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 3 / 17

Introduction Clavier et al s Paper This Paper Side-Channel Analysis On RSA consumption time emanations exploited leak m = c d mod N Big Mac SPA DPA Horizontal CPA MIA Correlation Timing Attack Analysis Attacks Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 3 / 17

Introduction Clavier et al s Paper This Paper Side-Channel Analysis On RSA consumption time emanations exploited leak m = c d mod N Big Mac HCA Horizontal SPA DPA CPA TA MIA Vertical Attacks Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 3 / 17

Introduction Clavier et al s Paper This Paper A Unified Framework [This paper] Vertical Analysis Horizontal Analysis 1 st execution 2 nd period 1 st period N th period 2 nd execution N th execution several acquisitions traces treatment a single acquisition sub-traces treatment SPA, DPA, CPA, Big Mac, MIA, Template, Timing, HCA, Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 4 / 17

Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 R 0 = 1 m, d 3 = 1, k = 0, i = 2 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 R 0 = 1 m, d 3 = 1, k = 0, i = 2 R 0 = m m, d 2 = 0, k = 0, i = 1 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 R 0 = 1 m, d 3 = 1, k = 0, i = 2 R 0 = m m, d 2 = 0, k = 0, i = 1 R 0 = m 2 m 2, d 1 = 1, k = 1, i = 1 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

Introduction Clavier et al s Paper This Paper Exponentiation: c = m d mod N, secret d = (1,d l 2,,d 0 ) 2 Square & Multiply Atomic R 0 = 1, R 1 = m, i = l 1, k = 0 while i 0 do R 0 = R 0 R k k = k d i i = i k Return R 0 Example: d = 1011 R 0 = 1 1, d 3 = 1, k = 1, i = 3 R 0 = 1 m, d 3 = 1, k = 0, i = 2 R 0 = m m, d 2 = 0, k = 0, i = 1 R 0 = m 2 m 2, d 1 = 1, k = 1, i = 1 R 0 = m 4 m, d i = 1 R R R d i = 0 d i = 1 d i+1 = 1 d i+1 = 0 R M R R Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 5 / 17

Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 6 / 17

Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Horizontal Side-Channel Analysis [Clavier et al, Horizontal Correlation Analysis on Exponentiation, (ICICS 2010)] Square & Multiply Atomic Only multiplications: R R R or R R M (bit 1) 1 Multiplication Do we multiply by the message or not? Horizontal core idea: distinguish R R from R M with a single trace Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 6 / 17

Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Zoom on the Long Integer Multiplication R = (r t 1,,r 1,r 0 ) 2 ω X = (x t 1,,x 1,x 0 ) 2 ω Mult(R,X ) leak trace leak value time Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 7 / 17

Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Zoom on the Long Integer Multiplication R = (r t 1,,r 1,r 0 ) 2 ω X = (x t 1,,x 1,x 0 ) 2 ω Mult(R,X ) leak trace modeling leak value time Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 7 / 17

Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Zoom on the Long Integer Multiplication R = (r t 1,,r 1,r 0 ) 2 ω X = (x t 1,,x 1,x 0 ) 2 ω Mult(R,X ) leak trace modeling leak value time l(r 0 x 0 ) l(r 0 x 1 ) l(r 0 x t 1 ) l(r 1 x 0 ) l(r 1 x 1 ) l(r 1 x t 1 ) l(r t 1 x 0 ) l(r t 1 x 1 ) l(r t 1 x t 1 ) Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 7 / 17

Introduction Clavier et al s Paper This Paper Attack: Horizontal Correlation Analysis Horizontal Correlation Analysis M known Hypothesis: X = M Simulation l(r 0 x 0 ) l(r 0 x 1 ) l(r 0 x t 1 ) l(r 1 x 0 ) l(r 1 x 1 ) l(r 1 x t 1 ) l(r t 1 x 0 ) l(r t 1 x 1 ) l(r t 1 x t 1 ) Observation { X = M bit = 1 X M bit = 0 HW (r 0 m 0 ) HW (r 0 m 1 ) HW (r 0 m t 1 ) HW (r 1 m 0 ) HW (r 1 m 1 ) HW (r 1 m t 1 ) HW (r t 1 m 0 ) HW (r t 1 m 1 ) HW (r t 1 m t 1 ) ρ( l(r i x j ), HW (r i m j ) ) Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 8 / 17

Introduction Clavier et al s Paper This Paper s against Horizontal Attacks Actual s Analysis Single curve Exposant/Message randomisation ineffective Clavier et al s countermeasures Blind the r i x j Replace r i x j by (r i a 1 )(x j a 2 ) Blind the x j, permute the r i Replace r i x j by r α[i] (x j a 2 ) l( r 0 x 0 ) l( r 0 x t 1 ) l( r 1 x 0 ) l( r 1 x t 1 ) l( r t 1 x 0 ) l( r t 1 x t 1 ) Permute the r i and the x j Replace r i x j by r α[i] x β[j] Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 9 / 17

Introduction Clavier et al s Paper This Paper s against Horizontal Attacks Actual s Analysis Single curve Exposant/Message randomisation ineffective Clavier et al s countermeasures Blind the r i x j Replace r i x j by (r i a 1 )(x j a 2 ) Blind the x j, permute the r i Replace r i x j by s α[i] (x j a 2 ) l(r α[0] x 0 ) l(r α[0] x t 1 ) l(r α[1] x 0 ) l(r α[1] x t 1 ) l(r α[t 1] x 0 ) l(r α[t 1] x t 1 ) Permute the r i and the x j Replace r i x j by r α[i] x β[j] Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 9 / 17

Introduction Clavier et al s Paper This Paper s against Horizontal Attacks Actual s Analysis Single curve Exposant/Message randomisation ineffective Clavier et al s countermeasures Blind the r i x j Replace r i x j by (r i a 1 )(x j a 2 ) Blind the x j, permute the r i Replace r i x j by s α[i] (x j a 2 ) l(r α[0] x β[0] ) l(r α[0] x β[t 1] ) l(r α[1] x β[0] ) l(r α[1] x β[t 1] ) l(r α[t 1] x β[0] ) l(r α[t 1] x β[t 1] ) Permute the r i and the x j Replace r i x j by r α[i] x β[j] Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 9 / 17

Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 10 / 17

Introduction Clavier et al s Paper This Paper Attacks on Clavier et al s Attacks on the Clavier et al s countermeasures Blind the r i x j (Replace r i x j by (r i a 1 )(x j a 2 )) R = (r i a 1 ) i Mult( R X ) X = (x j a 2 ) j r 0 x 0 r 0 x 1 r 0 x t 1 r 1 x 0 r 1 x 1 r 1 x t 1 r t 1 x 0 r t 1 x 1 r t 1 x t 1 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 10 / 17

Introduction Clavier et al s Paper This Paper Attacks on Clavier et al s Attacks on the Clavier et al s countermeasures Blind the r i x j (Replace r i x j by (r i a 1 )(x j a 2 )) R = (r i a 1 ) i Mult( R X ) X = (x j a 2 ) j r 0 x 0 r 0 x 1 r 0 x t 1 R R R r 1 x 0 r 1 x 1 r 1 x t 1 r t 1 x 0 r t 1 x 1 r t 1 x t 1 Correlation between the r i x j and the r i m j When t increases, R = R Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 10 / 17

Introduction Clavier et al s Paper This Paper Attacks on Clavier et al s Attacks on the Clavier et al s countermeasures Blind the x j and permute the r i r α[0] x 0 r α[0] x t 1 r α[1] x 0 r α[1] x t 1 r α[t 1] x 0 r α[t 1] x t 1 Permute the r i and the x j r α[0] x β[0] r α[0] x β[t 1] r α[1] x β[0] r α[1] x β[t 1] r α[t 1] x β[0] r α[t 1] x β[t 1] Weakness: α and β are independent Exhaustive research on β t! possibilities Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 11 / 17

Introduction Clavier et al s Paper This Paper New against Horizontal Attacks New Permute simultaneously the r i and the x j Use a t 2 -size permutation in order to randomize simultaneously the r i and the x j Leak modelisation: l(r 1 x 2 ) l(r 1 x 0 ) l(r 2 x 0 ) l(r 0 x 2 ) l(r 2 x 2 ) l(r 1 x 1 ) l(r 2 x 1 ) l(r 0 x 1 ) l(r 0 x 0 ) Find the permutation: t 2! possibilities Third countermeasure of Clavier et al: t! possibilities Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 12 / 17

Introduction Clavier et al s Paper This Paper Simulation Results of Our Attacks Attack on Architecture 8 bits size of R and X in base 2 ω RSA 1024 SECURE INSECURE Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 13 / 17

Introduction Clavier et al s Paper This Paper Simulation Results of Our Attacks Architecture 8 bits Architecture 16 bits SECURE RSA 1024 RSA 2048 SECURE INSECURE INSECURE RSA 4096 SECURE INSECURE t: size of R and X in base 2 ω Works also on 16 and 32 bits When ω, security level Architecture 32 bits Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 14 / 17

Introduction Clavier et al s Paper This Paper 1 Introduction 2 Clavier et al s Paper Attack: Horizontal Correlation Analysis s against Horizontal Attacks 3 This Paper Attacks on Clavier et al s New against Horizontal Attacks Simulation Results of Our Attacks 4 Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 15 / 17

Introduction Clavier et al s Paper This Paper Several traces Side-Channel Analysis Methods One trace Vertical Horizontal s Exposant Blinding Message Blinding Regular Algorithm Clavier et al Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 15 / 17

Introduction Clavier et al s Paper This Paper Several traces Side-Channel Analysis Methods One trace Vertical Horizontal s Exposant Blinding Message Blinding Regular Algorithm Clavier et al New countermeasure Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 15 / 17

Introduction Clavier et al s Paper This Paper And more in our paper Framework: model both Horizontal and Vertical Attacks Attacks on Square and Multiply Always More Simulations: Attacks on variant Clavier et al first countermeasure Variant of our attack (no average) Test the robustness of our countermeasure Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 16 / 17

Introduction Clavier et al s Paper This Paper Thank you for your attention Questions? Aurélie Bauer, Éliane Jaulmes, Emmanuel Prouff, Justine Wild ANSSI Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations 17 / 17

Detecting a Timing Bias on RSA implementation of POLARSSL Timing Attack against protected RSA-CRT implementation used in PolarSSL Cyril Arnaud and Pierre-Alain Fouque Defense Ministry and Rennes 1 University February 26, 2013 C Arnaud and PA Fouque Timing Attack 1/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Overview 1 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL 114 3 State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 2/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Overview Introduction Finding a bias is the set of extra bit observable? 1 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL 114 3 State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 3/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL State of the Art Introduction Finding a bias is the set of extra bit observable? Related Work 1996 : Timing Attacks on Implementations of Diffie-Hellman,RSA, DSS, and Other Systems [Kocher] at CRYPTO 96 2000 : Timing attack on RSA-CRT [Schindler] at CHES 00 2003 : Remote timing attacks are practical [Brumley et Boneh] at Usenix 03 2005 : Improving Brumley and Boneh timing attack on unprotected SSL implementation [O Aciiçmez, et al] at CCS 05 Attacks s of OPENSSL avoided Exploit timing bias induced by RSA optimizations Old monocore processors C Arnaud and PA Fouque Timing Attack 4/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL State of the Art Introduction Finding a bias is the set of extra bit observable? Related Work 1996 : Timing Attacks on Implementations of Diffie-Hellman,RSA, DSS, and Other Systems [Kocher] at CRYPTO 96 2000 : Timing attack on RSA-CRT [Schindler] at CHES 00 2003 : Remote timing attacks are practical [Brumley et Boneh] at Usenix 03 2005 : Improving Brumley and Boneh timing attack on unprotected SSL implementation [O Aciiçmez, et al] at CCS 05 Attacks s of OPENSSL avoided Exploit timing bias induced by RSA optimizations Old monocore processors C Arnaud and PA Fouque Timing Attack 4/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Why using a Timing Attack? Introduction Finding a bias is the set of extra bit observable? Side-Channel Cryptanalysis Electromagnetic emanation and power consumption hard to apply on a computer Computation Time : cannot be detected allows to factor RSA modulus by measuring the time to decrypt possible on network Timing measurement : 2 instructions C Arnaud and PA Fouque Timing Attack 5/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Measurement of computation time Introduction Finding a bias is the set of extra bit observable? Time Stamp Counter (TSC) 64-bit counter that records cycle of the FSB bus Common to each CPU core Use of RDTSC instruction : do not use any privilege Performance Counter (PMC) Counter used in the CPU microarchitecture Allow to measure each tick of a core Reading using the RDMSR instruction : require privilege Require a specific kernel module C Arnaud and PA Fouque Timing Attack 6/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Target choice Introduction Finding a bias is the set of extra bit observable? RSA of POLARSSL 114 Opensource library developed in C Operational version (Adobe flash player, ) Use countermeasures suggested by Boneh and Brumley and Schindler (One subroutine for multiplication and a dummy substraction) RSA decryption in constant time Protected against timing attacks C Arnaud and PA Fouque Timing Attack 7/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Goals and Results Introduction Finding a bias is the set of extra bit observable? Goals Evaluate the countermeasure Mount an attack Determining efficient countermeasures Work on recent processors (Intel Core 2 Duo and Core i7) Results Detection of an unknown bias Attack verified on a chosen ciphertext attack for RSA 512, 1024 and 2048 bits Propose two countermeasures avoiding this attack C Arnaud and PA Fouque Timing Attack 8/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Goals and Results Introduction Finding a bias is the set of extra bit observable? Goals Evaluate the countermeasure Mount an attack Determining efficient countermeasures Work on recent processors (Intel Core 2 Duo and Core i7) Results Detection of an unknown bias Attack verified on a chosen ciphertext attack for RSA 512, 1024 and 2048 bits Propose two countermeasures avoiding this attack C Arnaud and PA Fouque Timing Attack 8/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL RSA Implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? RSA Decryption To decrypt c (Z/nZ) : modular exponentiation using the private exponent : m = c d mod n RSA decryption optimizations of POLARSSL Chinese Remainder Theorem using Garner recombination Montgomery Multiplication using one countermeasure Modular Exponentiation using the sliding window method C Arnaud and PA Fouque Timing Attack 9/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? Multiprecision Montgomery Modular Multiplication Number representations A = i=s 1 i=0 a i r i, size of words is denoted by w s represents the number of required words of size w r = 2 w R = r s w w-bit multiplication to multiply a word with a large integer C Arnaud and PA Fouque Timing Attack 10/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Schindler s observation Introduction Finding a bias is the set of extra bit observable? Extra reduction - Time variance in MULTIMONTMUL Montgomery representation Ā = AR mod P Suppose B is uniformly distributed in Z P P (extra-reduction in MULTIMONTMUL( X,B,P)) = X mod P 2R P (extra-reduction in MULTIMONTMUL(B,B,P)) = P 3R C Arnaud and PA Fouque Timing Attack 11/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? PolarSSL s Multiprecision Montgomery multiplication Ṛunning times to execute the branch condition is identical for all inputs Dummy subtraction used in MULTIMONTMUL(A, B, P) makes the time to perform the multiplication independent on the A and B C Arnaud and PA Fouque Timing Attack 12/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Extra bit Introduction Finding a bias is the set of extra bit observable? The condition of MULTIMONTMUL is ABR 1 Z < P + ABR 1 We suppose that R <P< R (key lengths multiple of world size) 2 Then Z < 2R Hence, if Z > R then z s = 1, this bit is called extra bit Extra bit in source code in the s th loop of MULTIMONTMUL, if Z > R then the extra bit is set by a carry propagation up to the top most significant word of Z is extra bit imply a timing variance? C Arnaud and PA Fouque Timing Attack 13/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? An attacker can observe a timing difference Methodology We generate : We sort : Random numbers A, B with known size, converted in Montgomery representation a prime number Q where R 2 < Q < R the time in CPU s clock ticks to perform MULTIMONTMUL(A, B, Q) according to the size numbers if an extra bit, an extra-reduction without extra bit or neither of them is carried out C Arnaud and PA Fouque Timing Attack 14/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Results Introduction Finding a bias is the set of extra bit observable? Z<Q R<Z Q<Z<R Z<Q R<Z Q<Z<R Time in CPU cycles 1990 1980 1970 1960 1950 1940 1930 1920 1910 1900 Time in CPU cycles 4900 4880 4860 4840 4820 4800 4780 4760 4740 504 505 506 507 508 509 510 511 512 504 505 506 507 508 509 510 511 512 A size B size 1016 101710181019 1020 10211022102310241016 1017 1018 1019 1020 1021 1022 1023 1024 A size B size FIGURE: Q = 512 FIGURE: Q = 1024 A timing difference is observable when Z > R Extra-reduction (Q Z < R) : masked by dummy subtraction Bias is proportional to the bitsize of Q C Arnaud and PA Fouque Timing Attack 15/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? Results of timing attacks against POLARSSL Kocher Attack (1996) ḍoes not apply to RSA-CRT Schindler s Attack (2000) ẉorks only with the square-&-multiply algorithm Schindler s Attack (2005) ḍoes not work due to the window in the sliding windows exponentiation Brumley-Boneh Attacks (2003) can work C Arnaud and PA Fouque Timing Attack 16/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Overview Cryptographic Analysis Statistical Tools Results against PolarSSL 114 1 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL 114 3 State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 17/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Probability of an extra bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 ṀULTIMONTMUL(A,B,P), 0 A,B < P The probability of an extra bit is not null iff P > Probability of an extra bit B is uniformly distributed and C is a fixed value : For P > 5 1 2 R P MULTIMONTMUL(B,B,P) = P + 2(R P) (R P)R (R P) 3R 3P 2 R P C = P MULTIMONTMUL(C,B,P) = C 2R + (R P)2 R 2CP 2 5 1 2 R and X,Y (R P) R ( ) (R P)R,P, if X > Y then P P X > P Y C Arnaud and PA Fouque Timing Attack 18/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Attack Characteristics Allows to recover the p most significant bits of p or q 2 Search each bit gradually using an approximation of p or q Use Coppersmith algorithm to complete the attack Recovering a 1024 key size with RDMSR instruction in inter-process Around ten minutes 215200 queries C Arnaud and PA Fouque Timing Attack 19/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Attack Characteristics Allows to recover the p most significant bits of p or q 2 Search each bit gradually using an approximation of p or q Use Coppersmith algorithm to complete the attack Recovering a 1024 key size with RDMSR instruction in inter-process Around ten minutes 215200 queries C Arnaud and PA Fouque Timing Attack 19/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 p k = 0 Decryption time p k = 1 Decryption time c q c p 1 c 2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 20/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 p k = 0 Decryption time p k = 1 Decryption time c q c p 1 c 2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 20/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 p k = 0 Decryption time p k = 1 Decryption time c q c p 1 c 2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 20/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 p k = 0 Decryption time p k = 1 Decryption time c q c p 1 c 2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 20/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Searching the p k bit Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Assume the adversary knows the k most significant bits of p He can generate the integers c 1 and c 2 : c 1 = (p 0,p 1,,p k 1,0,0,,0) 2 Decryption time c 2 = (p 0,p 1,,p k 1,1,0,,0) 2 Decryption time c q c p 1 c 2 Ṭwo timing samples for values close to c 1 + ε 1 and c 2 + ε 2 : ζ c1 and ζ c2 c q c c p 1 2 C Arnaud and PA Fouque Timing Attack 21/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Cryptographic Analysis Statistical Tools Results against PolarSSL 114 How can we quantify the difference between the two samples ζ c1 and ζ c2? C Arnaud and PA Fouque Timing Attack 22/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Cryptographic Analysis Statistical Tools Results against PolarSSL 114 How can we check that the measure of the two samples ζ c1 and ζ c2 is correct? C Arnaud and PA Fouque Timing Attack 22/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Statistical Tests Cryptographic Analysis Statistical Tools Results against PolarSSL 114 T-test Allow to compare the means of two samples generated by 2 populations with equal variance If t observed > t threshold, p k = 0 otherwise p k = 1 Fisher-Snedecor Test Allows to compare the variances of two samples generated from 2 populations If F observed > F threshold : replay otherwise the value of t observed allows to determine p k In practice Ṣearch the intervalle I or F observed is maximal then compute t-test on I C Arnaud and PA Fouque Timing Attack 23/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Same process Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Modulus size #query/bit ratio of replay # query 512 bits 600 2% 78600 1024 bits 800 18% 241600 2048 bits 1000 50% 768000 TABLE: RDTSC instruction Modulus size #query/bit ratio of replay # query 512 bits 600 2% 78600 1024 bits 800 10% 225600 2048 bits 1000 15% 589000 TABLE: RDMSR instruction C Arnaud and PA Fouque Timing Attack 24/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Inter-process via TCP IP Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Modulus size #query/bit ratio of replay # query 512 bits 1000 2% 131000 1024 bits 1100 21% 341000 2048 bits 1200 55% 952800 TABLE: RDTSC instruction Modulus size #query/bit ratio of replay # query 512 bits 1000 0% 128000 1024 bits 1100 5% 295900 2048 bits 1200 10% 675600 TABLE: RDMSR instruction C Arnaud and PA Fouque Timing Attack 25/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Amplifying the bias by repetiting Cryptographic Analysis Statistical Tools Results against PolarSSL 114 Ṭhe bias in our case is very small and is consequently hard to detect Sliding Exponentiation PolarSSL uses a CLNW (Constant Length Non-Zero Window) method whereas OpenSSL uses a VLNW method (Variable) Precomputation phase As in the CCS 05 paper, we use the precomputation phase many multiplications are used with the same value c 1 or c 2 to compute the precomputation table 31 multiplications with the same value if the window length is 5 C Arnaud and PA Fouque Timing Attack 26/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Distribution of modulus Cryptographic Analysis Statistical Tools Results against PolarSSL 114 We generated randomly keys with PolarSSL s key generation routine (p > q) ]05R; 5 1 R] ] 5 1 R, 07R] ]07R; 08R] ]08R; R] 2 2 Distribution of p size 0% 0011% 1333% 8666% Distribution of q size 1878% 2446% 3132% 2544% TABLE: Distribution of modulus Our attack is always feasible in practice C Arnaud and PA Fouque Timing Attack 27/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Overview State of the Art Alternatives to blinding 1 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL 114 3 State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 28/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL OPENSSL State of the Art Alternatives to blinding Blinding Use a random before each decryption Efficient for all parameter size Slow down performance by a factor between 10 to 25% C Arnaud and PA Fouque Timing Attack 29/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Cancelling out extra bit State of the Art Alternatives to blinding Use particular modulus size ịf Q = kw, extra-bit is cancelling out Modify PolarSSL s key generation routine Generate keys where prime factors are less than 5 1 2 R C Arnaud and PA Fouque Timing Attack 30/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL Overview 1 Detecting a Timing Bias on RSA implementation of POLARSSL Introduction Finding a bias is the set of extra bit observable? 2 Cryptographic Analysis Statistical Tools Results against PolarSSL 114 3 State of the Art Alternatives to blinding 4 C Arnaud and PA Fouque Timing Attack 31/ 32

Detecting a Timing Bias on RSA implementation of POLARSSL s Constant time cryptographic implementations are hard to achieve Known attacks exploit the bias of the extra-reduction due to an extra bit Our contributions Practical Timing Attack against a protected implementation Use statistical tests to reduce the number of chosen ciphertexts Introduce a new bias Propose 2 countermeasures for specific key sizes C Arnaud and PA Fouque Timing Attack 32/ 32

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback