Skip to main content
Top

2020 | OriginalPaper | Chapter

RiCaSi: Rigorous Cache Side Channel Mitigation via Selective Circuit Compilation

Authors : Heiko Mantel, Lukas Scheidel, Thomas Schneider, Alexandra Weber, Christian Weinert, Tim Weißmantel

Published in: Cryptology and Network Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Cache side channels constitute a persistent threat to crypto implementations. In particular, block ciphers are prone to attacks when implemented with a simple lookup-table approach. Implementing crypto as software evaluations of circuits avoids this threat but is very costly.
We propose an approach that combines program analysis and circuit compilation to support the selective hardening of regular C implementations against cache side channels. We implement this approach in our toolchain RiCaSi. RiCaSi avoids unnecessary complexity and overhead if it can derive sufficiently strong security guarantees for the original implementation. If necessary, RiCaSi produces a circuit-based, hardened implementation. For this, it leverages established circuit-compilation technology from the area of secure computation. A final program analysis step ensures that the hardening is, indeed, effective.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
1.
go back to reference Abel, A., Reineke, J.: nanoBench: a low-overhead tool for running microbenchmarks on x86 systems. CoRR abs/1911.03282 (2019) Abel, A., Reineke, J.: nanoBench: a low-overhead tool for running microbenchmarks on x86 systems. CoRR abs/1911.03282 (2019)
2.
go back to reference Aciiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: ICICS (2006) Aciiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: ICICS (2006)
3.
go back to reference Advanced Micro Devices: software optimization guide for AMD family 17h models 30h and greater processors. Publication number: 56305, Revision: 3.02 (2020) Advanced Micro Devices: software optimization guide for AMD family 17h models 30h and greater processors. Publication number: 56305, Revision: 3.02 (2020)
4.
go back to reference Aoki, K., et al.: Specification of Camellia - a 128-bit block cipher, version 2.0 (2001) Aoki, K., et al.: Specification of Camellia - a 128-bit block cipher, version 2.0 (2001)
5.
go back to reference Apecechea, G.I., Eisenbarth, T., Sunar, B.: S\$a: a shared cache attack that works across cores and defies VM sandboxing - and its application to AES. In: S & P (2015) Apecechea, G.I., Eisenbarth, T., Sunar, B.: S\$a: a shared cache attack that works across cores and defies VM sandboxing - and its application to AES. In: S & P (2015)
6.
go back to reference Apecechea, G.I., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-vm attack on AES. In: RAID (2014) Apecechea, G.I., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-vm attack on AES. In: RAID (2014)
8.
go back to reference Barthe, G., Rezk, T., Warnier, M.: Preventing timing leaks through transactional branching instructions. In: QAPL (2006) Barthe, G., Rezk, T., Warnier, M.: Preventing timing leaks through transactional branching instructions. In: QAPL (2006)
9.
go back to reference Belaïd, S., Dagand, P., Mercadier, D., Rivain, M., Wintersdorff, R.: Tornado: automatic generation of probing-secure masked bitsliced implementations. In: EUROCRYPT (2020) Belaïd, S., Dagand, P., Mercadier, D., Rivain, M., Wintersdorff, R.: Tornado: automatic generation of probing-secure masked bitsliced implementations. In: EUROCRYPT (2020)
10.
go back to reference Belaïd, S., Goudarzi, D., Rivain, M.: Tight private circuits: achieving probing security with the least refreshing. In: ASIACRYPT (2018) Belaïd, S., Goudarzi, D., Rivain, M.: Tight private circuits: achieving probing security with the least refreshing. In: ASIACRYPT (2018)
11.
go back to reference Bernstein, D.J.: Cache-timing attacks on AES. University of Illinois at Chicago, Technical report (2005) Bernstein, D.J.: Cache-timing attacks on AES. University of Illinois at Chicago, Technical report (2005)
12.
go back to reference Biham, E.: A fast new DES implementation in software. In: FSE (1997) Biham, E.: A fast new DES implementation in software. In: FSE (1997)
13.
go back to reference Bindel, N., Buchmann, J.A., Krämer, J., Mantel, H., Schickel, J., Weber, A.: Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics. In: FPS (2017) Bindel, N., Buchmann, J.A., Krämer, J., Mantel, H., Schickel, J., Weber, A.: Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics. In: FPS (2017)
14.
go back to reference Brotzman, R., Liu, S., Zhang, D., Tan, G., Kandemir, M.T.: Casym: cache aware symbolic execution for side channel detection and mitigation. In: S&P (2019) Brotzman, R., Liu, S., Zhang, D., Tan, G., Kandemir, M.T.: Casym: cache aware symbolic execution for side channel detection and mitigation. In: S&P (2019)
15.
go back to reference Büscher, N., Demmler, D., Katzenbeisser, S., Kretzmer, D., Schneider, T.: HyCC: compilation of hybrid protocols for practical secure computation. In: CCS (2018) Büscher, N., Demmler, D., Katzenbeisser, S., Kretzmer, D., Schneider, T.: HyCC: compilation of hybrid protocols for practical secure computation. In: CCS (2018)
16.
go back to reference Chothia, T., Kawamoto, Y., Novakovic, C.: A tool for estimating information leakage. In: CAV (2013) Chothia, T., Kawamoto, Y., Novakovic, C.: A tool for estimating information leakage. In: CAV (2013)
17.
go back to reference Clarke, E.M., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: TACAS (2004) Clarke, E.M., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: TACAS (2004)
18.
go back to reference Costan, V., Devadas, S.: Intel SGX explained. ePrint 2016/86 (2016) Costan, V., Devadas, S.: Intel SGX explained. ePrint 2016/86 (2016)
19.
go back to reference Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977) Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977)
20.
go back to reference Daemen, J., Rijmen, V.: AES submission document on Rijndael. Version 2 (1999) Daemen, J., Rijmen, V.: AES submission document on Rijndael. Version 2 (1999)
21.
go back to reference Demmler, D., Dessouky, G., Koushanfar, F., Sadeghi, A., Schneider, T., Zeitouni, S.: Automated synthesis of optimized circuits for secure computation. In: CCS (2015) Demmler, D., Dessouky, G., Koushanfar, F., Sadeghi, A., Schneider, T., Zeitouni, S.: Automated synthesis of optimized circuits for secure computation. In: CCS (2015)
22.
go back to reference Demmler, D., Schneider, T., Zohner, M.: ABY - a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015) Demmler, D., Schneider, T., Zohner, M.: ABY - a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015)
23.
go back to reference Dewald, F., Mantel, H., Weber, A.: AVR processors as a platform for language-based security. In: ESORICS (2017) Dewald, F., Mantel, H., Weber, A.: AVR processors as a platform for language-based security. In: ESORICS (2017)
24.
go back to reference Doychev, G., Köpf, B.: Rigorous analysis of software countermeasures against cache attacks. In: PLDI (2017) Doychev, G., Köpf, B.: Rigorous analysis of software countermeasures against cache attacks. In: PLDI (2017)
25.
go back to reference Doychev, G., Köpf, B., Mauborgne, L., Reineke, J.: Cacheaudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18(1) (2015) Doychev, G., Köpf, B., Mauborgne, L., Reineke, J.: Cacheaudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18(1) (2015)
26.
go back to reference Felsen, S., Kiss, Á., Schneider, T., Weinert, C.: Secure and private function evaluation with Intel SGX. In: CCSW (2019) Felsen, S., Kiss, Á., Schneider, T., Weinert, C.: Secure and private function evaluation with Intel SGX. In: CCSW (2019)
27.
go back to reference Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (2009) Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (2009)
28.
go back to reference Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987) Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987)
30.
go back to reference Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: CRYPTO (2008) Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: CRYPTO (2008)
31.
go back to reference Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: S&P (2011) Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: S&P (2011)
32.
go back to reference Holzer, A., Franz, M., Katzenbeisser, S., Veith, H.: Secure two-party computations in ANSI C. In: CCS (2012) Holzer, A., Franz, M., Katzenbeisser, S., Veith, H.: Secure two-party computations in ANSI C. In: CCS (2012)
33.
go back to reference Corporation, Intel: Intel® 64 and IA-32 architectures optimization reference manual. Order Number 248966–032 (2016) Corporation, Intel: Intel® 64 and IA-32 architectures optimization reference manual. Order Number 248966–032 (2016)
34.
go back to reference Järvinen, K., Kolesnikov, V., Sadeghi, A., Schneider, T.: Garbled circuits for leakage-resilience: hardware implementation and evaluation of one-time programs. In: CHES (2010) Järvinen, K., Kolesnikov, V., Sadeghi, A., Schneider, T.: Garbled circuits for leakage-resilience: hardware implementation and evaluation of one-time programs. In: CHES (2010)
35.
go back to reference Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: CHES (2009) Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: CHES (2009)
36.
go back to reference Kim, T., Peinado, M., Mainar-Ruiz, G.: STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In: USENIX Security (2012) Kim, T., Peinado, M., Mainar-Ruiz, G.: STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In: USENIX Security (2012)
37.
go back to reference Köpf, B., Mantel, H.: Transformational typing and unification for automatically correcting insecure programs. IJIS 6(2–3) (2007) Köpf, B., Mantel, H.: Transformational typing and unification for automatically correcting insecure programs. IJIS 6(2–3) (2007)
38.
go back to reference Köpf, B., Mauborgne, L., Ochoa, M.: Automatic quantification of cache side-channels. In: CAV (2012) Köpf, B., Mauborgne, L., Ochoa, M.: Automatic quantification of cache side-channels. In: CAV (2012)
39.
go back to reference Köpf, B., Smith, G.: Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: CSF (2010) Köpf, B., Smith, G.: Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: CSF (2010)
40.
go back to reference Kreuter, B., Shelat, A., Mood, B., Butler, K.R.B.: PCF: a portable circuit format for scalable two-party secure computation. In: USENIX Security (2013) Kreuter, B., Shelat, A., Mood, B., Butler, K.R.B.: PCF: a portable circuit format for scalable two-party secure computation. In: USENIX Security (2013)
42.
go back to reference Malacaria, P., Khouzani, M., Pasareanu, C.S., Phan, Q., Luckow, K.S.: Symbolic side-channel analysis for probabilistic programs. In: CSF (2018) Malacaria, P., Khouzani, M., Pasareanu, C.S., Phan, Q., Luckow, K.S.: Symbolic side-channel analysis for probabilistic programs. In: CSF (2018)
43.
go back to reference Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: USENIX Security (2004) Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: USENIX Security (2004)
44.
go back to reference Mantel, H., Schickel, J., Weber, A., Weber, F.: How secure is green it? the case of software-based energy side channels. In: ESORICS (2018) Mantel, H., Schickel, J., Weber, A., Weber, F.: How secure is green it? the case of software-based energy side channels. In: ESORICS (2018)
45.
go back to reference Mantel, H., Starostin, A.: Transforming out timing leaks, more or less. In: ESORICS (2015) Mantel, H., Starostin, A.: Transforming out timing leaks, more or less. In: ESORICS (2015)
46.
go back to reference Mantel, H., Weber, A., Köpf, B.: A systematic study of cache side channels across AES implementations. In: ESSoS (2017) Mantel, H., Weber, A., Köpf, B.: A systematic study of cache side channels across AES implementations. In: ESSoS (2017)
47.
go back to reference Matsui, M., Nakajima, J.: On the power of bitslice implementation on Intel Core2 processor. In: CHES (2007) Matsui, M., Nakajima, J.: On the power of bitslice implementation on Intel Core2 processor. In: CHES (2007)
48.
go back to reference Mercadier, D., Dagand, P.: Usuba: high-throughput and constant-time ciphers, by construction. In: PLDI, pp. 157–173 (2019) Mercadier, D., Dagand, P.: Usuba: high-throughput and constant-time ciphers, by construction. In: PLDI, pp. 157–173 (2019)
50.
go back to reference Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The program counter security model: automatic detection and removal of control-flow side channel attacks. In: ICISC (2006) Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The program counter security model: automatic detection and removal of control-flow side channel attacks. In: ICISC (2006)
51.
go back to reference Nane, R., et al.: A survey and evaluation of FPGA high-level synthesis tools. IEEE Trans. CAD Integrat. Circ. Syst. 35(10), 1591–1604 (2016) Nane, R., et al.: A survey and evaluation of FPGA high-level synthesis tools. IEEE Trans. CAD Integrat. Circ. Syst. 35(10), 1591–1604 (2016)
52.
go back to reference National Institute of Standards and Technology: FIPS PUB 46–3: Data encryption standard (DES) (1999) National Institute of Standards and Technology: FIPS PUB 46–3: Data encryption standard (DES) (1999)
53.
go back to reference National Institute of Standards and Technology: FIPS PUB 197: Advanced encryption standard (AES) (2001) National Institute of Standards and Technology: FIPS PUB 197: Advanced encryption standard (AES) (2001)
57.
go back to reference Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: CT-RSA (2006) Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: CT-RSA (2006)
58.
go back to reference Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. ePrint 2002/169 (2002) Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. ePrint 2002/169 (2002)
59.
go back to reference Poddar, R., Datta, A., Rebeiro, C.: A cache trace attack on Camellia. In: InfoSecHiComNet (2011) Poddar, R., Datta, A., Rebeiro, C.: A cache trace attack on Camellia. In: InfoSecHiComNet (2011)
60.
go back to reference Smith, G.: On the foundations of quantitative information flow. In: FoSSaCS (2009) Smith, G.: On the foundations of quantitative information flow. In: FoSSaCS (2009)
61.
go back to reference Songhori, E.M., Hussain, S.U., Sadeghi, A., Schneider, T., Koushanfar, F.: Tinygarble: highly compressed and scalable sequential garbled circuits. In: S&P (2015) Songhori, E.M., Hussain, S.U., Sadeghi, A., Schneider, T., Koushanfar, F.: Tinygarble: highly compressed and scalable sequential garbled circuits. In: S&P (2015)
63.
go back to reference Testa, E., Soeken, M., Amarù, L.G., Micheli, G.D.: Reducing the multiplicative complexity in logic networks for cryptography and security applications. In: DAC (2019) Testa, E., Soeken, M., Amarù, L.G., Micheli, G.D.: Reducing the multiplicative complexity in logic networks for cryptography and security applications. In: DAC (2019)
64.
go back to reference Testa, E., Soeken, M., Riener, H., Amaru, L., Micheli, G.D.: A logic synthesis toolbox for reducing the multiplicative complexity in logic networks. In: DATE (2020) Testa, E., Soeken, M., Riener, H., Amaru, L., Micheli, G.D.: A logic synthesis toolbox for reducing the multiplicative complexity in logic networks. In: DATE (2020)
67.
go back to reference Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: CHES (2003) Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: CHES (2003)
68.
go back to reference Wang, S., Wang, P., Liu, X., Zhang, D., Wu, D.: Cached: identifying cache-based timing channels in production software. In: USENIX Security (2017) Wang, S., Wang, P., Liu, X., Zhang, D., Wu, D.: Cached: identifying cache-based timing channels in production software. In: USENIX Security (2017)
69.
go back to reference Weiser, S., Spreitzer, R., Bodner, L.: Single trace attack against RSA key generation in Intel SGX SSL. In: ASIACCS (2018) Weiser, S., Spreitzer, R., Bodner, L.: Single trace attack against RSA key generation in Intel SGX SSL. In: ASIACCS (2018)
70.
go back to reference Weiser, S., Zankl, A., Spreitzer, R., Miller, K., Mangard, S., Sigl, G.: DATA - differential address trace analysis: Finding address-based side-channels in binaries. In: USENIX Security (2018) Weiser, S., Zankl, A., Spreitzer, R., Miller, K., Mangard, S., Sigl, G.: DATA - differential address trace analysis: Finding address-based side-channels in binaries. In: USENIX Security (2018)
71.
go back to reference Yao, A.C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986) Yao, A.C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)
72.
go back to reference Zahur, S., Evans, D.: Obliv-C: a language for extensible data-oblivious computation. ePrint 2015/1153 (2015) Zahur, S., Evans, D.: Obliv-C: a language for extensible data-oblivious computation. ePrint 2015/1153 (2015)
73.
go back to reference Zhao, X., Wang, T., Zheng, Y.: Cache timing attacks on Camellia block cipher. ePrint 2009/354 (2009) Zhao, X., Wang, T., Zheng, Y.: Cache timing attacks on Camellia block cipher. ePrint 2009/354 (2009)
Metadata
Title
RiCaSi: Rigorous Cache Side Channel Mitigation via Selective Circuit Compilation
Authors
Heiko Mantel
Lukas Scheidel
Thomas Schneider
Alexandra Weber
Christian Weinert
Tim Weißmantel
Copyright Year
2020
DOI
https://doi.org/10.1007/978-3-030-65411-5_25

Premium Partner