nach oben

Journal of Cryptographic Engineering

Erschienen in:

09.05.2017 | Special Section on Proofs 2016

Formal fault analysis of branch predictors: attacking countermeasures of asymmetric key ciphers

verfasst von: Sarani Bhattacharya, Debdeep Mukhopadhyay

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 4/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Implementations of asymmetric key algorithm have been threatened via timing side channels due to the behavior of the underlying branch predictors. However, the effect of faults on such predictors and the consequences thereof on the security of crypto-algorithms have not been studied. Motivated by the fact that unknown branch predictors of standard processors bear a strong correlation with 2-bit dynamic predictors, this paper develops a formal analysis of such a bimodal predictor under the effect of faults. Assuming a popular bit-flip fault model, the analysis shows that differences of branch misses under the effect of such faults can be exploited to attack implementations of RSA-like asymmetric key algorithms, based on square and multiplication operations. Furthermore, these attacks can be also threatening against Montgomery ladder of CRT-RSA (RSA implemented using Chinese Remainder Theorem) and even against fault attack countermeasures which stop or randomize the output in case of a fault. The theoretical claims have been substantiated by detailed fault simulations, where the difference of branch misses has been observed using the “perf” tool in Linux.

Vorheriger Artikel Introduction to the PROOFS 2016 special section

Nächster Artikel A study on analyzing side-channel resistant encoding schemes with respect to fault attacks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

We explain the upper bound of 3 at the end of this section. The lower bound can be similarly established.

Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. IACR Cryptol. ePr. Arch. 2006, 351 (2006)

Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: Predicting secret keys via branch prediction. In: Abe, M. (ed.) CT-RSA, Volume 4377 of Lecture Notes in Computer Science, pp. 225–242. Springer, Berlin (2007)

Aciiçmez, O., Gueron, S., Seifert, J-P.: New branch prediction vulnerabilities in openssl and necessary software countermeasures. In: Cryptography and Coding, 11th IMA International Conference 2007, Proceedings, pp. 185–203. (2007)

AVR Freaks. Instruction skipping after spurious interrupt. http://www.avrfreaks.net/forum/solved-instruction-skipping-after-spurious-interrupt (2015)

Bhattacharya, S., Mukhopadhyay, D.: Curious case of rowhammer: flipping secret exponent bits using timing analysis. In: Gierlichs, B., Poschmann, A. (eds.) Cryptographic hardware and embedded systems – CHES 2016. CHES 2016. Lecture notes in Computer Science, vol. 9813, pp. 602–624. Springer, Berlin, Heidelberg (2016)

Bhattacharya, S., Mukhopadhyay, D.: Who watches the watchmen?: utilizing performance monitors for compromising keys of RSA on Intel platforms. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2015. CHES 2015. Lecture Notes in Computer Science, vol. 9293, pp. 248–266. Springer, Berlin, Heidelberg (2015)

Bhattacharya, S., Rebeiro, C., Mukhopadhyay, D.: Hardware prefetchers leak: a revisit of svf for cache-timing attacks. In: MICRO Workshops, pp. 17–23. IEEE Computer Society (2012)

Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (eds.) Advances in Cryptology – EUROCRYPT ’97. EUROCRYPT 1997. Lecture notes in Computer Science, vol. 1233, pp. 37–51. Springer, Berlin, Heidelberg (1997)

Fog, A.: The microarchitecture of Intel, AMD and VIA CPUs/An optimization guide for assembly programmers and compiler makers (2012)

10.

Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski, B.S., Koç, Ç.K., Paar, C. (eds.) CHES, Volume 2523 of Lecture Notes in Computer Science, pp. 291–302. Springer, Berlin (2002)

11.

Kim, C.H., Quisquater, J-J.: Fault attacks for CRT based RSA: new attacks, new results, and new countermeasures. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, JJ. (eds.) Information security theory and practices. Smart cards, mobile and ubiquitous computing systems. WISTP 2007. Lecture notes in Computer Science, vol. 4462, pp. 215–228. Springer, Berlin, Heidelberg (2007)

12.

Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J-H., Lee, D., Wilkerson, C., Lai, K., Mutlu, O.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, 14–18 June 2014, pp. 361–372. IEEE Computer Society, Minneapolis (2014)

13.

Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: CRYPTO ’96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, pp. 104–113. Springer, London (1996)

14.

Maitra, S., Sarkar, S.: On deterministic polynomial-time equivalence of computing the CRT-RSA secret keys and factoring. IACR Cryptol. ePr. Arch. 2009, 62 (2009)

15.

mp-fpga. Performance counter for microblaze. http://mp-fpga.blogspot.in/2007/10/performance-counter-for-microblaze.html (2007)

16.

Patranabis, S., Chakraborty, A., Mukhopadhyay, D.: Fault tolerant infective countermeasure for AES. In: Security, Privacy, and Applied Cryptography Engineering–5th International Conference, SPACE 2015, Jaipur, India, October 3–7, 2015, pp. 190–209 (2015)

17.

Rebeiro, C., Mukhopadhyay, D.: A formal analysis of prefetching in profiled cache-timing attacks on block ciphers. IACR Cryptol. ePr. Arch. 2015, 1191 (2015)

18.

Seaborn, M., Dullien, T.: Exploiting the DRAM rowhammer bug to gain kernel privileges. http://googleprojectzero.blogspot.in/2015/03/exploiting-dram-rowhammer-bug-to-gain.html (2015)

19.

Seaborn, M., Dullien, T.: Test DRAM for bit flips caused by the rowhammer problem. https://github.com/google/rowhammer-test,2015 (2015)

20.

Weaver, V.M., University of Maine.: Linux perf_event features and overhead. In: 2013 FastPath Workshop (2013)

21.

Wikipedia. Rowhammer wikipedia page. https://en.wikipedia.org/wiki/Row-hammer (2016)

Titel: Formal fault analysis of branch predictors: attacking countermeasures of asymmetric key ciphers
verfasst von: Sarani Bhattacharya
Debdeep Mukhopadhyay
Publikationsdatum: 09.05.2017
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 4/2017
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-017-0165-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2017

Efficient implementation of generalized Maiorana–McFarland class of cryptographic functions

Introduction to the PROOFS 2016 special section

Generic power attacks on RSA with CRT and exponent blinding: new results

Template attack versus Bayes classifier

Using modular extension to provably protect Edwards curves against fault attacks

A study on analyzing side-channel resistant encoding schemes with respect to fault attacks