research-article

System-level Non-interference for Constant-time Cryptography

Authors:
Gilles Barthe

IMDEA Software Institute, Madrid, Spain

IMDEA Software Institute, Madrid, Spain
View Profile

,
Gustavo Betarte

Universidad de la República, Montevideo, Uruguay

Universidad de la República, Montevideo, Uruguay
View Profile

,
Juan Campo

Universidad de la República, Montevideo, Uruguay

Universidad de la República, Montevideo, Uruguay
View Profile

,
Carlos Luna

Universidad de la República, Montevideo, Uruguay

Universidad de la República, Montevideo, Uruguay
View Profile

,
David Pichardie

ENS Rennes/IRISA/INRIA, Rennes, France

ENS Rennes/IRISA/INRIA, Rennes, France
View Profile

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2014Pages 1267–1279https://doi.org/10.1145/2660267.2660283

Published:03 November 2014Publication History

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 1267–1279

ABSTRACT

Cache-based attacks are a class of side-channel attacks that are particularly effective in virtualized or cloud-based environments, where they have been used to recover secret keys from cryptographic implementations. One common approach to thwart cache-based attacks is to use constant-time implementations, i.e., which do not branch on secrets and do not perform memory accesses that depend on secrets. However, there is no rigorous proof that constant-time implementations are protected against concurrent cache-attacks in virtualization platforms with shared cache; moreover, many prominent implementations are not constant-time. An alternative approach is to rely on system-level mechanisms. One recent such mechanism is stealth memory, which provisions a small amount of private cache for programs to carry potentially leaking computations securely. Stealth memory induces a weak form of constant-time, called S-constant-time, which encompasses some widely used cryptographic implementations. However, there is no rigorous analysis of stealth memory and S-constant-time, and no tool support for checking if applications are S-constant-time.

We propose a new information-flow analysis that checks if an x86 application executes in constant-time, or in S-constant-time. Moreover, we prove that constant-time (resp. S-constant-time) programs do not leak confidential information through the cache to other operating systems executing concurrently on virtualization platforms (resp. platforms supporting stealth memory). The soundness proofs are based on new theorems of independent interest, including isolation theorems for virtualization platforms (resp. platforms supporting stealth memory), and proofs that constant-time implementations (resp. S-constant-time implementations) are non-interfering with respect to a strict information flow policy which disallows that control flow and memory accesses depend on secrets. We formalize our results using the Coq proof assistant and we demonstrate the effectiveness of our analyses on cryptographic implementations, including PolarSSL AES, DES and RC4, SHA256 and Salsa20.

References

O. Aciiçmez and W. Schindler. A vulnerability in rsa implementations due to instruction cache analysis and its demonstration on openssl. In CT-RSA'08, volume 4964 of LNCS, pages 256--273. Springer, 2008. Google ScholarDigital Library
O. Aciicmez, W. Schindler, and Cetin Kaya Koc. Cache based remote timing attack on the AES. In CT-RSA 2007, volume 4377 of LNCS, pages 271--286. Springer, 2007. Google ScholarDigital Library
J. Agat. Transforming out Timing Leaks. In Proceedings POPL'00, pages 40--53. ACM, 2000. Google ScholarDigital Library
M. Aizatulin, A. D. Gordon, and J. Jurjens. Computational verification of c protocol implementations by symbolic execution. In CCS 2012, pages 712--723. ACM, 2012. Google ScholarDigital Library
J. B. Almeida, M. Barbosa, G. Barthe, and F. Dupressoir. Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations. In CCS 2013, 2013. Google ScholarDigital Library
T. Amtoft, J. Dodds, Z. Zhang, A. W. Appel, L. Beringer, J. Hatcliff, X. Ou, and A. Cousino. Acertificate infrastructure for machine-checked proofs of conditional information flow. In POST 2012, volume 7215 of LNCS, pages 369--389. Springer, 2012. Google ScholarDigital Library
L. O. Andersen. Program analysis and specialization for the C programming language. PhD thesis, 1994.Google Scholar
A. Azevedo de Amorim, N. Collins, A. DeHon, D. Demange, C. Hritcu, D. Pichardie, B. C. Pierce, R. Pollack, and A. Tolmach. A verified information-flow architecture. In POPL 2014. ACM, 2014. Google ScholarDigital Library
A. Banerjee and D. Naumann. Stack-based access control for secure information flow. Journal of Functional Programming, 15:131--177, Mar. 2005. Special Issue on Language-Based Security. Google ScholarDigital Library
G. Barthe, G. Betarte, J. Campo, and C. Luna. Formally verifying isolation and availability in an idealized model of virtualization. In FM 2011, pages 231--245. Springer-Verlag, 2011. Google ScholarDigital Library
G. Barthe, G. Betarte, J. Campo, and C. Luna. Cache-Leakage Resilient OS Isolation in an Idealized Model of Virtualization. In CSF 2012, pages 186--197, 2012. Google ScholarDigital Library
G. Barthe, G. Betarte, J. D. Campo, C. Luna, and D. Pichardie. System-level non-interference for constant-time cryptography (full version), 2014.Google Scholar
G. Barthe, B. Gregoire, S. Heraud, and S. Zanella-B--eguelin. Computer-aided security proofs for the working cryptographer. In CRYPTO 2011, volume 6841 of LNCS, Heidelberg, 2011. Google ScholarDigital Library
G. Barthe, B. Kopf, L. Mauborgne, and M. Ochoa. Leakage resilience against concurrent cache attacks. In POST, 2014.Google Scholar
G. Barthe, D. Pichardie, and T. Rezk. A certified lightweight non-interference java bytecode verifier. In ESOP 2007, pages 125--140, 2007. Google ScholarDigital Library
G. Barthe, T. Rezk, and D. A. Naumann. Deriving an information flow checker and certifying compiler for java. In S&P 2006, pages 230--242. IEEE Computer Society, 2006. Google ScholarDigital Library
D. J. Bernstein. Cache-timing attacks on AES, 2005. Available from author's webpage.Google Scholar
K. Bhargavan, C. Fournet, and A. D. Gordon. Modular verification of security protocol code by typing. In POPL 2010. ACM, 2010. Google ScholarDigital Library
J. Bonneau and I. Mironov. Cache Collision Timing Attacks Against AES. In CHES '06, 2006. Google ScholarDigital Library
D. Cade and B. Blanchet. From computationally-proved protocol specifications to implementations. In ARES 2012, pages 65--74. IEEE Computer Society, 2012. Google ScholarDigital Library
A. Canteaut, C. Lauradoux, and A. Seznec. Understanding cache attacks. Rapport de recherche RR-5881, INRIA, 2006.Google Scholar
T. Chardin, P.-A. Fouque, and D. Leresteux. Cache timing analysis of RC4. In ACNS 2011, volume 6715 of LNCS, pages 110--129, 2011. Google ScholarDigital Library
J. Chen, R. Chugh, and N. Swamy. Type-preserving compilation of end-to-end verification of security enforcement. In PLDI 2010, pages 412--423. ACM, 2010. Google ScholarDigital Library
B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In S&P 2009, pages 45--60, 2009. Google ScholarDigital Library
M. Dam, R. Guanciale, N. Khakpour, H. Nemati, and O. Schwarz. Formal verification of information flow security for a simple ARM-based separation kernel. In CCS 2013, pages 223--234, 2013. Google ScholarDigital Library
G. Doychev, D. Feld, B. Kopf, L. Mauborgne, and J. Reineke. Cacheaudit: A tool for the static analysis of cache side channels. In Usenix Security 2013, 2013. Google ScholarDigital Library
F. Dupressoir, A. D. Gordon, J. Jurjens, and D. A. Naumann. Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols. In CSF 2011, pages 3--17. IEEE Computer Society, 2011. Google ScholarDigital Library
S. Dziembowski and K. Pietrzak. Leakage-resilient cryptography. In FOCS, pages 293--302. IEEE Computer Society, 2008. Google ScholarDigital Library
U. Erlingsson and M. Abadi. Operating system protection against side-channel attacks that exploit memory latency. Technical Report MSR-TR-2007--117, Microsoft Research, 2007.Google Scholar
D. Gullasch, E. Bangerter, and S. Krenn. Cache games - bringing access-based cache attacks on AES to practice. In S&P 2011, pages 490--505, 2011. Google ScholarDigital Library
E. Kasper and P. Schwabe. Faster and timing-attack resistant aes-gcm. In C. Clavier and K. Gaj, editors, CHES, volume 5747 of Lecture Notes in Computer Science, pages 1--17. Springer, 2009. Google ScholarDigital Library
J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security, 8(2--3):141--158, 2000. Google ScholarDigital Library
G. A. Kildall. A unified approach to global program optimization. In Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages, POPL '73, pages 194--206, New York, NY, USA, 1973. ACM. Google ScholarDigital Library
T. Kim, M. Peinado, and G. Mainar-Ruiz. Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In USENIX Security 2012, pages 11--11, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: formal verification of an OS kernel. In SOSP 2009, pages 207--220. ACM, 2009. Google ScholarDigital Library
P. Kocher. Timing Attacks on Implementations of Diffe-Hellman, RSA, DSS, and Other Systems. In CRYPTO'96, volume 1109 of LNCS, pages 104--113. Springer, 1996. Google ScholarDigital Library
G. Leander, E. Zenner, and P. Hawkes. Cache Timing Analysis of LFSR-Based Stream Ciphers. In IMACC 2009, volume 5921 of LNCS, pages 433--445. Springer, 2009. Google ScholarDigital Library
X. Leroy. Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In POPL 2006, pages 42--54. ACM, 2006. Google ScholarDigital Library
C. Liu, M. Hicks, and E. Shi. Memory trace oblivious program execution. In CSF 2013, pages 51--65, 2013. Google ScholarDigital Library
D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In ICISC 2005, pages 156--168, 2005. Google ScholarDigital Library
T. Murray, D. Matichuk, M. Brassil, P. Gammie, T. Bourke, S. Seefried, C. Lewis, X. G., and G. Klein. sel4: from general purpose to a proof of information flow enforcement. In S&P 2013, pages 415--429, 2013. Google ScholarDigital Library
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud! Exploring information leakage in third-party compute clouds. In CCS 2009, pages 199--212. ACM Press, 2009. Google ScholarDigital Library
V. Robert and X. Leroy. A formally-verified alias analysis. In CPP, pages 11--26, 2012. Google ScholarDigital Library
J. M. Rushby. Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report CSL-92-02, SRI International, 1992.Google Scholar
T. Sewell, S. Winwood, P. Gammie, T. Murray, J. Andronick, and G. Klein. seL4 enforces integrity. In ITP 2011, Nijmegen, The Netherlands, 2011. Google ScholarDigital Library
Z. Shao. Certified software. Commun. ACM, 53(12):56--66, 2010. Google ScholarDigital Library
D. Stefan, P. Buiras, E. Z. Yang, A. Levy, D. Terei, A. Russo, and D. Mazières. Eliminating cache-based timing attacks with instruction-based scheduling. In J. Crampton, S. Jajodia, and K. Mayes, editors, ESORICS, volume 8134 of Lecture Notes in Computer Science, pages 718--735. Springer, 2013.Google Scholar
E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on AES, and countermeasures. J. Cryptology, 23(1):37--71, 2010. Google ScholarDigital Library
Y. Tsunoo, T. Saito, T. Suzaki, M. Shigeri, and H. Miyauchi. Cryptanalysis of DES implemented on computers with cache. In CHES 2003, volume 2779 of LNCS, pages 62--76. Springer, 2003.Google ScholarCross Ref
Z. Wang and R. B. Lee. New cache designs for thwarting software cache-based side channel attacks. In ISCA 2007, pages 494--505. ACM, 2007. Google ScholarDigital Library
D. Zhang, A. Askarov, and A. C. Myers. Predictive mitigation of timing channels in interactive systems. In CCS 2011, pages 563--574. ACM, 2011. Google ScholarDigital Library

Index Terms

System-level Non-interference for Constant-time Cryptography
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

System-Level Non-interference of Constant-Time Cryptography. Part II: Verified Static Analysis and Stealth Memory
Abstract
This paper constitutes the second part of a paper published in Barthe et al. (J Autom Reason, 2017. 10.1007/s10817-017-9441-5). Cache-based attacks are a class of side-channel attacks that are particularly effective in virtualized or cloud-based ...
Read More
System-Level Non-interference of Constant-Time Cryptography. Part I: Model

This work focuses on the study of constant-time implementations; giving formal guarantees that such implementations are protected against cache-based timing attacks in virtualized platforms where their supporting operating system executes concurrently ...
Read More
Cryptography in constant parallel time
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
November 2014
1592 pages
ISBN:9781450329576
DOI:10.1145/2660267
General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 November 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cache-based attacks
constant-time cryptography
coq
non-interference
stealth memory
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '14 Paper Acceptance Rate114of585submissions,19%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 83
  Total Citations
  View Citations
- 616
  Total Downloads
- Downloads (Last 12 months)75
- Downloads (Last 6 weeks)9
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

System-level Non-interference for Constant-time Cryptography

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

System-Level Non-interference of Constant-Time Cryptography. Part II: Verified Static Analysis and Stealth Memory

System-Level Non-interference of Constant-Time Cryptography. Part I: Model

Cryptography in constant parallel time