Skip to main content

2020 | OriginalPaper | Buchkapitel

RiCaSi: Rigorous Cache Side Channel Mitigation via Selective Circuit Compilation

verfasst von : Heiko Mantel, Lukas Scheidel, Thomas Schneider, Alexandra Weber, Christian Weinert, Tim Weißmantel

Erschienen in: Cryptology and Network Security

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Cache side channels constitute a persistent threat to crypto implementations. In particular, block ciphers are prone to attacks when implemented with a simple lookup-table approach. Implementing crypto as software evaluations of circuits avoids this threat but is very costly.
We propose an approach that combines program analysis and circuit compilation to support the selective hardening of regular C implementations against cache side channels. We implement this approach in our toolchain RiCaSi. RiCaSi avoids unnecessary complexity and overhead if it can derive sufficiently strong security guarantees for the original implementation. If necessary, RiCaSi produces a circuit-based, hardened implementation. For this, it leverages established circuit-compilation technology from the area of secure computation. A final program analysis step ensures that the hardening is, indeed, effective.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Abel, A., Reineke, J.: nanoBench: a low-overhead tool for running microbenchmarks on x86 systems. CoRR abs/1911.03282 (2019) Abel, A., Reineke, J.: nanoBench: a low-overhead tool for running microbenchmarks on x86 systems. CoRR abs/1911.03282 (2019)
2.
Zurück zum Zitat Aciiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: ICICS (2006) Aciiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: ICICS (2006)
3.
Zurück zum Zitat Advanced Micro Devices: software optimization guide for AMD family 17h models 30h and greater processors. Publication number: 56305, Revision: 3.02 (2020) Advanced Micro Devices: software optimization guide for AMD family 17h models 30h and greater processors. Publication number: 56305, Revision: 3.02 (2020)
4.
Zurück zum Zitat Aoki, K., et al.: Specification of Camellia - a 128-bit block cipher, version 2.0 (2001) Aoki, K., et al.: Specification of Camellia - a 128-bit block cipher, version 2.0 (2001)
5.
Zurück zum Zitat Apecechea, G.I., Eisenbarth, T., Sunar, B.: S\$a: a shared cache attack that works across cores and defies VM sandboxing - and its application to AES. In: S & P (2015) Apecechea, G.I., Eisenbarth, T., Sunar, B.: S\$a: a shared cache attack that works across cores and defies VM sandboxing - and its application to AES. In: S & P (2015)
6.
Zurück zum Zitat Apecechea, G.I., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-vm attack on AES. In: RAID (2014) Apecechea, G.I., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-vm attack on AES. In: RAID (2014)
8.
Zurück zum Zitat Barthe, G., Rezk, T., Warnier, M.: Preventing timing leaks through transactional branching instructions. In: QAPL (2006) Barthe, G., Rezk, T., Warnier, M.: Preventing timing leaks through transactional branching instructions. In: QAPL (2006)
9.
Zurück zum Zitat Belaïd, S., Dagand, P., Mercadier, D., Rivain, M., Wintersdorff, R.: Tornado: automatic generation of probing-secure masked bitsliced implementations. In: EUROCRYPT (2020) Belaïd, S., Dagand, P., Mercadier, D., Rivain, M., Wintersdorff, R.: Tornado: automatic generation of probing-secure masked bitsliced implementations. In: EUROCRYPT (2020)
10.
Zurück zum Zitat Belaïd, S., Goudarzi, D., Rivain, M.: Tight private circuits: achieving probing security with the least refreshing. In: ASIACRYPT (2018) Belaïd, S., Goudarzi, D., Rivain, M.: Tight private circuits: achieving probing security with the least refreshing. In: ASIACRYPT (2018)
11.
Zurück zum Zitat Bernstein, D.J.: Cache-timing attacks on AES. University of Illinois at Chicago, Technical report (2005) Bernstein, D.J.: Cache-timing attacks on AES. University of Illinois at Chicago, Technical report (2005)
12.
Zurück zum Zitat Biham, E.: A fast new DES implementation in software. In: FSE (1997) Biham, E.: A fast new DES implementation in software. In: FSE (1997)
13.
Zurück zum Zitat Bindel, N., Buchmann, J.A., Krämer, J., Mantel, H., Schickel, J., Weber, A.: Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics. In: FPS (2017) Bindel, N., Buchmann, J.A., Krämer, J., Mantel, H., Schickel, J., Weber, A.: Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics. In: FPS (2017)
14.
Zurück zum Zitat Brotzman, R., Liu, S., Zhang, D., Tan, G., Kandemir, M.T.: Casym: cache aware symbolic execution for side channel detection and mitigation. In: S&P (2019) Brotzman, R., Liu, S., Zhang, D., Tan, G., Kandemir, M.T.: Casym: cache aware symbolic execution for side channel detection and mitigation. In: S&P (2019)
15.
Zurück zum Zitat Büscher, N., Demmler, D., Katzenbeisser, S., Kretzmer, D., Schneider, T.: HyCC: compilation of hybrid protocols for practical secure computation. In: CCS (2018) Büscher, N., Demmler, D., Katzenbeisser, S., Kretzmer, D., Schneider, T.: HyCC: compilation of hybrid protocols for practical secure computation. In: CCS (2018)
16.
Zurück zum Zitat Chothia, T., Kawamoto, Y., Novakovic, C.: A tool for estimating information leakage. In: CAV (2013) Chothia, T., Kawamoto, Y., Novakovic, C.: A tool for estimating information leakage. In: CAV (2013)
17.
Zurück zum Zitat Clarke, E.M., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: TACAS (2004) Clarke, E.M., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: TACAS (2004)
18.
Zurück zum Zitat Costan, V., Devadas, S.: Intel SGX explained. ePrint 2016/86 (2016) Costan, V., Devadas, S.: Intel SGX explained. ePrint 2016/86 (2016)
19.
Zurück zum Zitat Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977) Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977)
20.
Zurück zum Zitat Daemen, J., Rijmen, V.: AES submission document on Rijndael. Version 2 (1999) Daemen, J., Rijmen, V.: AES submission document on Rijndael. Version 2 (1999)
21.
Zurück zum Zitat Demmler, D., Dessouky, G., Koushanfar, F., Sadeghi, A., Schneider, T., Zeitouni, S.: Automated synthesis of optimized circuits for secure computation. In: CCS (2015) Demmler, D., Dessouky, G., Koushanfar, F., Sadeghi, A., Schneider, T., Zeitouni, S.: Automated synthesis of optimized circuits for secure computation. In: CCS (2015)
22.
Zurück zum Zitat Demmler, D., Schneider, T., Zohner, M.: ABY - a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015) Demmler, D., Schneider, T., Zohner, M.: ABY - a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015)
23.
Zurück zum Zitat Dewald, F., Mantel, H., Weber, A.: AVR processors as a platform for language-based security. In: ESORICS (2017) Dewald, F., Mantel, H., Weber, A.: AVR processors as a platform for language-based security. In: ESORICS (2017)
24.
Zurück zum Zitat Doychev, G., Köpf, B.: Rigorous analysis of software countermeasures against cache attacks. In: PLDI (2017) Doychev, G., Köpf, B.: Rigorous analysis of software countermeasures against cache attacks. In: PLDI (2017)
25.
Zurück zum Zitat Doychev, G., Köpf, B., Mauborgne, L., Reineke, J.: Cacheaudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18(1) (2015) Doychev, G., Köpf, B., Mauborgne, L., Reineke, J.: Cacheaudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18(1) (2015)
26.
Zurück zum Zitat Felsen, S., Kiss, Á., Schneider, T., Weinert, C.: Secure and private function evaluation with Intel SGX. In: CCSW (2019) Felsen, S., Kiss, Á., Schneider, T., Weinert, C.: Secure and private function evaluation with Intel SGX. In: CCSW (2019)
27.
Zurück zum Zitat Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (2009) Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (2009)
28.
Zurück zum Zitat Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987) Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987)
29.
30.
Zurück zum Zitat Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: CRYPTO (2008) Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: CRYPTO (2008)
31.
Zurück zum Zitat Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: S&P (2011) Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: S&P (2011)
32.
Zurück zum Zitat Holzer, A., Franz, M., Katzenbeisser, S., Veith, H.: Secure two-party computations in ANSI C. In: CCS (2012) Holzer, A., Franz, M., Katzenbeisser, S., Veith, H.: Secure two-party computations in ANSI C. In: CCS (2012)
33.
Zurück zum Zitat Corporation, Intel: Intel® 64 and IA-32 architectures optimization reference manual. Order Number 248966–032 (2016) Corporation, Intel: Intel® 64 and IA-32 architectures optimization reference manual. Order Number 248966–032 (2016)
34.
Zurück zum Zitat Järvinen, K., Kolesnikov, V., Sadeghi, A., Schneider, T.: Garbled circuits for leakage-resilience: hardware implementation and evaluation of one-time programs. In: CHES (2010) Järvinen, K., Kolesnikov, V., Sadeghi, A., Schneider, T.: Garbled circuits for leakage-resilience: hardware implementation and evaluation of one-time programs. In: CHES (2010)
35.
Zurück zum Zitat Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: CHES (2009) Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: CHES (2009)
36.
Zurück zum Zitat Kim, T., Peinado, M., Mainar-Ruiz, G.: STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In: USENIX Security (2012) Kim, T., Peinado, M., Mainar-Ruiz, G.: STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In: USENIX Security (2012)
37.
Zurück zum Zitat Köpf, B., Mantel, H.: Transformational typing and unification for automatically correcting insecure programs. IJIS 6(2–3) (2007) Köpf, B., Mantel, H.: Transformational typing and unification for automatically correcting insecure programs. IJIS 6(2–3) (2007)
38.
Zurück zum Zitat Köpf, B., Mauborgne, L., Ochoa, M.: Automatic quantification of cache side-channels. In: CAV (2012) Köpf, B., Mauborgne, L., Ochoa, M.: Automatic quantification of cache side-channels. In: CAV (2012)
39.
Zurück zum Zitat Köpf, B., Smith, G.: Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: CSF (2010) Köpf, B., Smith, G.: Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: CSF (2010)
40.
Zurück zum Zitat Kreuter, B., Shelat, A., Mood, B., Butler, K.R.B.: PCF: a portable circuit format for scalable two-party secure computation. In: USENIX Security (2013) Kreuter, B., Shelat, A., Mood, B., Butler, K.R.B.: PCF: a portable circuit format for scalable two-party secure computation. In: USENIX Security (2013)
42.
Zurück zum Zitat Malacaria, P., Khouzani, M., Pasareanu, C.S., Phan, Q., Luckow, K.S.: Symbolic side-channel analysis for probabilistic programs. In: CSF (2018) Malacaria, P., Khouzani, M., Pasareanu, C.S., Phan, Q., Luckow, K.S.: Symbolic side-channel analysis for probabilistic programs. In: CSF (2018)
43.
Zurück zum Zitat Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: USENIX Security (2004) Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: USENIX Security (2004)
44.
Zurück zum Zitat Mantel, H., Schickel, J., Weber, A., Weber, F.: How secure is green it? the case of software-based energy side channels. In: ESORICS (2018) Mantel, H., Schickel, J., Weber, A., Weber, F.: How secure is green it? the case of software-based energy side channels. In: ESORICS (2018)
45.
Zurück zum Zitat Mantel, H., Starostin, A.: Transforming out timing leaks, more or less. In: ESORICS (2015) Mantel, H., Starostin, A.: Transforming out timing leaks, more or less. In: ESORICS (2015)
46.
Zurück zum Zitat Mantel, H., Weber, A., Köpf, B.: A systematic study of cache side channels across AES implementations. In: ESSoS (2017) Mantel, H., Weber, A., Köpf, B.: A systematic study of cache side channels across AES implementations. In: ESSoS (2017)
47.
Zurück zum Zitat Matsui, M., Nakajima, J.: On the power of bitslice implementation on Intel Core2 processor. In: CHES (2007) Matsui, M., Nakajima, J.: On the power of bitslice implementation on Intel Core2 processor. In: CHES (2007)
48.
Zurück zum Zitat Mercadier, D., Dagand, P.: Usuba: high-throughput and constant-time ciphers, by construction. In: PLDI, pp. 157–173 (2019) Mercadier, D., Dagand, P.: Usuba: high-throughput and constant-time ciphers, by construction. In: PLDI, pp. 157–173 (2019)
50.
Zurück zum Zitat Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The program counter security model: automatic detection and removal of control-flow side channel attacks. In: ICISC (2006) Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The program counter security model: automatic detection and removal of control-flow side channel attacks. In: ICISC (2006)
51.
Zurück zum Zitat Nane, R., et al.: A survey and evaluation of FPGA high-level synthesis tools. IEEE Trans. CAD Integrat. Circ. Syst. 35(10), 1591–1604 (2016) Nane, R., et al.: A survey and evaluation of FPGA high-level synthesis tools. IEEE Trans. CAD Integrat. Circ. Syst. 35(10), 1591–1604 (2016)
52.
Zurück zum Zitat National Institute of Standards and Technology: FIPS PUB 46–3: Data encryption standard (DES) (1999) National Institute of Standards and Technology: FIPS PUB 46–3: Data encryption standard (DES) (1999)
53.
Zurück zum Zitat National Institute of Standards and Technology: FIPS PUB 197: Advanced encryption standard (AES) (2001) National Institute of Standards and Technology: FIPS PUB 197: Advanced encryption standard (AES) (2001)
57.
Zurück zum Zitat Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: CT-RSA (2006) Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: CT-RSA (2006)
58.
Zurück zum Zitat Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. ePrint 2002/169 (2002) Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. ePrint 2002/169 (2002)
59.
Zurück zum Zitat Poddar, R., Datta, A., Rebeiro, C.: A cache trace attack on Camellia. In: InfoSecHiComNet (2011) Poddar, R., Datta, A., Rebeiro, C.: A cache trace attack on Camellia. In: InfoSecHiComNet (2011)
60.
Zurück zum Zitat Smith, G.: On the foundations of quantitative information flow. In: FoSSaCS (2009) Smith, G.: On the foundations of quantitative information flow. In: FoSSaCS (2009)
61.
Zurück zum Zitat Songhori, E.M., Hussain, S.U., Sadeghi, A., Schneider, T., Koushanfar, F.: Tinygarble: highly compressed and scalable sequential garbled circuits. In: S&P (2015) Songhori, E.M., Hussain, S.U., Sadeghi, A., Schneider, T., Koushanfar, F.: Tinygarble: highly compressed and scalable sequential garbled circuits. In: S&P (2015)
63.
Zurück zum Zitat Testa, E., Soeken, M., Amarù, L.G., Micheli, G.D.: Reducing the multiplicative complexity in logic networks for cryptography and security applications. In: DAC (2019) Testa, E., Soeken, M., Amarù, L.G., Micheli, G.D.: Reducing the multiplicative complexity in logic networks for cryptography and security applications. In: DAC (2019)
64.
Zurück zum Zitat Testa, E., Soeken, M., Riener, H., Amaru, L., Micheli, G.D.: A logic synthesis toolbox for reducing the multiplicative complexity in logic networks. In: DATE (2020) Testa, E., Soeken, M., Riener, H., Amaru, L., Micheli, G.D.: A logic synthesis toolbox for reducing the multiplicative complexity in logic networks. In: DATE (2020)
67.
Zurück zum Zitat Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: CHES (2003) Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: CHES (2003)
68.
Zurück zum Zitat Wang, S., Wang, P., Liu, X., Zhang, D., Wu, D.: Cached: identifying cache-based timing channels in production software. In: USENIX Security (2017) Wang, S., Wang, P., Liu, X., Zhang, D., Wu, D.: Cached: identifying cache-based timing channels in production software. In: USENIX Security (2017)
69.
Zurück zum Zitat Weiser, S., Spreitzer, R., Bodner, L.: Single trace attack against RSA key generation in Intel SGX SSL. In: ASIACCS (2018) Weiser, S., Spreitzer, R., Bodner, L.: Single trace attack against RSA key generation in Intel SGX SSL. In: ASIACCS (2018)
70.
Zurück zum Zitat Weiser, S., Zankl, A., Spreitzer, R., Miller, K., Mangard, S., Sigl, G.: DATA - differential address trace analysis: Finding address-based side-channels in binaries. In: USENIX Security (2018) Weiser, S., Zankl, A., Spreitzer, R., Miller, K., Mangard, S., Sigl, G.: DATA - differential address trace analysis: Finding address-based side-channels in binaries. In: USENIX Security (2018)
71.
Zurück zum Zitat Yao, A.C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986) Yao, A.C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)
72.
Zurück zum Zitat Zahur, S., Evans, D.: Obliv-C: a language for extensible data-oblivious computation. ePrint 2015/1153 (2015) Zahur, S., Evans, D.: Obliv-C: a language for extensible data-oblivious computation. ePrint 2015/1153 (2015)
73.
Zurück zum Zitat Zhao, X., Wang, T., Zheng, Y.: Cache timing attacks on Camellia block cipher. ePrint 2009/354 (2009) Zhao, X., Wang, T., Zheng, Y.: Cache timing attacks on Camellia block cipher. ePrint 2009/354 (2009)
Metadaten
Titel
RiCaSi: Rigorous Cache Side Channel Mitigation via Selective Circuit Compilation
verfasst von
Heiko Mantel
Lukas Scheidel
Thomas Schneider
Alexandra Weber
Christian Weinert
Tim Weißmantel
Copyright-Jahr
2020
DOI
https://doi.org/10.1007/978-3-030-65411-5_25