“Ooh Aah… Just a little bit”: A small amount of side channel can go a longway

被引：106

作者：

Benger, Naomi ^{[1
]}

van de Pol, Joop ^{[2
]}

Smart, Nigel P. ^{[2
]}

Yarom, Yuval ^{[1
]}

机构：

[1] School of Computer Science, The University of Adelaide

[2] Dept. Computer Science, University of Bristol

来源：

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | 2014年 / 8731卷

基金：

英国工程与自然科学研究理事会;

关键词：

41;

D O I：

10.1007/978-3-662-44709-3_5

中图分类号：

学科分类号：

摘要：

We apply the FLUSH+RELOAD side-channel attack based on cache hits/misses to extract a small amount of data from OpenSSL ECDSA signature requests. We then apply a “standard” lattice technique to extract the private key, but unlike previous attacks we are able to make use of the side-channel information from almost all of the observed executions. This means we obtain private key recovery by observing a relatively small number of executions, and by expending a relatively small amount of post-processing via lattice reduction. We demonstrate our analysis via experiments using the curve secp256k1 used in the Bitcoin protocol. In particular we show that with as little as 200 signatures we are able to achieve a reasonable level of success in recovering the secret key for a 256-bit curve. This is significantly better than prior methods of applying lattice reduction techniques to similar side channel information © International Association for Cryptologic Research 2014.

引用

页码：75 / 92

页数：17

共 40 条

[1] Aciicmez O., Yet another microarchitectural attack: Exploiting I-Cache, Proceedings of the ACM Workshop on Computer Security Architecture, Fairfax, pp. 11-18, (2007)
[2] Aciicmez O., Brumley B.B., Grabher P., New results on instruction cache attacks, Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems, Santa Barbara, pp. 110-124, (2010)
[3] Aciicmez O., Gueron S., Seifert J.-P., New branch prediction vulnerabilities in OpenSSL and necessary software countermeasures, Cryptography and Coding 2007.LNCS, vol. 4887, pp. 185-203, (2007)
[4] Aciicmez O., Koc C.K., Seifert J.-P., On the power of simple branch prediction analysis, Proceedings of the Second ACMSymposium on Information, Computer and Communication Security, Singapore, pp. 312–320, (2007)
[5] Aciicmez O., Schindler W., A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL, CT-RSA2008.LNCS, vol. 4964, pp. 256-273, (2008)
[6] Arcangeli A., Eidus, I.,Wright, C.: Increasing memory density by using KSM, Proceedings of the Linux Symposium, Montreal, Quebec, Canada, pp. 19–28, (2009)
[7] Bernstein D.J., Cache-timing attacks on AES
[8] Bernstein D.J., Lange T., Schwabe P., The security impact of a new cryptographic library, LatinCrypt 2012.LNCS, vol. 7533, pp. 159-176, (2012)
[9] Bos J.W., Halderman J.A., Heninger N., Moore J., Naehrig M., Wustrow E., Elliptic curve cryptography in practice. Cryptology ePrint Archive, Report 2013/734, (2013)
[10] Brumley B.B., Hakala R.M., Cache-timing template attacks, ASIACRYPT 2009.LNCS, vol. 5912, pp. 667-684, (2009)

← 1 2 3 4 →