A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4964 LNCS, Issue , 2008, Pages 256-273

  Aciiçmez, Onur ^a   Schindler, Werner ^b  

^a SAMSUNG INFORMATION SYSTEMS AMERICA   (United States)

^b Federal Office for Information Security   (Germany)

Author keywords

Instruction cache attack; MicroArchitectural analysis; Montgomery multiplication; RSA; Side channel analysis; Stochastic process

Indexed keywords

BUFFER STORAGE; COMPUTER CRIME; RANDOM PROCESSES; SECURITY OF DATA; SOFTWARE ARCHITECTURE;

INSTRUCTION-CACHE ATTACK; MICROARCHITECTURAL ANALYSIS; MONTGOMERY MULTIPLICATION; RSA; SIDE CHANNEL ANALYSIS;

CRYPTOGRAPHY;

EID: 43149120482     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-79263-5_16     Document Type: Conference Paper

References (35)

1. Aciiçmez, O., Schindler, W.: A Major Vulnerability in RSA Implementations due to MicroArchitectural Analysis Threat. Cryptology ePrint Archive. Report 2007/336 (August 2007)
2. Aciiçmez, O.: Yet Another MicroArchitectural Attack: Exploiting I-cache. In: ACM Workshop on Computer Security Architecture, pp. 11-18. ACM Press, New York (2007)
3. th Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC 2007, pp. 80-91. IEEE Computer Society, Los Alamitos (2007)
4. Aciiçmez, O., Gueron, S., Seifert, J.-P.: New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 185-203. Springer, Heidelberg (2007), Cryptology ePrint Archive, Report 2007/039, (February 2007)
5. Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: On The Power of Simple Branch Prediction Analysis. In: Deng, R., Samarati, P. (eds.) ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2007), pp. 312-320 (2006); Cryptology ePrint Archive, Report 2006/351 (October 2006)
6. Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: Predicting Secret Keys via Branch Prediction. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 225-242. Springer, Heidelberg (2006), Cryptology ePrint Archive, Report 2006/288, (August 2006)
7. Aciiçmez, O., Schindler, W., Koç, Ç.K.: Cache Based Remote Timing Attack on the AES. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271-286. Springer, Heidelberg (2006)
8. th ACM Conference on Computer and Communications Security, pp. 139-146. ACM Press, New York (2005)
9. Bernstein, D. J.: Cache-timing attacks on AES. Technical Report, 37 pages, (April 2005), http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
10. th Usenix Security Symposium, pp. 1-14 (2003)
11. Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, P.-A., Quisquater, J.-J., Willems, J.-L.: A Practical Implementation of the Timing Attack. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 175-191. Springer, Heidelberg (2000)
12. Gueron, S.: Enhanced Montgomery Multiplication. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 46-56. Springer, Heidelberg (2003)
13. Hachez, G., Quisquater, J.-J.: Montgomery Exponentiation with no Final Subtractions: Improved Results. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 91-100. Springer, Heidelberg (2000)
14. Kocher, P.C., Jaffe, J.M.: Secure Modular Exponentiation with Leak Minimization for Smartcards and other Cryptosystems. United States Patent, Patent No.: US 6,298,442 B1 (October 2001)
15. Menezes, A.J., van Oorschot, P.C.. Vanstone, S.C.: Handbook of Applied Cryptography. CRC Press. New York (1997)
16. Neve, M.: Cache-based Vulnerabilities and SPAM Analysis. Ph.D. Thesis, Applied Science, UCL (July 2006)
17. Neve, M., Seifert, J.-P.: Advances on Access-driven Cache Attacks on AES. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 147-162. Springer, Heidelberg (2007)
18. Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1-20. Springer, Heidelberg (2006)
19. Page, D.: Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. Technical Report, Department of Computer Science, University of Bristol (June 2002)
20. Percival, C.: Cache missing for fun and profit. BSDCan 2005, Ottawa (2005), http://www.daemonology.net/hyperthreading-considered-harmful/
21. Schindler, W.: On the Optimization of Side-Channel Attacks by Advanced Stochastic Methods. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 85-103. Springer, Heidelberg (2005)
22. Schindler, W., Walter, C.D.: More Detail for a Combined Timing and Power Attack against Implementations of RSA. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 245-263. Springer, Heidelberg (2003)
23. Schindler, W.: A Combined Timing and Power Attack. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 263-279. Springer, Heidelberg (2002)
24. Schindler, W.: Optimized Timing Attacks against Public Key Cryptosystems. Statistics and Decisions 20, 191-210 (2002)
25. Schindler, W., Koeune, F., Quisquater, J.-J.: Improving Divide and Conquer Attacks Against Cryptosystems by Better Error Detection / Correction Strategies. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 245-267. Springer, Heidelberg (2001)
26. Schindler, W.: A Timing Attack against RSA with the Chinese Remainder Theorem. In: Paar, C. Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 110-125. Springer, Heidelberg (2000)
27. Walter, C.D., Thompson, S.: Distinguishing Exponent Digits by Observing Modular Subtractions. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 192-207. Springer, Heidelberg (2001)
28. Walter, C.D.: Montgomery exponentiation needs no final subtractions. IEE Electronics Letters 35(21), 1831-1832 (1999)
29. Walter, C.D.: Montgomery's Multiplication Technique: How to Make It Smaller and Faster. In: Koç. Ç.K., Paar. C (eds.) CHES 1999. LNCS, vol. 1717, pp. 80-93. Springer, Heidelberg (1999)
30. http://www.ntt.co.jp/news/news06e/0611/061108a.html
31. http://cvs.openssl.org/chngview?cn=16275
32. ftp ://ftp.openssl.org/snapshot/
33. http://eve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
34. http://www.cert.org/
35. US CERT vulnerability note, http://www.kb.cert.org/vuls/id/724968