Improving timing attack on RSA-CRT via error detection and correction strategy

In timing attack, a class of side channel attack, the attacker attempts to break a cryptographic algorithm by timing the operations of a specific system. Several studies on different types of timing attacks have been published, but they are either theoretical or hard to put into practice. To improve the feasibility of timing attack, the current study proposes an improved timing attack scheme on RSA-CRT using t-test. Some similar types of timing attacks, such as BB-attack and Schindler's attack, have been previously reported. However, none of these studies has applied these statistical methods with such efficiency, or has actually obtained complete recovery by attacking on RSA-CRT. The algorithm proposed in the present study provides an error detection mechanism and correction strategy that can detect and correct the erroneous decision of guessing q"k. With an improvement timing attack on the RSA algorithm in OpenSSL, the 0-1gap is enlarged, the neighborhood size is reduced, and the precision of the decision is improved. Moreover, obtaining the factor q is practical, and even recovers a 1024-bit RSA key completely for an interprocess timing attack.

[1]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[2]  R. F. Heckard,et al.  Statistical Ideas And Methods , 2005 .

[3]  Dan S. Wallach,et al.  Opportunities and Limits of Remote Timing Attacks , 2009, TSEC.

[4]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[5]  Werner Schindler,et al.  A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.

[6]  Risto M. Hakala,et al.  Cache-Timing Template Attacks , 2009, ASIACRYPT.

[7]  Ning Zhang,et al.  Efficient elliptic curve scalar multiplication algorithms resistant to power analysis , 2007, Inf. Sci..

[8]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[9]  David C. Yen,et al.  Cryptanalysis of short secret exponents modulo RSA primes , 2004, Inf. Sci..

[10]  Onur Aciiçmez,et al.  New Results on Instruction Cache Attacks , 2010, CHES.

[11]  Onur Aciiçmez,et al.  Improving Brumley and Boneh timing attack on unprotected SSL implementations , 2005, CCS '05.

[12]  Chia-Long Wu,et al.  An efficient common-multiplicand-multiplication method to the Montgomery algorithm for speeding up exponentiation , 2009, Inf. Sci..

[13]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[14]  Juanru Li,et al.  Differential fault analysis on the ARIA algorithm , 2008, Inf. Sci..

[16]  Todd M. Austin,et al.  Fault-based attack of RSA authentication , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[17]  Adam Matthews Smart Cards: Side-channel attacks on smartcards , 2006 .

[18]  I. Coorporation,et al.  Using the rdtsc instruction for performance monitoring , 1997 .

[19]  Jens Rüdinger The complexity of DPA type side channel attacks and their dependency on the algorithm design , 2006, Inf. Secur. Tech. Rep..

[20]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[21]  Sandor Imre,et al.  An advanced timing attack scheme on RSA , 2008, Networks 2008 - The 13th International Telecommunications Network Strategy and Planning Symposium.

[22]  JaeCheol Ha,et al.  A CRT-Based RSA Countermeasure Against Physical Cryptanalysis , 2005, HPCC.

[23]  Duminda Wijesekera,et al.  Status-Based Access Control , 2008, TSEC.

[24]  P. L. Montgomery Modular multiplication without trial division , 1985 .