Quantifying timing-based information flow in cryptographic hardware

Cryptographic function implementations are known to leak information about private keys through timing information. By using statistical analysis of the variations in runtime required to encrypt different messages, an attacker can relatively easily determine the key with high probability. There are many mitigation techniques to combat these side channels; however, there are limited metrics available to quantify the effectiveness of these mitigation attacks. In this work, we employ information theoretic ideas to quantify the amount of leakage that can be extracted from runtime measurements and reveal the influence of individual key bits on the timing observations across a variety of hardware implementations. By studying different RSA hardware architectures (each with different performance optimizations and mitigation techniques), we determine the effectiveness of these information theoretic techniques against the success of attacks. Our experimental results show that mutual information is a promising metric to quantify timing-based information leakage and it also correlates to the attack-ability of a cryptographic implementation.

[1]  Pasquale Malacaria,et al.  Quantifying information leaks in software , 2010, ACSAC '10.

[2]  Eric Peeters,et al.  Parallel FPGA implementation of RSA with residue number systems - can side-channel threats be avoided? , 2003, 2003 46th Midwest Symposium on Circuits and Systems.

[3]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[4]  Ryan Kastner,et al.  Leveraging Gate-Level Properties to Identify Hardware Timing Channels , 2014, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[5]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Stephen McCamant,et al.  Measuring channel capacity to distinguish undue influence , 2009, PLAS '09.

[7]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[8]  Annabelle McIver,et al.  A probabilistic approach to information hiding , 2003 .

[9]  D ErnstMichael,et al.  Quantitative information flow as network flow capacity , 2008 .

[10]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[11]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[12]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[13]  Werner Schindler,et al.  A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.

[14]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[15]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[16]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[17]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[18]  Markus Dürmuth,et al.  A Provably Secure and Efficient Countermeasure against Timing Attacks , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[19]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[20]  Lejla Batina,et al.  Mutual Information Analysis: a Comprehensive Study , 2011, Journal of Cryptology.

[21]  David Clark,et al.  Quantified Interference for a While Language , 2005, QAPL.

[22]  Danfeng Zhang,et al.  Predictive black-box mitigation of timing channels , 2010, CCS '10.

[23]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2006, Inf. Comput..

[24]  James W. Gray,et al.  Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.