On the power of simple branch prediction analysis

Very recently, a new software side-channel attack, called Branch Prediction Analysis (BPA) attack, has been discovered and also demonstrated to be practically feasible on popular commodity PC platforms. While the above recent attack still had the flavor of a classical timing attack against RSA, where one uses many execution-time measurements under the same key in order to statistically amplify some small but key-dependent timing differences, we dramatically improve upon the former result. We prove that a carefully written spy-process running simultaneously with an RSA-process, is able to collect during one single RSA signing execution almost all of the secret key bits. We call such an attack, analyzing the CPU's Branch Predictor states through spying on a single quasi-parallel computation process, a Simple Branch Prediction Analysis (SBPA) attack --- sharply differentiating it from those one relying on statistical methods and requiring many computation measurements under the same key. The successful extraction of almost all secret key bits by our SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless. Additional to that very crucial security implication, targeted at such implementations which are assumed to be at least statistically secure, our successful SBPA attack also bears another equally critical security implication. Namely, in the context of simple side-channel attacks, it is widely believed that equally balancing the operations after branches is a secure countermeasure against such simple attacks. Unfortunately, this is not true, as even such "balanced branch" implementations can be completely broken by our SBPA attacks. Moreover, despite sophisticated hardware-assisted partitioning methods such as memory protection, sandboxing or even virtualization, SBPA attacks empower an unprivileged process to successfully attack other processes running in parallel on the same processor. Thus, we conclude that SBPA attacks are much more dangerous than previously anticipated, as they obviously do not belong to the same category as pure timing attacks.

[1]  Rita Mayer-Sommer,et al.  Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards , 2000, CHES.

[2]  Mikko H. Lipasti,et al.  Modern Processor Design: Fundamentals of Superscalar Processors , 2002 .

[3]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[4]  Jim Handy The cache memory book (2nd ed.): the authoritative reference on cache design , 1998 .

[5]  David A. Patterson,et al.  Computer Architecture - A Quantitative Approach, 5th Edition , 1996 .

[6]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[7]  OpenSSL OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[8]  C. D. Walter,et al.  Montgomery exponentiation needs no final subtractions , 1999 .

[9]  Abraham Silberschatz,et al.  Operating System Concepts , 1983 .

[10]  David Schultz,et al.  The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.

[11]  Helmut Kahl,et al.  SPA-based attack against the modular reduction within a partially secured RSA-CRT implementation , 2004, IACR Cryptol. ePrint Arch..

[12]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[13]  David J. Sager,et al.  The microarchitecture of the Pentium 4 processor , 2001 .

[14]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[15]  Aleksandar Milenkovic,et al.  Microbenchmarks for determining branch predictor organization , 2004, Softw. Pract. Exp..

[16]  Gil Neiger,et al.  Intel virtualization technology , 2005, Computer.

[17]  Paul England,et al.  High Assurance Computing on Open Hardware Architectures , 2003 .

[18]  Eric Rotenberg,et al.  Trace cache: a low latency approach to high bandwidth instruction fetching , 1996, Proceedings of the 29th Annual IEEE/ACM International Symposium on Microarchitecture. MICRO 29.

[19]  Robert Lindell,et al.  The Intel 80/spl times/86 processor architecture: pitfalls for secure systems , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[20]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[21]  Marc Joye,et al.  A Protected Division Algorithm , 2002, CARDIS.

[22]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[23]  R. D. Valentine,et al.  The Intel Pentium M processor: Microarchitecture and performance , 2003 .

[24]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[25]  Sean W. Smith Trusted Computing Platforms - Design and Applications , 2005 .

[26]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[27]  Tom Shanley The Unabridged Pentium 4: IA32 Processor Genealogy , 2004 .

[28]  Jean-Sébastien Coron,et al.  Statistics and secret leakage , 2000, TECS.

[29]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[30]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[31]  Peter B. Galvin,et al.  Operating System Concepts, 4th Ed. , 1993 .

[32]  Nigel P. Smart,et al.  Lattice Attacks on Digital Signature Schemes , 2001, Des. Codes Cryptogr..

[33]  Igor E. Shparlinski,et al.  The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces , 2003, Des. Codes Cryptogr..

[34]  Abraham Silberschatz,et al.  Operating Systems Concepts , 2005 .

[35]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[36]  Jim Handy,et al.  The cache memory book , 1993 .

[37]  Werner Schindler,et al.  A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.

[38]  Wei-Ming Hu,et al.  Lattice scheduling and covert channels , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[39]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[40]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[41]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[42]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[43]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .