A Vulnerability in RSA Implementations Due to Instruction Cache Analysis and Its Demonstration on OpenSSL

MicroArchitectural Analysis (MA) techniques, more specifically Simple Branch Prediction Analysis (SBPA) and Instruction Cache Analysis, have the potential of disclosing the entire execution flow of a software-implemented cryptosystem ([5,2]). In this paper we will show that one can completely break RSA in the original unpatched OpenSSL version (v.0.9.8e) even if the most secure configuration is in place, including all countermeasures against side-channel and MicroArchitectural analysis (in particular, base blinding). We also discuss (known) countermeasures that prevent this attack. In a first step we apply an instruction cache attack to reveal which Montgomery operations require extra reductions. To exploit this information we model the timing behavior of the modular exponentiation algorithm by a stochastic process. Its analysis provides the optimal guessing strategy, which reveals the secret key (mod p1) and finally the factorization of the RSA modulus n = p1p2. For the instruction cache attack we applied a spy process that was embedded in the target process (OpenSSL), which clearly facilitates the experimental part. This simplification yet does not nullify our results since in cache attacks empirical results from embedded spy processes and (suitably implemented) standalone spy processes are very close to each other [16] and, moreover, our guessing strategy is fault-tolerant. Interestingly, the second step of our attack is related to that of a particular combined power and timing attack on smart cards [23] (see also [27,22]). Before we published our result [1] we informed the OpenSSL development team who included a patch into the stable branch of v.0.9.7e ([31,32]) and CERT which informed software vendors ([33,34,35]). In particular, this countermeasure is included in the current version 0.9.8f. We have only analyzed OpenSSL, thus we currently do not know the strength of other cryptographic libraries.

[1]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[2]  Somesh Jha,et al.  Proceedings of the 15th ACM conference on Computer and communications security , 2005, CCS 2008.

[3]  W. Nichols RESEARCH AND APPLICATION. , 1919, Science.

[4]  Onur Aciiçmez,et al.  A Major Vulnerability in RSA Implementations due to MicroArchitectural Analysis Threat , 2007, IACR Cryptol. ePrint Arch..

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[7]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[8]  Serge Vaudenay Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings , 2005, Public Key Cryptography.

[9]  Schindler Werner OPTIMIZED TIMING ATTACKS AGAINST PUBLIC KEY CRYPTOSYSTEMS , 2002 .

[10]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..

[11]  Onur Aciiçmez,et al.  Improving Brumley and Boneh timing attack on unprotected SSL implementations , 2005, CCS '05.

[12]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[13]  Jean-Pierre Seifert,et al.  Cheap Hardware Parallelism Implies Cheap Security , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[14]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[15]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[16]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[17]  Werner Schindler,et al.  On the Optimization of Side-Channel Attacks by Advanced Stochastic Methods , 2005, Public Key Cryptography.

[18]  Jean-Pierre Seifert,et al.  On the power of simple branch prediction analysis , 2007, ASIACCS '07.

[19]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[20]  Jean-Pierre Seifert,et al.  Cheap Hardware Parallelism Implies Cheap Security , 2007 .

[21]  Werner Schindler,et al.  A Combined Timing and Power Attack , 2002, Public Key Cryptography.

[22]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[23]  Berk Sunar,et al.  Tate Pairing with Strong Fault Resiliency , 2007 .

[24]  Jean-Jacques Quisquater,et al.  Montgomery Exponentiation with no Final Subtractions: Improved Results , 2000, CHES.

[25]  Shay Gueron Enhanced Montgomery Multiplication , 2002, CHES.

[26]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[27]  Michael Neve de Mevergnies,et al.  Cache-based vulnerabilities and spam analysis , 2006 .

[28]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[29]  C. D. Walter,et al.  Distinguishing Exponent Digits by Observing Modular Subtractions , 2001, CT-RSA.

[30]  Onur Aciiçmez,et al.  Yet another MicroArchitectural Attack:: exploiting I-Cache , 2007, CSAW '07.

[31]  Werner Schindler,et al.  More Detail for a Combined Timing and Power Attack against Implementations of RSA , 2003, IMACC.

[32]  Masayuki Abe,et al.  Topics in Cryptology CT-RSA 2007 , 2007 .

[33]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[34]  Werner Schindler,et al.  Improving Divide and Conquer Attacks against Cryptosystems by Better Error Detection / Correction Strategies , 2001, IMACC.

[35]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[36]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[37]  C. D. Walter,et al.  Montgomery's Multiplication Technique: How to Make It Smaller and Faster , 1999, CHES.

[38]  C. D. Walter,et al.  Montgomery exponentiation needs no final subtractions , 1999 .

[39]  Jean-Pierre Seifert,et al.  New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures , 2007, IMACC.

[40]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[41]  Werner Schindler,et al.  A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.