The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations

At CRYPTO'98, Bleichenbacher published his seminal paper which described a padding oracle attack against RSA implementations that follow the PKCS #1 v1.5 standard. Over the last twenty years researchers and implementors had spent a huge amount of effort in developing and deploying numerous mitigation techniques which were supposed to plug all the possible sources of Bleichenbacher-like leakages. However, as we show in this paper, most implementations are still vulnerable to several novel types of attack based on leakage from various microarchitectural side channels: Out of nine popular implementations of TLS that we tested, we were able to break the security of seven implementations with practical proof-of-concept attacks. We demonstrate the feasibility of using those Cache-like ATacks (CATs) to perform a downgrade attack against any TLS connection to a vulnerable server, using a BEAST-like Man in the Browser attack. The main difficulty we face is how to perform the thousands of oracle queries required before the browser's imposed timeout (which is 30 seconds for almost all browsers, with the exception of Firefox which can be tricked into extending this period). Due to its use of adaptive chosen ciphertext queries, the attack seems to be inherently sequential, but we describe a new way to parallelize Bleichenbacher-like padding attacks by exploiting any available number of TLS servers that share the same public key certificate. With this improvement, we can demonstrate the feasibility of a downgrade attack which could recover all the 2048 bits of the RSA plaintext (including the premaster secret value, which suffices to establish a secure connection) from five available TLS servers in under 30 seconds. This sequential-to-parallel transformation of such attacks can be of independent interest, speeding up and facilitating other side channel attacks on RSA implementations.

[1]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[2]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[3]  Billy Bob Brumley,et al.  Remote Timing Attacks Are Still Practical , 2011, ESORICS.

[4]  Vlastimil Klíma,et al.  Attacking RSA-Based Sessions in SSL/TLS , 2003, CHES.

[5]  Frank Piessens,et al.  SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control , 2017, SysTEX@SOSP.

[6]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7]  Gorka Irazoqui Apecechea,et al.  Lucky 13 Strikes Back , 2015, AsiaCCS.

[8]  Dan Boneh,et al.  Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes , 1996, CRYPTO.

[9]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[10]  Adi Shamir,et al.  On the cryptographic security of single RSA bits , 1983, STOC '83.

[11]  Nael B. Abu-Ghazaleh,et al.  Understanding and Mitigating Covert Channels Through Branch Predictors , 2016, ACM Trans. Archit. Code Optim..

[12]  Nael B. Abu-Ghazaleh,et al.  BranchScope: A New Side-Channel Attack on Directional Branch Predictor , 2018, ASPLOS.

[13]  Mengyuan Li,et al.  STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves , 2017, CCS.

[14]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[15]  Nael B. Abu-Ghazaleh,et al.  Jump over ASLR: Attacking branch predictors to bypass ASLR , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[16]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[17]  Billy Bob Brumley,et al.  Amplifying side channels through performance degradation , 2015, ACSAC.

[18]  Daniel Migault,et al.  LURK Extension version 1 for (D)TLS 1.2 Authentication , 2019 .

[19]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[20]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[21]  Michael M. Swift,et al.  A Placement Vulnerability Study in Multi-Tenant Public Clouds , 2015, USENIX Security Symposium.

[22]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[23]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[24]  Gernot Heiser,et al.  No Security Without Time Protection: We Need a New Hardware-Software Contract , 2018, APSys.

[25]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[26]  Gorka Irazoqui Apecechea,et al.  Cache Attacks Enable Bulk Key Recovery on the Cloud , 2016, CHES.

[27]  Kenneth G. Paterson,et al.  Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure , 2018, IACR Cryptol. ePrint Arch..

[28]  Onur Aciiçmez,et al.  Yet another MicroArchitectural Attack:: exploiting I-Cache , 2007, CSAW '07.

[29]  Naomi Benger,et al.  "Ooh Aah... Just a Little Bit" : A Small Amount of Side Channel Can Go a Long Way , 2014, CHES.

[30]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[31]  Yuan Xiao,et al.  Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices , 2016, CCS.

[32]  Hiroshi Miyauchi,et al.  Cryptanalysis of DES Implemented on Computers with Cache , 2003, CHES.

[33]  Josep Torrellas,et al.  Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures , 2018, USENIX Security Symposium.

[34]  Hovav Shacham,et al.  A Systematic Analysis of the Juniper Dual EC Incident , 2016, IACR Cryptol. ePrint Arch..

[35]  Craig Disselkoen,et al.  Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX , 2017, USENIX Security Symposium.

[36]  Kenneth G. Paterson,et al.  Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.

[37]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[38]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2018, Journal of Cryptographic Engineering.

[39]  Stefan Mangard,et al.  Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches , 2015, USENIX Security Symposium.

[40]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[41]  Tibor Jager,et al.  On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption , 2015, CCS.

[42]  Michael K. Reiter,et al.  Cross-Tenant Side-Channel Attacks in PaaS Clouds , 2014, CCS.

[43]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[44]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[45]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[46]  Nigel P. Smart,et al.  Lattice Attacks on Digital Signature Schemes , 2001, Des. Codes Cryptogr..

[47]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[48]  Frank Piessens,et al.  Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic , 2018, CCS.

[49]  Jean-Pierre Seifert,et al.  New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures , 2007, IMACC.

[50]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[51]  Yuval Yarom,et al.  ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels , 2016, IACR Cryptol. ePrint Arch..

[52]  James Manger,et al.  A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 , 2001, CRYPTO.

[53]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[54]  Yuval Yarom,et al.  May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 , 2017, CCS.

[55]  Juraj Somorovsky,et al.  Return Of Bleichenbacher's Oracle Threat (ROBOT) , 2018, IACR Cryptol. ePrint Arch..

[56]  Tibor Jager,et al.  Bleichenbacher's Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption , 2012, ESORICS.

[57]  Angelos D. Keromytis,et al.  The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications , 2015, CCS.

[58]  Yuval Yarom,et al.  Drive-by Key-Extraction Cache Attacks from Portable Code , 2018, IACR Cryptol. ePrint Arch..

[59]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[60]  Erik Tews,et al.  Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks , 2014, USENIX Security Symposium.

[61]  Gorka Irazoqui Apecechea,et al.  S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES , 2015, 2015 IEEE Symposium on Security and Privacy.

[62]  Graham Steel,et al.  Efficient Padding Oracle Attacks on Cryptographic Hardware , 2012, IACR Cryptol. ePrint Arch..

[63]  Thomas Eisenbarth,et al.  Co-location detection on the Cloud , 2016, IACR Cryptol. ePrint Arch..