Cache-Timing Attack Detection and Prevention - Application to Crypto Libs and PQC

With the publication of Spectre & Meltdown attacks, cache-timing exploitation techniques have received a wealth of attention recently. On the one hand, it is now well understood which patterns in the source code create observable unbalances in terms of timing. On the other hand, some practical attacks have also been reported. But the exact relation between vulnerabilities and exploitations is not enough studied as of today. In this article, we put forward a methodology to characterize the leakage induced by a “non-constant-time” construct in the source code. This methodology allows us to recover known attacks and to warn about possible new ones, possibly devastating.

[1]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[2]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[3]  Stefan Mangard,et al.  Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR , 2016, CCS.

[4]  Cesar Pereida García,et al.  "Make Sure DSA Signing Exponentiations Really are Constant-Time" , 2016, CCS.

[5]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[6]  Klaus Wagner,et al.  Flush+Flush: A Stealthier Last-Level Cache Attack , 2015, ArXiv.

[7]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[8]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[9]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[10]  Sylvain Guilley,et al.  High-order timing attacks , 2014, CS2 '14.

[11]  Sylvain Guilley,et al.  Detecting Cache-Timing Vulnerabilities in Post-Quantum Cryptography Algorithms , 2018, 2018 IEEE 3rd International Verification and Security Workshop (IVSW).

[12]  Thomas Eisenbarth,et al.  CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[13]  Sylvain Guilley,et al.  Cache-Timing Attacks Still Threaten IoT Devices , 2019, C2SI.

[14]  Clémentine Maurice,et al.  What could possibly go wrong with , 2016 .

[15]  Kay Römer,et al.  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud , 2017, NDSS.

[16]  Sylvain Guilley,et al.  Binary Data Analysis for Source Code Leakage Assessment , 2018, SecITC.

[17]  Marc Joye,et al.  Fault Analysis in Cryptography , 2012, Information Security and Cryptography.

[18]  C. D. Walter,et al.  Sliding Windows Succumbs to Big Mac Attack , 2001, CHES.

[19]  Billy Bob Brumley,et al.  Remote Timing Attacks Are Still Practical , 2011, ESORICS.

[20]  Sylvain Guilley,et al.  Correlated Extra-Reductions Defeat Blinded Regular Exponentiation , 2016, CHES.

[21]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[22]  Tanja Lange,et al.  Sliding Right into Disaster: Left-to-Right Sliding Windows Leak , 2017, CHES.