Utilizing Performance Counters for Compromising Public Key Ciphers

Hardware performance counters (HPCs) are useful artifacts for evaluating the performance of software implementations. Recently, HPCs have been made more convenient to use without requiring explicit kernel patches or superuser privileges. However, in this article, we highlight that the information revealed by HPCs can be also exploited to attack standard implementations of public key algorithms. In particular, we analyze the vulnerability due to the event branch miss leaked via the HPCs during execution of the target ciphers. We present an iterative attack that targets the key bits of 1,024-bit RSA and 256-bit ECC, whereas in the offline phase, the system’s underlying branch predictor is approximated by a theoretical predictor in the literature. Subsimulations are performed corresponding to each bit guess to classify the message space into distinct partitions based on the event branch misprediction and the target key bit value. In the online phase, branch mispredictions obtained from the hardware performance monitors on the target system reveal the secret key bits. We also theoretically prove that the probability of success of the attack is equivalent to the accurate modeling of the theoretical predictor to the underlying system predictor. In addition, we propose an improved version of the attack that requires fewer branch misprediction traces from the HPCs to recover the secret. Experimentations using both attack strategies have been provided on Intel Core 2 Duo, Core i3, and Core i5 platforms for 1,024-bit implementation of RSA and 256-bit scalar multiplication over the secp256r1 curve followed by results on the effect of change of parameters on the success rate. The attack can successfully reveal the exponent bits and thus seeks attention to model secure branch predictors such that it inherently prevents information leakage.

[1]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[2]  Jean-Jacques Quisquater,et al.  Montgomery Exponentiation with no Final Subtractions: Improved Results , 2000, CHES.

[3]  Nael B. Abu-Ghazaleh,et al.  Understanding and Mitigating Covert Channels Through Branch Predictors , 2016, ACM Trans. Archit. Code Optim..

[4]  Ingrid Verbauwhede,et al.  Exploiting Hardware Performance Counters , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[5]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[6]  James Manger,et al.  A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 , 2001, CRYPTO.

[7]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[8]  Nael B. Abu-Ghazaleh,et al.  Jump over ASLR: Attacking branch predictors to bypass ASLR , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[9]  Sylvain Guilley,et al.  Correlated Extra-Reductions Defeat Blinded Regular Exponentiation , 2016, CHES.

[10]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[11]  Naomi Benger,et al.  Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack , 2014, IACR Cryptol. ePrint Arch..

[12]  Risto M. Hakala,et al.  Cache-Timing Template Attacks , 2009, ASIACRYPT.

[13]  Yale N. Patt,et al.  A two-level approach to making class predictions , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[14]  Joseph Bonneau,et al.  Cache-Collision Timing Attacks Against AES , 2006, CHES.

[15]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[16]  Charlene O'Hanlon,et al.  A Conversation with John Hennessy and David Patterson , 2006, ACM Queue.

[17]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[18]  Onur Aciiçmez,et al.  A Vulnerability in RSA Implementations Due to Instruction Cache Analysis and Its Demonstration on OpenSSL , 2008, CT-RSA.

[19]  Jean-Pierre Seifert,et al.  Micro-Architectural Cryptanalysis , 2007, IEEE Security & Privacy.

[20]  Nael B. Abu-Ghazaleh,et al.  Covert channels through branch predictors: a feasibility study , 2015, HASP@ISCA.

[21]  Chester Rebeiro,et al.  Template attack on SPA and FA resistant implementation of Montgomery ladder , 2016, IET Inf. Secur..

[22]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[23]  David Schultz,et al.  The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.

[24]  C. D. Walter,et al.  Montgomery exponentiation needs no final subtractions , 1999 .

[25]  Jean-Pierre Seifert,et al.  New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures , 2007, IMACC.

[26]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[27]  Debdeep Mukhopadhyay,et al.  Formal fault analysis of branch predictors: attacking countermeasures of asymmetric key ciphers , 2017, Journal of Cryptographic Engineering.

[28]  Simha Sethumadhavan,et al.  TimeWarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).

[29]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.