OpenSSL Bellcore's Protection Helps Fault Attack

Faults in software implementations target both data and instructions at different locations. Bellcore attack is a well-known fault attack that is able to break CRT-RSA. In response, cryptographic libraries such as OpenSSL are designed with protections. In this paper, we show two new fault locations on OpenSSL implementation of the CRT-RSA signature that restore the Bellcore attack and break OpenSSL protection against it. Quite surprisingly, one of the fault we found is made possible because of the existence of such protection.

[1]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[2]  Jean-Louis Lanet,et al.  An Automated Formal Process for Detecting Fault Injection Vulnerabilities in Binaries and Case Study on PRESENT , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[3]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[4]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[5]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[6]  Karine Heydemann,et al.  Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification , 2015, CARDIS.

[7]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[8]  Ingrid Verbauwhede,et al.  The Fault Attack Jungle - A Classification Model to Guide You , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[9]  Marie-Laure Potet,et al.  Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation.

[10]  David Naccache,et al.  Modulus Fault Attacks against RSA-CRT Signatures , 2011, CHES.

[11]  Debdeep Mukhopadhyay,et al.  Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis , 2016, CHES.

[12]  Richard J. Lipton,et al.  On the Importance of Eliminating Errors in Cryptographic Computations , 2015, Journal of Cryptology.