Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC

We provide further evidence that implementing software countermeasures against timing attacks is a non-trivial task and requires domain-specific software development processes: we report an implementation bug in the s2n library, recently released by AWS Labs. This bug now fixed allowed bypassing the balancing countermeasures against timing attacks deployed in the implementation of the MAC-then-Encode-then-CBC-Encrypt MEE-CBC component, creating a timing side-channel similar to that exploited by Lucky 13. Although such an attack could only be launched when the MEE-CBC component is used in isolation --- Albrecht and Paterson recently confirmed in independent work that s2n's second line of defence, once reinforced, provides adequate mitigation against current adversary capabilities --- its existence serves as further evidence to the fact that conventional software validation processes are not effective in the study and validation of security properties. To solve this problem, we define a methodology for proving security of implementations in the presence of timing attackers: first, prove black-box security of an algorithmic description of a cryptographic construction; then, establish functional correctness of an implementation with respect to the algorithmic description; and finally, prove that the implementation is leakage secure. We present a proof-of-concept application of our methodology to MEE-CBC, bringing together three different formal verification tools to produce an assembly implementation of this construction that is verifiably secure against adversaries with access to some timing leakage. Our methodology subsumes previous work connecting provable security and side-channel analysis at the implementation level, and supports the verification of a much larger case study. Our case study itself provides the first provable security validation of complex timing countermeasures deployed, for example, in OpenSSL.

[1]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[2]  Martijn Stam,et al.  Rogue Decryption Failures: Reconciling AE Robustness Notions , 2015, IMACC.

[3]  Kenneth G. Paterson,et al.  Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS , 2016, EUROCRYPT.

[4]  Kenneth G. Paterson,et al.  Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol , 2011, ASIACRYPT.

[5]  Hugo Krawczyk,et al.  The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[6]  Gilles Barthe,et al.  Verifying Constant-Time Implementations , 2016, USENIX Security Symposium.

[7]  Tanja Lange,et al.  The Security Impact of a New Cryptographic Library , 2012, LATINCRYPT.

[8]  Kenneth G. Paterson,et al.  On Symmetric Encryption with Distinguishable Decryption Failures , 2013, FSE.

[9]  Bernhard Beckert,et al.  Information Flow in Object-Oriented Software , 2013, LOPSTR.

[10]  Ralf Küsters,et al.  A Framework for the Cryptographic Verification of Java-Like Programs , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[11]  Benjamin Grégoire,et al.  Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[12]  Andrew W. Appel,et al.  Verified Correctness and Security of OpenSSL HMAC , 2015, USENIX Security Symposium.

[13]  Benjamin Grégoire,et al.  EasyCrypt: A Tutorial , 2013, FOSAD.

[14]  Gilles Barthe,et al.  System-level Non-interference for Constant-time Cryptography , 2014, IACR Cryptol. ePrint Arch..

[15]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption against Mass Surveillance , 2014, IACR Cryptol. ePrint Arch..

[16]  Peter Schwabe,et al.  Faster and Timing-Attack Resistant AES-GCM , 2009, CHES.

[17]  Khawaja Amer Hayat,et al.  Password Interception in a SSL/TLS Channel , 2004 .

[18]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[19]  Benjamin Grégoire,et al.  Fully automated analysis of padding-based encryption in the computational model , 2013, CCS.

[20]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[21]  Sylvain Guilley,et al.  A formal proof of countermeasures against fault injection attacks on CRT-RSA , 2013, Journal of Cryptographic Engineering.

[22]  Alex J. Malozemoff,et al.  Automated Analysis and Synthesis of Authenticated Encryption Schemes , 2015, IACR Cryptol. ePrint Arch..

[23]  Tom Chothia,et al.  A Traceability Attack against e-Passports , 2010, Financial Cryptography.

[24]  DegabrieleJean Paul,et al.  Provable Security in the Real World , 2011, S&P 2011.

[25]  Alfredo Pironti,et al.  Implementing TLS with Verified Cryptographic Security , 2013, 2013 IEEE Symposium on Security and Privacy.

[26]  Kenneth G. Paterson,et al.  Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.

[27]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[28]  Ueli Maurer,et al.  On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption , 2010, CCS '10.

[29]  Gilles Barthe,et al.  Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations , 2013, IACR Cryptol. ePrint Arch..

[30]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.