When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA
Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provides a strong isolation from an adversarial OS, however, does not guarantee protection against side-channel attacks. In this paper, we analyze the security of the mbedTLS binary GCD algorithm, an imple...
Gespeichert in:
| Veröffentlicht in: | IACR transactions on cryptographic hardware and embedded systems Jg. 2020; H. 2 |
|---|---|
| Hauptverfasser: | , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
Ruhr-Universität Bochum
01.03.2020
|
| Schlagworte: | |
| ISSN: | 2569-2925 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provides a strong isolation from an adversarial OS, however, does not guarantee protection against side-channel attacks. In this paper, we analyze the security of the mbedTLS binary GCD algorithm, an implementation that offers interesting challenges when compared for example with OpenSSL, due to the usage of very tight loops in the former. Using practical experiments we demonstrate the mbedTLS binary GCD implementation is vulnerable to side-channel analysis using the SGX-Step framework against mbedTLS based SGX enclaves. We analyze the security of some use cases of this algorithm in this library, resulting in the discovery of a new vulnerability in the ECDSA code path that allows a single-trace attack against this implementation. This vulnerability is three-fold interesting: • It resides in the implementation of a countermeasure which makes it more dangerous due to the false state of security the countermeasure currently offers. • It reduces mbedTLS ECDSA security to an integer factorization problem. • An unexpected GCD call inside the ECDSA code path compromises the countermeasure. We also cover an orthogonal use case, this time inside the mbedTLS RSA code path during the computation of a CRT parameter when loading a private key. The attack also exploits the binary GCD implementation threat, showing how a single vulnerable primitive leads to multiple vulnerabilities. We demonstrate both security threats with end-to-end attacks using 1000 trials each, showing in both cases single-trace attacks can be achieved with success rates very close to 100%. |
|---|---|
| AbstractList | Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provides a strong isolation from an adversarial OS, however, does not guarantee protection against side-channel attacks. In this paper, we analyze the security of the mbedTLS binary GCD algorithm, an implementation that offers interesting challenges when compared for example with OpenSSL, due to the usage of very tight loops in the former. Using practical experiments we demonstrate the mbedTLS binary GCD implementation is vulnerable to side-channel analysis using the SGX-Step framework against mbedTLS based SGX enclaves. We analyze the security of some use cases of this algorithm in this library, resulting in the discovery of a new vulnerability in the ECDSA code path that allows a single-trace attack against this implementation. This vulnerability is three-fold interesting: • It resides in the implementation of a countermeasure which makes it more dangerous due to the false state of security the countermeasure currently offers. • It reduces mbedTLS ECDSA security to an integer factorization problem. • An unexpected GCD call inside the ECDSA code path compromises the countermeasure. We also cover an orthogonal use case, this time inside the mbedTLS RSA code path during the computation of a CRT parameter when loading a private key. The attack also exploits the binary GCD implementation threat, showing how a single vulnerable primitive leads to multiple vulnerabilities. We demonstrate both security threats with end-to-end attacks using 1000 trials each, showing in both cases single-trace attacks can be achieved with success rates very close to 100%. |
| Author | Alejandro Cabrera Aldaya Billy Bob Brumley |
| Author_xml | – sequence: 1 fullname: Alejandro Cabrera Aldaya organization: Tampere University, Tampere, Finland – sequence: 2 fullname: Billy Bob Brumley organization: Tampere University, Tampere, Finland |
| BookMark | eNotjttKw0AYhBdRsNY-g_sCiXtMdr0rtdZCUbBFL8O_h7RbYyKbbcC3Nx6uZpgPPuYKnbdd6xG6oSSnnEpxm-zB9_nACCN5YDnVRcYYPUMTJgudMc3kJZr1_ZEQwiSRtNQT9Pp28C0eRXg4Na2PYBqPP2P4CCkMHqdTbHs8hAjNHX7qBt_gPrT7xmcpgvUYUgL73o8CvFzcb-cYWodftvNrdFFD0_vZf07R7mG5Wzxmm-fVejHfZI7yImWs0NxKIY1SxpBauWIsytcGlAYllCk5OK1qByOVtQXBjSydcUpK7hyfovWf1nVwrH5uQ_yqOgjV79DFfQUxBdv4CoByR6x0hatFqa0WZSkIp8oLL6zz_BvbI2OE |
| ContentType | Journal Article |
| DBID | DOA |
| DOI | 10.13154/tches.v2020.i2.196-221 |
| DatabaseName | DOAJ Directory of Open Access Journals |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| EISSN | 2569-2925 |
| ExternalDocumentID | oai_doaj_org_article_aa13d0c5d6df479c947740318e4e4cde |
| GroupedDBID | AAFWJ AFPKN ALMA_UNASSIGNED_HOLDINGS GROUPED_DOAJ M~E |
| ID | FETCH-LOGICAL-d136t-2693c545b88bb0f8d688b8efba89a848b73ad98fdab0f5fca43b57dbd8553dd3 |
| IEDL.DBID | DOA |
| IngestDate | Mon Nov 10 04:27:51 EST 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 2 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-d136t-2693c545b88bb0f8d688b8efba89a848b73ad98fdab0f5fca43b57dbd8553dd3 |
| OpenAccessLink | https://doaj.org/article/aa13d0c5d6df479c947740318e4e4cde |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_aa13d0c5d6df479c947740318e4e4cde |
| PublicationCentury | 2000 |
| PublicationDate | 2020-03-01 |
| PublicationDateYYYYMMDD | 2020-03-01 |
| PublicationDate_xml | – month: 03 year: 2020 text: 2020-03-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | IACR transactions on cryptographic hardware and embedded systems |
| PublicationYear | 2020 |
| Publisher | Ruhr-Universität Bochum |
| Publisher_xml | – name: Ruhr-Universität Bochum |
| SSID | ssj0002505179 |
| Score | 2.185352 |
| Snippet | Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provides a strong isolation from an adversarial OS, however,... |
| SourceID | doaj |
| SourceType | Open Website |
| SubjectTerms | binary ECDSA GCD RSA side-channel analysis vulnerable countermeasure |
| Title | When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA |
| URI | https://doaj.org/article/aa13d0c5d6df479c947740318e4e4cde |
| Volume | 2020 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVAON databaseName: DOAJ Directory of Open Access Journals databaseCode: DOA dateStart: 20180101 customDbUrl: isFulltext: true eissn: 2569-2925 dateEnd: 99991231 titleUrlDefault: https://www.doaj.org/ omitProxy: false ssIdentifier: ssj0002505179 providerName: Directory of Open Access Journals – providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources databaseCode: M~E dateStart: 20180101 customDbUrl: isFulltext: true eissn: 2569-2925 dateEnd: 99991231 titleUrlDefault: https://road.issn.org omitProxy: false ssIdentifier: ssj0002505179 providerName: ISSN International Centre |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV09a8MwEBUldOhSWtrSbzR0VWJHtix1S9OEDm0oTSjZjD4hYJyQOB7723tne8jWpYsxFghxd9x7h0_vCHmKDdDwECQLPOUMf60xxaVgJosQTgVQ8kZn9j2bzeRyqT4PRn1hT1grD9wabqB1zF1kUydcSDJlVQKEBSPRJz6xzmP2jTJ1UExhDkZgh1DrGro48IQBGmHXr6HYj_qrYR8ijw1RIfRAqr_BlOkZOe3IIB21hzgnR768IN-QH0u6Lj2t9wVqQpvC0w1O38LMRAEiyh3F1tzimc7WtS8olvuFZ9VWW091VeG1ediATsav8xHVpaNf89ElWUwni_Eb66YfMBdzUbGhUNwCvzFSGhMF6QS8SB-MlkrLRJqMa6dkcBpW02B1wk2aOeNkmnLn-BXplXDWa0IV50JDJWIVYHHGnQ4GeIUWXkO1BQznhrygDfJNq2-Ro-J08wH8kHd-yP_yw-1_bHJHTuLmqjv2eN2TXrXd-wdybOtqtds-Ni6G58fP5BfzCqzI |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=When+one+vulnerable+primitive+turns+viral%3A+Novel+single-trace+attacks+on+ECDSA+and+RSA&rft.jtitle=IACR+transactions+on+cryptographic+hardware+and+embedded+systems&rft.au=Alejandro+Cabrera+Aldaya&rft.au=Billy+Bob+Brumley&rft.date=2020-03-01&rft.pub=Ruhr-Universit%C3%A4t+Bochum&rft.eissn=2569-2925&rft.volume=2020&rft.issue=2&rft_id=info:doi/10.13154%2Ftches.v2020.i2.196-221&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_aa13d0c5d6df479c947740318e4e4cde |