Uma Técnica de Análise Estática para Detecção de Canais Laterais Baseados em Tempo
Abstract
A time-based side-channel is a vulnerability related to implementations of cryptographic systems which allow an adversary to obtain secret information through detailed observations of a program's execution time. Masking and type systems have been proposed as strategies to mitigate this problem. This article proposes an alternative approach focused on static information flow analysis. We have applied it in NaCl and portions of the OpenSSL library where it was possible to validate the good quality of NaCl and to report several vulnerable traces in OpenSSL.
References
Almeida, J. B., Barbosa, M., Pinto, J. S., and Vieira, B. (2013). Formal verification of side-channel countermeasures using self-composition. Science of Computer Programming, 78(7):796–812.
Bernstein, D. J. (2004). Cache-timing attacks on AES. URL: http://cr.yp.to/papers.html#cachetiming.
Bernstein, D. J. (2006). Curve25519: new diffie-hellman speed records. In PKC, pages 207–228. Springer.
Bernstein, D. J., Lange, T., and Schwabe, P. (2012). The security impact of a new cryptographic library. In Progress in Cryptology – LATINCRYPT, pages 159–176. Springer.
Blazakis, D. (2010). Interpreter exploitation. In WOOT, pages 1–9. USENIX.
Chen, Y.-F., Hsu, C.-H., Lin, H.-H., Schwabe, P., Tsai, M.-H., Wang, B.-Y., Yang, B.-Y., and Yang, S.-Y. (2014). Verifying Curve25519 software. In Proceedings of CCS, pages 299–309. ACM.
Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestre, P., Quisquater, J.-J., and Willems, J.-L. (2000). A practical implementation of the timing attack. In Smart Card Research and Applications, volume 1820 of Lecture Notes in Computer Science, pages 167–182. Springer.
Dietz, W., Li, P., Regehr, J., and Adve, V. (2012). Understanding integer overflow in C/C++. In ICSE, pages 760–770. IEEE.
Dowson, M. (1997). The ariane 5 software failure. SIGSOFT Softw. Eng. Notes, 22(2):84–.
Genkin, D., Shamir, A., and Tromer, E. (2014). RSA key extraction via low-bandwidth acoustic cryptanalysis. In CRYPTO, pages 444–461. Springer.
Hunt, S. and Sands, D. (2006). On flow-sensitive security types. In POPL, pages 79–90. ACM.
Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In CRYPTO, volume 1666 of LNCS, pages 388–397. Springer.
Kocher, P. C. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO, pages 104–113. Springer.
Lux, A. and Starostin, A. (2011). A tool for static detection of timing channels in java. Journal of Cryptographic Engineering, 1(4):303–313.
Molnar, D., Piotrowski, M., Schultz, D., and Wagner, D. (2006). The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Proceedings of ICISC, pages 156–168, Berlin, Heidelberg. Springer.
Oliveira, T., López, J., Aranha, D. F., and Rodríguez-Henríquez, F. (2014). Two is the fastest prime: lambda coordinates for binary elliptic curves. J. Cryptographic Engineering, 4(1):3–17.
Prouff, E. (2013). Side channel attacks against block ciphers implementations and countermeasures. Tutorial presented in CHES.
Quisquater, J.-J. and Samyde, D. (2001). Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In Smart Card Programming and Security, pages 200–210. Springer.
Serebryany, K., Bruening, D., Potapenko, A., and Vyukov, D. (2012). Addresssanitizer: a fast address sanity checker. In USENIX, pages 28–28. USENIX Association.
Yarom, Y. and Benger, N. (2014). Recovering openssl ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. Cryptology ePrint Archive, Report 2014/140. http://eprint.iacr.org/.
Bernstein, D. J. (2004). Cache-timing attacks on AES. URL: http://cr.yp.to/papers.html#cachetiming.
Bernstein, D. J. (2006). Curve25519: new diffie-hellman speed records. In PKC, pages 207–228. Springer.
Bernstein, D. J., Lange, T., and Schwabe, P. (2012). The security impact of a new cryptographic library. In Progress in Cryptology – LATINCRYPT, pages 159–176. Springer.
Blazakis, D. (2010). Interpreter exploitation. In WOOT, pages 1–9. USENIX.
Chen, Y.-F., Hsu, C.-H., Lin, H.-H., Schwabe, P., Tsai, M.-H., Wang, B.-Y., Yang, B.-Y., and Yang, S.-Y. (2014). Verifying Curve25519 software. In Proceedings of CCS, pages 299–309. ACM.
Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestre, P., Quisquater, J.-J., and Willems, J.-L. (2000). A practical implementation of the timing attack. In Smart Card Research and Applications, volume 1820 of Lecture Notes in Computer Science, pages 167–182. Springer.
Dietz, W., Li, P., Regehr, J., and Adve, V. (2012). Understanding integer overflow in C/C++. In ICSE, pages 760–770. IEEE.
Dowson, M. (1997). The ariane 5 software failure. SIGSOFT Softw. Eng. Notes, 22(2):84–.
Genkin, D., Shamir, A., and Tromer, E. (2014). RSA key extraction via low-bandwidth acoustic cryptanalysis. In CRYPTO, pages 444–461. Springer.
Hunt, S. and Sands, D. (2006). On flow-sensitive security types. In POPL, pages 79–90. ACM.
Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In CRYPTO, volume 1666 of LNCS, pages 388–397. Springer.
Kocher, P. C. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO, pages 104–113. Springer.
Lux, A. and Starostin, A. (2011). A tool for static detection of timing channels in java. Journal of Cryptographic Engineering, 1(4):303–313.
Molnar, D., Piotrowski, M., Schultz, D., and Wagner, D. (2006). The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Proceedings of ICISC, pages 156–168, Berlin, Heidelberg. Springer.
Oliveira, T., López, J., Aranha, D. F., and Rodríguez-Henríquez, F. (2014). Two is the fastest prime: lambda coordinates for binary elliptic curves. J. Cryptographic Engineering, 4(1):3–17.
Prouff, E. (2013). Side channel attacks against block ciphers implementations and countermeasures. Tutorial presented in CHES.
Quisquater, J.-J. and Samyde, D. (2001). Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In Smart Card Programming and Security, pages 200–210. Springer.
Serebryany, K., Bruening, D., Potapenko, A., and Vyukov, D. (2012). Addresssanitizer: a fast address sanity checker. In USENIX, pages 28–28. USENIX Association.
Yarom, Y. and Benger, N. (2014). Recovering openssl ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. Cryptology ePrint Archive, Report 2014/140. http://eprint.iacr.org/.
Published
2015-11-09
How to Cite
SILVA, Bruno R.; ARANHA, Diego; PEREIRA, Fernando M. Q..
Uma Técnica de Análise Estática para Detecção de Canais Laterais Baseados em Tempo. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 15. , 2015, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2015
.
p. 16-29.
DOI: https://doi.org/10.5753/sbseg.2015.20082.
