Uma Técnica de Análise Estática para Detecção de Canais Laterais Baseados em Tempo
Resumo
Canais laterais baseados em tempo são vulnerabilidades ligadas à implementação de sistemas criptográficos e que permitem ao adversário conhecer acerca de uma informação sigilosa através de minuciosas observações do tempo de execução do programa. Mascaramento e sistemas de tipos já foram propostos objetivando mitigar esse problema. Este artigo propõe uma alternativa focada em análise estática de fluxo de informação. Aplicou-se essa análise na biblioteca NaCl e em porções da OpenSSL onde foi possível validar a boa qualidade da primeira e reportar vários traços vulneráveis na segunda.
Referências
Almeida, J. B., Barbosa, M., Pinto, J. S., and Vieira, B. (2013). Formal verification of side-channel countermeasures using self-composition. Science of Computer Programming, 78(7):796–812.
Bernstein, D. J. (2004). Cache-timing attacks on AES. URL: http://cr.yp.to/papers.html#cachetiming.
Bernstein, D. J. (2006). Curve25519: new diffie-hellman speed records. In PKC, pages 207–228. Springer.
Bernstein, D. J., Lange, T., and Schwabe, P. (2012). The security impact of a new cryptographic library. In Progress in Cryptology – LATINCRYPT, pages 159–176. Springer.
Blazakis, D. (2010). Interpreter exploitation. In WOOT, pages 1–9. USENIX.
Chen, Y.-F., Hsu, C.-H., Lin, H.-H., Schwabe, P., Tsai, M.-H., Wang, B.-Y., Yang, B.-Y., and Yang, S.-Y. (2014). Verifying Curve25519 software. In Proceedings of CCS, pages 299–309. ACM.
Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestre, P., Quisquater, J.-J., and Willems, J.-L. (2000). A practical implementation of the timing attack. In Smart Card Research and Applications, volume 1820 of Lecture Notes in Computer Science, pages 167–182. Springer.
Dietz, W., Li, P., Regehr, J., and Adve, V. (2012). Understanding integer overflow in C/C++. In ICSE, pages 760–770. IEEE.
Dowson, M. (1997). The ariane 5 software failure. SIGSOFT Softw. Eng. Notes, 22(2):84–.
Genkin, D., Shamir, A., and Tromer, E. (2014). RSA key extraction via low-bandwidth acoustic cryptanalysis. In CRYPTO, pages 444–461. Springer.
Hunt, S. and Sands, D. (2006). On flow-sensitive security types. In POPL, pages 79–90. ACM.
Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In CRYPTO, volume 1666 of LNCS, pages 388–397. Springer.
Kocher, P. C. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO, pages 104–113. Springer.
Lux, A. and Starostin, A. (2011). A tool for static detection of timing channels in java. Journal of Cryptographic Engineering, 1(4):303–313.
Molnar, D., Piotrowski, M., Schultz, D., and Wagner, D. (2006). The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Proceedings of ICISC, pages 156–168, Berlin, Heidelberg. Springer.
Oliveira, T., López, J., Aranha, D. F., and Rodríguez-Henríquez, F. (2014). Two is the fastest prime: lambda coordinates for binary elliptic curves. J. Cryptographic Engineering, 4(1):3–17.
Prouff, E. (2013). Side channel attacks against block ciphers implementations and countermeasures. Tutorial presented in CHES.
Quisquater, J.-J. and Samyde, D. (2001). Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In Smart Card Programming and Security, pages 200–210. Springer.
Serebryany, K., Bruening, D., Potapenko, A., and Vyukov, D. (2012). Addresssanitizer: a fast address sanity checker. In USENIX, pages 28–28. USENIX Association.
Yarom, Y. and Benger, N. (2014). Recovering openssl ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. Cryptology ePrint Archive, Report 2014/140. http://eprint.iacr.org/.
Bernstein, D. J. (2004). Cache-timing attacks on AES. URL: http://cr.yp.to/papers.html#cachetiming.
Bernstein, D. J. (2006). Curve25519: new diffie-hellman speed records. In PKC, pages 207–228. Springer.
Bernstein, D. J., Lange, T., and Schwabe, P. (2012). The security impact of a new cryptographic library. In Progress in Cryptology – LATINCRYPT, pages 159–176. Springer.
Blazakis, D. (2010). Interpreter exploitation. In WOOT, pages 1–9. USENIX.
Chen, Y.-F., Hsu, C.-H., Lin, H.-H., Schwabe, P., Tsai, M.-H., Wang, B.-Y., Yang, B.-Y., and Yang, S.-Y. (2014). Verifying Curve25519 software. In Proceedings of CCS, pages 299–309. ACM.
Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestre, P., Quisquater, J.-J., and Willems, J.-L. (2000). A practical implementation of the timing attack. In Smart Card Research and Applications, volume 1820 of Lecture Notes in Computer Science, pages 167–182. Springer.
Dietz, W., Li, P., Regehr, J., and Adve, V. (2012). Understanding integer overflow in C/C++. In ICSE, pages 760–770. IEEE.
Dowson, M. (1997). The ariane 5 software failure. SIGSOFT Softw. Eng. Notes, 22(2):84–.
Genkin, D., Shamir, A., and Tromer, E. (2014). RSA key extraction via low-bandwidth acoustic cryptanalysis. In CRYPTO, pages 444–461. Springer.
Hunt, S. and Sands, D. (2006). On flow-sensitive security types. In POPL, pages 79–90. ACM.
Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In CRYPTO, volume 1666 of LNCS, pages 388–397. Springer.
Kocher, P. C. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO, pages 104–113. Springer.
Lux, A. and Starostin, A. (2011). A tool for static detection of timing channels in java. Journal of Cryptographic Engineering, 1(4):303–313.
Molnar, D., Piotrowski, M., Schultz, D., and Wagner, D. (2006). The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Proceedings of ICISC, pages 156–168, Berlin, Heidelberg. Springer.
Oliveira, T., López, J., Aranha, D. F., and Rodríguez-Henríquez, F. (2014). Two is the fastest prime: lambda coordinates for binary elliptic curves. J. Cryptographic Engineering, 4(1):3–17.
Prouff, E. (2013). Side channel attacks against block ciphers implementations and countermeasures. Tutorial presented in CHES.
Quisquater, J.-J. and Samyde, D. (2001). Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In Smart Card Programming and Security, pages 200–210. Springer.
Serebryany, K., Bruening, D., Potapenko, A., and Vyukov, D. (2012). Addresssanitizer: a fast address sanity checker. In USENIX, pages 28–28. USENIX Association.
Yarom, Y. and Benger, N. (2014). Recovering openssl ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. Cryptology ePrint Archive, Report 2014/140. http://eprint.iacr.org/.
Publicado
09/11/2015
Como Citar
SILVA, Bruno R.; ARANHA, Diego; PEREIRA, Fernando M. Q..
Uma Técnica de Análise Estática para Detecção de Canais Laterais Baseados em Tempo. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 15. , 2015, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2015
.
p. 16-29.
DOI: https://doi.org/10.5753/sbseg.2015.20082.
