Advertisement

Cache-Timing Attacks Still Threaten IoT Devices

  • Sofiane Takarabt
  • Alexander Schaub
  • Adrien Facon
  • Sylvain GuilleyEmail author
  • Laurent Sauvage
  • Youssef Souissi
  • Yves Mathieu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11445)

Abstract

Deployed widely and embedding sensitive data, The security of IoT devices depend on the reliability of cryptographic libraries to protect user information. However when implemented on real systems, cryptographic algorithms are vulnerable to side-channel attacks based on their execution behavior, which can be revealed by measurements of physical quantities such as timing or power consumption. Some countermeasures can be implemented in order to prevent those attacks. However those countermeasures are generally designed at high level description, and when implemented, some residual leakage may persist. In this article we propose a methodology to assess the robustness of the MbedTLS library against timing and cache-timing attacks. This comprehensive study of side-channel security allows us to identify the most frequent weaknesses in software cryptographic code and how those might be fixed. This methodology checks the whole source code, from the top level routines to low level primitives, that are used for the final application. We retrieve hundreds of lines of code that leak sensitive information.

Notes

Acknowledgments

The authors are grateful to Matthieu Lec’hvien for having initiated this work (under the guidance of Alexander Schaub). This work has benefited from a funding via TeamPlay (https://teamplay-h2020.eu/), a project from European Union’s Horizon2020 research and innovation programme, under grand agreement No. 779882. Besides, this work has been partly financed by NSFC grant No. 61632020, and French PIA (Projet d’Investissment d’Avenir) grant P141580, of acronym RISQ (Regroupement de l’Industrie pour la Sécurité post-Quantique).

References

  1. 1.
    Arnaud, C., Fouque, P.-A.: Timing attack against protected RSA-CRT implementation used in PolarSSL. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 18–33. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36095-4_2CrossRefGoogle Scholar
  2. 2.
    Bauer, A., Jaulmes, E., Lomné, V., Prouff, E., Roche, T.: Side-channel attack against RSA key generation algorithms. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 223–241. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44709-3_13CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.J.: Cache-timing attacks on AES (2005)Google Scholar
  4. 4.
    Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53140-2_11CrossRefGoogle Scholar
  5. 5.
    Bouvet, A., Bruneau, N., Facon, A., Guilley, S., Marion, D.: Give me your binary, I’ll tell you if it leaks, pp. 1–4 (2018)Google Scholar
  6. 6.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28632-5_2CrossRefGoogle Scholar
  7. 7.
    Groot Bruinderink, L., Hülsing, A., Lange, T., Yarom, Y.: Flush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 323–345. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53140-2_16CrossRefGoogle Scholar
  8. 8.
    Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-23822-2_20CrossRefGoogle Scholar
  9. 9.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48059-5_25CrossRefGoogle Scholar
  10. 10.
    Dugardin, M., Guilley, S., Danger, J.-L., Najm, Z., Rioul, O.: Correlated extra-reductions defeat blinded regular exponentiation. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 3–22. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53140-2_1CrossRefGoogle Scholar
  11. 11.
    Facon, A., Guilley, S., Lec’hvien, M., Schaub, A., Souissi, Y.: Detecting cache-timing vulnerabilities in post-quantum cryptography algorithms. In: 2018 IEEE 3rd International Verification and Security Workshop (IVSW), pp. 7–12. IEEE (2018)Google Scholar
  12. 12.
    Itoh, K., Izu, T., Takenaka, M.: Address-bit differential power analysis of cryptographic schemes OK-ECDH and OK-ECDSA. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 129–143. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_11CrossRefGoogle Scholar
  13. 13.
    Itoh, K., Izu, T., Takenaka, M.: A practical countermeasure against address-bit differential power analysis. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 382–396. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45238-6_30CrossRefGoogle Scholar
  14. 14.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68697-5_9CrossRefGoogle Scholar
  15. 15.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  16. 16.
    Le, T.-H., Canovas, C., Clédiere, J.: An overview of side-channel analysis attacks. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 33–43. ACM (2008)Google Scholar
  17. 17.
    Nakano, Y., et al.: A pre-processing composition for secret key recovery on android smartphone. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 76–91. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43826-8_6CrossRefGoogle Scholar
  18. 18.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006).  https://doi.org/10.1007/11605805_1CrossRefGoogle Scholar
  19. 19.
    Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. In: IACR Cryptology ePrint Archive, 2014:140 (2014)Google Scholar
  20. 20.
    Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security Symposium, pp. 719–732 (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Sofiane Takarabt
    • 1
    • 2
  • Alexander Schaub
    • 2
  • Adrien Facon
    • 1
    • 3
  • Sylvain Guilley
    • 1
    • 2
    • 3
    Email author
  • Laurent Sauvage
    • 1
    • 2
  • Youssef Souissi
    • 1
  • Yves Mathieu
    • 2
  1. 1.Secure-IC S.A.S.Cesson-SévignéFrance
  2. 2.LTCI, Télécom ParisTech, Institut Polytechnique de ParisParisFrance
  3. 3.École Normale Supérieure, Département d’informatiqueParisFrance

Personalised recommendations