Advertisement

Evaluation and Mitigation of Timing Side-Channel Leakages on Multiple-Target Dynamic Binary Translators

  • Otávio Oliveira NapoliEmail author
  • Vanderson Martins do Rosario
  • Diego Freitas Aranha
  • Edson Borin
Conference paper
  • 4 Downloads
Part of the Communications in Computer and Information Science book series (CCIS, volume 1171)

Abstract

Timing side-channel attacks are an important issue for cryptographic algorithms. If the execution time of an implementation depends on secret information, an adversary may recover the latter through measuring the former. Different approaches have emerged to exploit information leakage on cryptographic implementations and to protect them against these attacks, and recent works extend the concerns to dynamic execution systems [3, 15, 24]. However, little has been said about Cross-ISA emulation and its impact on timing leakages. In this paper, we investigate the impact of dynamic binary translators in the constant-time property of known cryptographic implementations, using different Region Formation Techniques (RFTs). We show that the emulation may have a significant impact by inserting non constant-time constructions during the translation, leading to significant timing leakages in QEMU and HQEMU emulators. These leakages are then verified using a statistical approach. In order to guarantee the constant-time property, we have implemented a solution in the QEMU dynamic binary translator, mitigating the inserted timing side-channels.

Keywords

Timing side-channels Dynamic binary translation Virtual Machines Just-in-time compilation Leakage detection 

Notes

Acknowledgments

We would like to thank CNPq (Grant #: 313012/2017-2), Intel Corporation, and the Sao Paulo Research Foundation, FAPESP (Grants #:2014/50704-7 and 2013/08293-7), for supporting this research.

References

  1. 1.
    Becker, G., Cooper, J., DeMulder, E., Goodwill, G., et al.: Test vector leakage assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference, p. 13 (2013)Google Scholar
  2. 2.
    Bellard, F.: QEMU, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track, p. 46 (2005)Google Scholar
  3. 3.
    Brennan, T., Rosner, N., Bultan, T.: JIT Leaks: inducing timing side channels through just-in-time compilation. Technical report, UC Santa Barbara, Computer Science (2018)Google Scholar
  4. 4.
    Cauligi, S., et al.: FaCT: a flexible, constant-time programming language. In: 2017 SecDev, pp. 69–76. IEEE (2017)Google Scholar
  5. 5.
    Chen, J., Venkataramani, G.: An algorithm for detecting contention-based covert timing channels on shared hardware. In: HASP, p. 1. ACM (2014)Google Scholar
  6. 6.
    Cleemput, J.V., Coppens, B., De Sutter, B.: Compiler mitigations for time attacks on modern x86 processors. TACO 8(4) (2012). Article no: 23 CrossRefGoogle Scholar
  7. 7.
    Coppens, B., Verbauwhede, I., De Bosschere, K., De Sutter, B.: Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 45–60. IEEE (2009)Google Scholar
  8. 8.
    Davis, D., Hazelwood, K.: Improving region selection through loop completion. In: ASPLOS, vol. 4, p. 7-3 (2011)Google Scholar
  9. 9.
    Duesterwald, E., Bala, V.: Software profiling for hot path prediction: less is more. ACM SIGOPS 34(5), 202–211 (2000)CrossRefGoogle Scholar
  10. 10.
    Gianvecchio, S., Wang, H.: An entropy-based approach to detecting covert timing channels. TDSC 8(6), 785–797 (2011)Google Scholar
  11. 11.
    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P., et al.: A testing methodology for side-channel resistance validation. In: NIST Non-Invasive Attack Testing Workshop, vol. 7, pp. 115–136 (2011) Google Scholar
  12. 12.
    ARM Holdings: ARM mbedTLS Google Scholar
  13. 13.
    Hong, D.Y., et al.: HQEMU: a multi-threaded and retargetable dynamic binary translator on multicores. In: CGO, pp. 104–113. ACM (2012)Google Scholar
  14. 14.
    Ireland, D.: BigDigits multiple-precision arithmetic source code (2016)Google Scholar
  15. 15.
    Renner, J., Cauligi, S., Stefan, D.: Constant-time webassembly (2018)Google Scholar
  16. 16.
    Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04138-9_1CrossRefGoogle Scholar
  17. 17.
    Kaufmann, T., Pelletier, H., Vaudenay, S., Villegas, K.: When constant-time source yields variable-time binary: exploiting curve25519-donna built with MSVC 2015. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 573–582. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-48965-0_36CrossRefGoogle Scholar
  18. 18.
    Napoli, O.O., do Rosario, V.M., Aranha, D.F., Borin, E.: Evaluation of timing side-channel leakage on a multiple-target dynamic binary translator (2018)Google Scholar
  19. 19.
    Payer, M., Gross, T.R.: Generating low-overhead dynamic binary translators. In: Proceedings of the 3rd Annual Haifa Experimental Systems Conference, p. 22. ACM (2010)Google Scholar
  20. 20.
    Reparaz, O., Balasch, J., Verbauwhede, I.: Dude, is my code constant time? In: DATE, pp. 1697–1702. IEEE (2017)Google Scholar
  21. 21.
    Rijmen, V., Bosselaers, A., Barreto, P.: Optimised ANSI C code for the Rijndael cipher (now AES). Public domain software (2000)Google Scholar
  22. 22.
    Smith, J.E., Nair, R.: Virtual Machines: Versatile Platforms for Systems and Processes. The Morgan Kaufmann Series. Morgan Kaufmann Publishers Inc., San Francisco (2005)zbMATHGoogle Scholar
  23. 23.
    Standaert, F.X.: How (not) to use Welch’s T-test in side-channel security evaluations. In: IACR, vol. 2017, p. 138 (2017)Google Scholar
  24. 24.
    Van Cleemput, J., De Sutter, B., De Bosschere, K.: Adaptive compiler strategies for mitigating timing side channel attacks. TDSC 17(1), 35–49 (2017)Google Scholar
  25. 25.
    Wu, M., Guo, S., Schaumont, P., Wang, C.: Eliminating timing side-channel leaks using program repair. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 15–26. ACM (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Otávio Oliveira Napoli
    • 1
    Email author
  • Vanderson Martins do Rosario
    • 1
  • Diego Freitas Aranha
    • 1
    • 2
  • Edson Borin
    • 1
  1. 1.Institute of ComputingUniversity of Campinas (Unicamp)CampinasBrazil
  2. 2.Department of EngineeringAarhus UniversityAarhusDenmark

Personalised recommendations