Samuel Weiser
ABSTRACT
Microarchitectural side-channel attacks have received significant attention recently. However, while side-channel analyses on secret key operations such as decryption and signature generation are well established, the process of key generation did not receive particular attention so far. Especially due to the fact that microarchitectural attacks usually require multiple observations (more than one measurement trace) to break an implementation, one-time operations such as key generation routines are often considered as uncritical and out of scope. However, this assumption is no longer valid for shielded execution architectures, where sensitive code is executed - in the realm of a potential attacker - inside hardware enclaves. In such a setting, an untrusted operating system can conduct noiseless controlled-channel attacks by exploiting page access patterns. In this work, we identify a critical vulnerability in the RSA key generation procedure of Intel SGX SSL (and the underlying OpenSSL library) that allows to recover secret keys from observations of a single execution. In particular, we mount a controlled-channel attack on the binary Euclidean algorithm (BEA), which is used for checking the validity of the RSA key parameters generated within an SGX enclave. Thereby, we recover all but 16 bits of one of the two prime factors of the public modulus. For an 8192-bit RSA modulus, we recover the remaining 16 bits and thus the full key in less than 12 seconds on a commodity PC. In light of these results, we urge for careful re-evaluation of cryptographic libraries with respect to single trace attacks, especially if they are intended for shielded execution environments such as Intel SGX.
- Onur Aciiçmez. 2007. Yet Another MicroArchitectural Attack: : Exploiting ICache. In Computer Security Architecture Workshop -- CSAW. ACM, 11--18. Google Scholar
Digital Library
- Onur Aciiçmez, Shay Gueron, and Jean-Pierre Seifert. 2007. New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures. In Cryptography and Coding -- IMA 2007 (LNCS), Vol. 4887. Springer, 185--203. Google ScholarDigital Library
- Onur Aciiçmez, Çetin Kaya Koç, and Jean-Pierre Seifert. 2007. On the Power of Simple Branch Prediction Analysis. In Asia Conference on Computer and Communications Security -- AsiaCCS 2007. ACM, 312--320. Google ScholarDigital Library
- Onur Aciiçmez and Werner Schindler. 2008. A Vulnerability in RSA Implementations Due to Instruction Cache Analysis and Its Demonstration on OpenSSL. In Topics in Cryptology -- CT-RSA 2008 (LNCS), Vol. 4964. Springer, 256--273. Google ScholarDigital Library
- Sarang Aravamuthan and Viswanatha Rao Thumparthy. 2007. A Parallelization of ECDSA Resistant to Simple Power Analysis Attacks. In Communication System Software and Middleware -- COMSWARE 2007. IEEE, 1--7.Google Scholar
- Elaine Barker and Allen Roginsky (NIST). 2015. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. (2015). NIST Special Publication 800--131A, Revision 1.Google ScholarCross Ref
- Aurélie Bauer, Éliane Jaulmes, Victor Lomné, Emmanuel Prouff, and Thomas Roche. 2014. Side-Channel Attack against RSA Key Generation Algorithms. In Cryptographic Hardware and Embedded Systems -- CHES 2014 (LNCS), Vol. 8731. Springer, 223--241. Google ScholarDigital Library
- Daniel J. Bernstein. 2005. Cache-Timing Attacks on AES. Available online at http://cr.yp.to/antiforgery/cachetiming-20050414.pdf. (April 2005).Google Scholar
- Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom. 2017. Sliding Right into Disaster: Left-to-Right Sliding Windows Leak. In Cryptographic Hardware and Embedded Systems -- CHES 2017 (LNCS), Vol. 10529. Springer, 555-- 576.Google Scholar
- Dan Boneh. 1999. Twenty Years of Attacks on the RSA Cryptosystem. Notices of the American Mathematical Society (AMS) 46 (1999), 203--213.Google Scholar
- Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In Workshop on Offensive Technologies -- WOOT 2017. USENIX Association. Google ScholarDigital Library
- Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In System Software for Trusted Execution -- SysTEX 2017. ACM. In press. Google ScholarDigital Library
- Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In USENIX Security Symposium 2017. USENIX Association, 1041--1056.Google Scholar
- Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. 2017. Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu. In Asia Conference on Computer and Communications Security -- AsiaCCS. ACM, 7--18. Google ScholarDigital Library
- Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. 2009. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors. In IEEE Symposium on Security and Privacy -- S&P 2009. IEEE Computer Society, 45--60. Google ScholarDigital Library
- Intel Corporation. 2017. Intel Software Guard Extensions Developer Guide. https://software.intel.com/en-us/sgx-sdk/documentation. (2017).Google Scholar
- Intel Corporation. 2017. Intel Software Guard Extensions (Intel SGX). https: //software.intel.com/en-us/sgx. (2017).Google Scholar
- Intel Corporation. 2017. Using the Intel Software Guard Extensions (Intel SGX) SSL Library. https://software.intel.com/en-us/sgx/resource-library. (2017).Google Scholar
- Thomas Finke, Max Gebhardt, and Werner Schindler. 2009. A New Side-Channel Attack on RSA Prime Generation. In Cryptographic Hardware and Embedded Systems -- CHES 2009 (LNCS), Vol. 5747. Springer, 141--155. Google ScholarDigital Library
- OpenSSL Software Foundation. 2017. OpenSSL -- Cryptography and SSL/TLS Toolkit. https://www.openssl.org/. (2017).Google Scholar
- Yangchun Fu, Erick Bauman, Raul Quinonez, and Zhiqiang Lin. 2017. SGX-LAPD: Thwarting Controlled Side Channel Attacks via Enclave Verifiable Page Faults. In Recent Advances in Intrusion Detection -- RAID 2017 (LNCS), Vol. 10453. Springer, 357--380.Google Scholar
- Cesar Pereida García and Billy Bob Brumley. 2017. Constant-Time Callees with Variable-Time Callers. In USENIX Security Symposium 2017. USENIX Association, 83--98.Google Scholar
- Qian Ge, Yuval Yarom, David Cock, and Gernot Heiser. 2016. A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware. Journal of Cryptographic Engineering (2016), 1--27.Google Scholar
- Vinodh Gopal, James Guilford, Erdinc Ozturk, Wajdi Feghali, Gil Wolrich, and Martin Dixon. 2009. Fast and Constant-Time Implementation of Modular Exponentiation. In Embedded Systems and Communications Security -- ECSC 2009.Google Scholar
- Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache Attacks on Intel SGX. In European Workshop on System Security -- EUROSEC 2017. ACM, 2:1--2:6. Google ScholarDigital Library
- Shay Gueron. 2012. Efficient Software Implementations of Modular Exponentiation. J. Cryptographic Engineering 2 (2012), 31--43.Google ScholarCross Ref
- Marcus Hähnel, Weidong Cui, and Marcus Peinado. 2017. High-Resolution Side Channels for Untrusted Operating Systems. In USENIX Annual Technical Conference -- USENIX ATC 2017. USENIX Association, 299--312. Google ScholarDigital Library
- Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan del Cuvillo. 2013. Using Innovative Instructions to Create Trustworthy Software Solutions. In Hardware and Architectural Support for Security and Privacy -- HASP. ACM, 11. Google ScholarDigital Library
- American National Standards Institute. 1998. Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA). (1998).Google Scholar
- Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology -- CRYPTO 1996 (LNCS), Vol. 1109. Springer, 104--113. Google ScholarDigital Library
- Robert Könighofer. 2008. A Fast and Cache-Timing Resistant Implementation of the AES. In Topics in Cryptology -- CT-RSA 2008 (LNCS), Vol. 4964. Springer, 187--202. Google ScholarDigital Library
- Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In USENIX Security Symposium 2017. USENIX Association, 557--574.Google Scholar
- Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative Instructions and Software Model for Isolated Execution. In Hardware and Architectural Support for Security and Privacy -- HASP. ACM, 10. Google ScholarDigital Library
- Alfred Menezes, Paul C. van Oorschot, and Scott A. Vanstone. 1996. Handbook of Applied Cryptography. CRC Press. Google ScholarDigital Library
- Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. 2017. CacheZoom: How SGX Amplifies the Power of Cache Attacks. In Cryptographic Hardware and Embedded Systems -- CHES 2017 (LNCS), Vol. 10529. Springer, 69--90.Google Scholar
- Elaine Barker (NIST). 2016. Recommendation for Key Management, Part 1: General. (2016).Google Scholar
- Colin Percival. 2005. Cache Missing for Fun and Profit. http://daemonology.net/ hyperthreading-considered-harmful/. (2005).Google Scholar
- Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. 1978. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Commun. ACM 21 (1978), 120--126. Google ScholarDigital Library
- Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In Detection of Intrusions and Malware &Vulnerability Assessment -- DIMVA 2017 (LNCS), Vol. 10327. Springer, 3--24.Google Scholar
- Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In Network and Distributed System Security Symposium -- NDSS 2017. The Internet Society.Google Scholar
- Ming-Wi Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In Network and Distributed System Security Symposium -- NDSS 2017. In press.Google Scholar
- Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. 2015. Preventing Your Faults From Telling Your Secrets: Defenses Against Pigeonhole Attacks. arXiv ePrint Archive, Report 1506.04832 (2015).Google Scholar
- Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. 2016. Preventing Page Faults from Telling Your Secrets. In Asia Conference on Computer and Communications Security -- AsiaCCS. ACM, 317--328. Google ScholarDigital Library
- J. Stein. 1967. Computational Problems Associated with Racah Algebra. J. Comput. Phys. 1 (1967), 397--405.Google ScholarCross Ref
- Raoul Strackx and Frank Piessens. 2016. Ariadne: A Minimal Approach to State Continuity. In USENIX Security Symposium 2016. USENIX Association, 875--892.Google Scholar
- Raoul Strackx and Frank Piessens. 2017. The Heisenberg Defense: Proactively Defending SGX Enclaves against Page-Table-Based Side-Channel Attacks. CoRR abs/1712.08519 (2017).Google Scholar
- Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient Cache Attacks on AES, and Countermeasures. J. Cryptology 23 (2010), 37--71.Google ScholarDigital Library
- Camille Vuillaume, Takashi Endo, and Paul Wooderson. 2012. RSA Key Generation: New Attacks. In Constructive Side-Channel Analysis and Secure Design -- COSADE 2012 (LNCS), Vol. 7275. Springer, 105--119. Google ScholarDigital Library
- Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. 2017. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. In Conference on Computer and Communications Security -- CCS 2017. ACM, 2421-- 2434. Google ScholarDigital Library
- Yuan Xiao, Mengyuan Li, Sanchuan Chen, and Yinqian Zhang. 2017. STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves. In Conference on Computer and Communications Security -- CCS 2017. ACM, 859--874. Google ScholarDigital Library
- Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In IEEE Symposium on Security and Privacy -- S&P 2015. IEEE Computer Society, 640--656. Google ScholarDigital Library
- Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In USENIX Security Symposium 2014. USENIX Association, 719--732. Google ScholarDigital Library
- Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2016. CacheBleed: A Timing Attack on OpenSSL Constant Time RSA. In Cryptographic Hardware and Embedded Systems -- CHES 2016 (LNCS), Vol. 9813. Springer, 346--367.Google Scholar
Index Terms
- Single Trace Attack Against RSA Key Generation in Intel SGX SSL
Recommendations
Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems SecurityFor the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization
SysTEX '18: Proceedings of the 3rd Workshop on System Software for Trusted ExecutionIntel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computation from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side ...
RSA key generation: new attacks
COSADE'12: Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure DesignWe present several new side-channel attacks against RSA key generation. Our attacks may be combined and are powerful enough to fully reveal RSA primes generated on a tamper-resistant device, unless adequate countermeasures are implemented. More ...
Comments