One&Done: A Single-Decryption EM-Based Attack on OpenSSLs - - PowerPoint PPT Presentation

one done a single decryption em based attack on openssl s
SMART_READER_LITE
LIVE PREVIEW

One&Done: A Single-Decryption EM-Based Attack on OpenSSLs - - PowerPoint PPT Presentation

Nov 26, 2022 140 likes •363 views

One&Done: A Single-Decryption EM-Based Attack on OpenSSLs Constant-Time Blinded RSA Monjur Alam, Haider Adnan Khan, Moumita Dey, Nishith Sinha, Robert Callan, Alenka Zajic, and Milos Prvulovic 1 1 v Motivation Public key crypto is

slide-1
SLIDE 1

1

1

One&Done: A Single-Decryption EM-Based Attack on OpenSSL’s Constant-Time Blinded RSA

Monjur Alam, Haider Adnan Khan, Moumita Dey, Nishith Sinha, Robert Callan, Alenka Zajic, and Milos Prvulovic

slide-2
SLIDE 2

2

2

vMotivation

Ø Public key crypto is essential for modern security

Ø Secure exchange of session keys Ø Verifying identity of systems and users Ø And a lot more

Ø Private keys are a highly valuable asset

Ø So attackers want them Ø And we don’t want attackers to get them

slide-3
SLIDE 3

3

3

vPublic Key Crypto

Ø Good public key crypto (e.g. RSA)

Ø Designed to make private keys very, very hard to recover RSA

key

slide-4
SLIDE 4

4

4

vAnalog Side-Channel Attacks

Ø But cryptographic implementation runs on real hardware

Ø Logic gates switch, causing current flow Ø Currents flowing create changes in surrounding EM field RSA

key Side-channel information helps recover the private key

slide-5
SLIDE 5

5

5

vAnalog Side-Channel Attacks

Ø Message randomization (blinding)

Ø Prevents chosen-plaintext and other message-dependent attacks

Ø But… when message-independent operations use the key

RSA

key Side-channel information, alone, eventually enables efficient recovery of the private key

slide-6
SLIDE 6

6

6

vAnalog Side-Channel Attacks

Ø One&Done

Ø Message does not matter (message blinding does not help) Ø Multiple “traces” not needed (exponent blinding does not help) RSA

key Side-channel information alone, in a single encryption/signing, enables efficient recovery of the entire private key

slide-7
SLIDE 7

7

7

vOpenSSL’s RSA Implementation

Ø BN_mod_exp_montgomery_consttime()

Ø Computes xd mod m, where d is the secret exponent

For each fixed-size “window” For each bit in the window Square the result (v=v2) Look up one bit of d and add to wval Look up precomputed xwval Multiply result with xwval

slide-8
SLIDE 8

8

8

vSide-Channel Attacks on OpenSSL’s RSA

Ø BN_mod_exp_montgomery_consttime()

Ø Computes xd mod m, where d is the secret exponent

For each fixed-size “window” For each bit in the window Square the result (v=v2) Get bit from d, add to wval Look up precomputed xwval Multiply result with xwval Cache (e.g. Percival) Scatter-Gather Genkin et al., CHES’15 Message Blinding One&Done (new) Mitigation (new)

slide-9
SLIDE 9

9

9

vMeasurement Setup

Samsung Galaxy Centura SCH-S738C Alcatel Ideal A13-OLinuXino

slide-10
SLIDE 10

10

10

vSide Channel Analysis

Ø Recent advances in side-channel-based program monitoring

Ø Camelia, our DARPA LADS project

  • Uses analog signals to monitor computational activity

to detect control flow deviation and/or execution of unknown code

  • Found that even a single-instruction control-flow can be detected
  • But…

Ø Constant-time implementation – no key-dependent CF

Ø Every encryption has the same CF sequence

  • Can’t use CF differences for attack
  • But can use the (very stable and predictable) signal features and timing

to tell us exactly where in the signal BN_is_bit_set is executing

slide-11
SLIDE 11

11

11

vAttack Approach

Constant-time Montgomery Multiplication to square the result Window-value update Another Constant-time Montgomery Multiplication

Easy to Find Const-Time

slide-12
SLIDE 12

12

12

vRelevant Part Zoom-In

0-A 1-A 0-B 1-B Window Value Update

slide-13
SLIDE 13

13

13

How well does this recover bits of <dp,dq>?

Ø Training on 15 private-key RSA decryptions Ø Recover bits of secret exponents using only one decryption

95% 96% 97% 98% 99% 100% Samsung Galaxy Centura Phone Alcatel Ideal Phone OLinuXino Board Max Median Min

slide-14
SLIDE 14

14

14

vFull RSA Key Recovery

Ø We have dp and dq but with

Ø Erasures – could not find where the bit’s signal is Ø Errors – found the bit’s signal, but misclassified it (0 vs. 1)

Ø Existing branch-and-prune algorithms

Ø Prune partial solutions when group of bits has too many errors

  • Assumes errors are uniformly distributed
  • Our errors often occur in bursts
  • Does not explicitly handle erasures

Ø Prune partial solutions that disagree with known bits of <dp,dq>

  • Can’t handle errors (no bits truly “known”)
slide-15
SLIDE 15

15

15

vFull RSA Key Recovery

Ø We have dp and dq but with

Ø Erasures – could not find where the bit’s signal is Ø Errors – found the bit’s signal, but misclassified it (0 vs. 1)

Ø Our algorithm

Ø Take partial solution with fewest disagreement overall

  • Known-to-be-unknown bits (erasures) not counted

Ø Expand that partial solution by one bit position

  • Prune expansions that violate relationships between p,q,n,dp,and dq
  • Efficient implementation, nearly all checks use only scalars (not BNs)

Ø Repeat

slide-16
SLIDE 16

16

16

vRecover RSA key from <dp,dq> with errors

1,000.00 10,000.00 100,000.00 1,000,000.00 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% Errors Erasures 50% Mix Key Search Steps Our <dp,dq> results (errors+erasures) Key search using one i7 core: 500K steps / second!

slide-17
SLIDE 17

17

17

vMore in the paper

Ø Train on one device, attack another

Ø Only slightly worse than same-device (still 100% key recovery)

Ø Similar attack on sliding-window implementation

Ø Used in prior versions of OpenSSL

  • Prior attacks extract enough bits to sometimes allow full-key recovery

Ø One&Done recovers nearly all bits in one private-key encryption, recovered full key every time

slide-18
SLIDE 18

18

18

vMitigation

Ø Fundamental enabler of the attack

Ø Several instructions have very few possibilities for their operands

  • BN_is_bit_set returns either 0 or 1

Ø No need to get bits one at a time

Ø A 5-bit fixed window needs 5 consecutive bits

  • Don’t have to get them one at a time and shift into wval

Ø So we take an entire word’s worth of bits each time, mask to window-size only before wval is needed Ø Takes only a little longer than getting one bit! Ø But done only once per window!

slide-19
SLIDE 19

19

19

vResults after mitigation

40% 45% 50% 55% 60% 65% Samsung Galaxy Centura Phone Alcatel Ideal Phone OLinuXino Board Max Median Min Random Guessing Erasures Counted as Errors

slide-20
SLIDE 20

20

20

vConclusions

Ø Analog side-channel attack on OpenSSL’s constant-time modular exponentiation implementation

Ø Precise timing thanks to constant-timeness of the implementation Ø Highly accurate thanks to one-secret-bit-at-a-time implementation

Ø Entire private key recovered from only one use of that key Ø Attack not affected by blinding

Ø Attack directly obtains exponent bits, message bits not relevant Ø Exponent blinding does not help agains single-trace attacks

Ø Mitigation: look up groups of secret bits, not individual bits

slide-21
SLIDE 21

21

21

Thank you!

Questions?