Certified Side Channels
Cesar Pereida Garc\'ia, Sohaib ul Hassan, Nicola Tuveri, Iaroslav, Gridin, Alejandro Cabrera Aldaya, Billy Bob Brumley
TL;DR
This paper shows that the way private keys are stored affects side channel security, revealing vulnerabilities in common software libraries and demonstrating practical key recovery attacks using various side channel signals.
Contribution
It uncovers how key storage formats influence side channel vulnerabilities and introduces new attacks exploiting these weaknesses across multiple signal types.
Findings
Different key formats lead to varying side channel vulnerabilities.
Vulnerabilities can cause disjoint arithmetic stacks within cryptosystems.
Practical key recovery attacks demonstrated using EM, cache, and timing signals.
Abstract
We demonstrate that the format in which private keys are persisted impacts Side Channel Analysis (SCA) security. Surveying several widely deployed software libraries, we investigate the formats they support, how they parse these keys, and what runtime decisions they make. We uncover a combination of weaknesses and vulnerabilities, in extreme cases inducing completely disjoint multi-precision arithmetic stacks deep within the cryptosystem level for keys that otherwise seem logically equivalent. Exploiting these vulnerabilities, we design and implement key recovery attacks utilizing signals ranging from electromagnetic (EM) emanations, to granular microarchitecture cache timings, to coarse traditional wall clock timings.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Security and Verification in Computing · Physical Unclonable Functions (PUFs) and Hardware Security