Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications

TL;DR

This paper systematically reviews software side-channel vulnerabilities in cryptographic software, categorizes existing vulnerabilities and countermeasures, and evaluates popular libraries to provide insights for improving security.

Contribution

It offers a comprehensive survey of vulnerabilities and countermeasures, along with quantitative evaluation of popular cryptographic libraries, guiding future research and development.

Findings

Identified common vulnerabilities in cryptographic implementations

Compared effectiveness of various countermeasures

Measured vulnerability severity and response times of libraries

Abstract

We systematize software side-channel attacks with a focus on vulnerabilities and countermeasures in the cryptographic implementations. Particularly, we survey past research literature to categorize vulnerable implementations, and identify common strategies to eliminate them. We then evaluate popular libraries and applications, quantitatively measuring and comparing the vulnerability severity, response time and coverage. Based on these characterizations and evaluations, we offer some insights for side-channel researchers, cryptographic software developers and users. We hope our study can inspire the side-channel research community to discover new vulnerabilities, and more importantly, to fortify applications against them.