D\'{e}j\`{a} Vu: Side-Channel Analysis of Mozilla's NSS

TL;DR

This paper conducts a comprehensive side-channel security evaluation of Mozilla's NSS library, revealing new vulnerabilities in cryptographic implementations and demonstrating key recovery attacks using various signal analysis techniques.

Contribution

It is the first library-wide SCA assessment of NSS, combining two frameworks to identify and exploit previously unknown vulnerabilities in cryptographic algorithms.

Findings

Discovered new vulnerabilities in DSA, ECDSA, and RSA within NSS.

Successfully performed key recovery attacks using timing, microarchitecture, and EM signals.

Highlights ongoing issues in vulnerability tracking and patching in cryptography libraries.

Abstract

Recent work on Side Channel Analysis (SCA) targets old, well-known vulnerabilities, even previously exploited, reported, and patched in high-profile cryptography libraries. Nevertheless, researchers continue to find and exploit the same vulnerabilities in old and new products, highlighting a big issue among vendors: effectively tracking and fixing security vulnerabilities when disclosure is not done directly to them. In this work, we present another instance of this issue by performing the first library-wide SCA security evaluation of Mozilla's NSS security library. We use a combination of two independently-developed SCA security frameworks to identify and test security vulnerabilities. Our evaluation uncovers several new vulnerabilities in NSS affecting DSA, ECDSA, and RSA cryptosystems. We exploit said vulnerabilities and implement key recovery attacks using signals---extracted through different techniques such as timing, microarchitecture, and EM---and improved lattice methods.