150 likes | 250 Views
Torturing OpenSSL. Todd Austin University of Michigan with Andrea Pellegrini , William Arthur and Valeria Bertacco (Based on Valeria’s BlackHat 2012 Presentation). Understanding Side Channel Attacks. Systems leak info about internal computation
E N D
Torturing OpenSSL Todd Austin University of Michigan with Andrea Pellegrini, William Arthur and Valeria Bertacco (Based on Valeria’s BlackHat 2012 Presentation)
Understanding Side Channel Attacks • Systems leak info about internal computation • E.g., safes can be cracked by carefully listening to the tumblers • Clever attackers can utilize leaked info to grain secrets • Generally not directly • Use statistical methods over time • Attacks implementation, rather than algorithm
Fault-Based Attack of RSA m m m Correct behavior: • Server challenge: s = md mod n • Client verifies: m = se mod n Faulty Server: ŝ != md mod n Private Key(d,n) Public Key(e,n) s ŝ Tactical advantage: We have yearsto implement this attack! Private Key(d,n) Public Key(e,n)
Injecting Faults in RSA Authentication Making hardware fail: • Lower voltage causes signals to slow down, thus missing the deadline imposed by the system clock • High temperatures increase signal propagation delays • Over-clocking shortens the allowed time for traversing the logic cloud • Charged particlescause internal signals to change value, causing errors
Single bit faults Faulty multiplications Wanted: Single-Bit Errors in Multiplication A corrupted signature leaks data if only one multiplication is corrupted by a single bit flip 60 16.50 50 13.75 40 11.00 Faulty products (%) Single bit faults (%) 30 8.25 20 5.50 10 2.75 0 0 1.30 1.29 1.28 1.27 1.26 1.25 1.24 1.23 Voltage [V]
Implementing the Fault-Based Attack Fault-Based Attack of RSA Attackers 1. Subject server to potential single-bit faults in multiplications 2. Repeatedly authenticate to collect faulty RSA signatures 3. Offline, analyze RSA signatures to extract private key bits 4. Repeat steps 2 & 3 until entire RSA private key identified
The attacker collects the faulty signatures The private key is recovered one window at the time The attacker checks its guess against the collected faulty signatures Extracting the Key with Offline Analysis m Private Key Public Key ŝ ŝ ŝ ŝ ŝ ŝ ŝ ŝ d= d3 X X d2 X X d1 d0
Computing (s=mdmod n) in OpenSSL 0110 d=214= 1101 window 1 window 2 s=1 for each window: for each bit in window: //4times s = (s * s) mod n s = (s * mˆd[window]) mod n return s s=1 s=1 s= (∙∙∙(m1101) 2)2)2)2 s= m1101 s= (∙∙∙(m1101) 2)2)2)2)m0110
Faulty Signature: ŝ!=md mod n 0110 d=214= 1101 window 1 window 2 s=1 for each window: for each bit in window: //4times s = (s * s) mod n s = (s * mˆd[window]) mod n return s s=1 s=1 ŝ = (∙∙∙(m1101) 2)2) ±2f)2)2 s= m1101 ŝ = (∙∙∙(m1101) 2)2) ±2f) 2)2)m0110
The private key is recovered one window at the time, guessing where and when the fault hits Reconstructing the Signature … d= dk X dk-1 X X Which multiplication? ŝ = (∙∙∙(mdk)64)mdk-1)2) 2)2 ±2f)2) 2)2) mdk-2)64 …md0 Already known Which bit? Value? For each window value to be guessed and signature we test: • 16 possible key values • 2 possible error values (0→1 or 1→0) • 4 squaring iterations
Implementing Offline Analysis • In practice 40 bit positions typically affected by faults → the computation time is reduced to 2.5 seconds • Analyzing 8,800 corrupted signatures requires 1 CPU-year – only ~1,000 are useful • Signatures can be checked in parallel • Performed the analysis with 81 workstations ŝ ŝ ŝ ŝ ŝ ŝ
Fault-Based Attack of Leon3 SPARC 8,800 corrupted signatures collected in 10 hours RSA 1024-bit private key Distributed application with 81 machines for offline analysis Private key recovered in 100 hours
Number of Key Bits Revealed (128-bit RSA) Surprising insight: Attack is easier to implementwith more sophisticated cooling systems
Conclusions • Transient faults can leak vital private key data • Fault-based attack devised for OpenSSL 0.9.8i ’s Fixed Window Exponentiation algorithm • Attack demonstrated on a complete physical Leon3 SPARC system • Software fix using “blind”ingavailable in OpenSSL to protect against timing attacks • Published: “Fault-based Attack of RSA Authentication” - DATE 2010 • Presented: BlackHat 2012