torturing openssl
DESCRIPTION
Torturing OpenSSL. Todd Austin University of Michigan with Andrea Pellegrini , William Arthur and Valeria Bertacco (Based on Valeria’s BlackHat 2012 Presentation). Understanding Side Channel Attacks. Systems leak info about internal computation - PowerPoint PPT PresentationTRANSCRIPT
Torturing OpenSSL
Todd AustinUniversity of Michigan
with Andrea Pellegrini, William Arthur and Valeria Bertacco
(Based on Valeria’s BlackHat 2012 Presentation)
2
Understanding Side Channel Attacks
· Systems leak info about internal computation• E.g., safes can be cracked by
carefully listening to the tumblers
· Clever attackers can utilize leaked info to grain secrets• Generally not directly• Use statistical methods over time
· Attacks implementation, rather than algorithm
3
Fault-Based Attack of RSA
Correct behavior:•Server challenge:
s = md mod n•Client verifies:
m = se mod n
Faulty Server:ŝ != md mod n
Public Key(e,n)
Private Key(d,n)
m
s
Public Key(e,n)
Private Key(d,n)
m
ŝ
mTactical advantage: We have years
to implement this attack!
4
Injecting Faults in RSA AuthenticationMaking hardware fail:Lower voltage causes signals to slow down, thus missing
the deadline imposed by the system clockHigh temperatures increase signal propagation delays· Over-clocking shortens the allowed time for traversing the
logic cloud· Charged particles cause internal signals to change value,
causing errors
5
Wanted: Single-Bit Errors in Multiplication
A corrupted signature leaks data if only one multiplication is corrupted by a single bit flip
0
10
20
30
40
50
60
1.30 1.29 1.28 1.27 1.26 1.25 1.24 1.23
Voltage [V]
Sin
gle
bit f
aults
(%)
0
2.75
5.50
8.25
11.00
13.75
16.50
Faul
ty p
rodu
cts
(%)
Single bit faults
Faulty multiplications
6
Implementing the Fault-Based Attack
Fault-Based Attack of RSA Attackers
1. Subject server to potential single-bit faults in multiplications2. Repeatedly authenticate to collect faulty RSA signatures3. Offline, analyze RSA signatures to extract private key bits4. Repeat steps 2 & 3 until entire RSA private key identified
7
Extracting the Key with Offline Analysis· The attacker collects the faulty signatures
· The private key is recovered one window at the time
· The attacker checks its guess against the collected faulty signatures
Public Keyŝŝŝŝ
Private Keym
ŝŝ ŝ
ŝd= X X X Xd3d2d1d0
8
Computing (s=md mod n) in OpenSSL
1101
s=1
for each window:
for each bit in window: //4times
s = (s * s) mod n
s = (s * mˆd[window]) mod n
return s
d=214= 0110
s=1
s=1
s= m1101
s= (∙∙∙(m1101) 2)2)2)2
s= (∙∙∙(m1101) 2)2)2)2)m0110
window 1 window 2
9
Faulty Signature: ŝ!=md mod n
s=1
for each window:
for each bit in window: //4times
s = (s * s) mod n
s = (s * mˆd[window]) mod n
return s
s=1
s=1
s= m1101
ŝ = (∙∙∙(m1101) 2) 2) ±2f)2)2
ŝ = (∙∙∙(m1101) 2) 2) ±2f) 2)2)m0110
1101d=214= 0110window 1 window 2
10
Reconstructing the SignatureThe private key is recovered one window at the time, guessing where and when the fault hits
ŝ = (∙∙∙(mdk)64)mdk-1)2) 2)2 ±2f)2) 2)2) mdk-2)64 …md0
Alreadyknown Value?
Which multiplication?
Which bit?
d= X X Xdk dk-1 …
For each window value to be guessed and signature we test:• 16 possible key values• 2 possible error values (0→1 or 1→0)• 4 squaring iterations
11
Implementing Offline Analysis· In practice 40 bit positions typically affected by faults
→ the computation time is reduced to 2.5 seconds· Analyzing 8,800 corrupted signatures requires 1 CPU-
year – only ~1,000 are useful
· Signatures can be checked in parallel· Performed the analysis with 81 workstations
ŝŝŝŝŝŝ
12
Fault-Based Attack of Leon3 SPARC
RSA 1024-bit private key
8,800 corrupted signatures collected in 10 hours
Distributed application with 81 machines for offline analysis
Private key recovered in 100 hours
13
Exploring Temperature-Induced Faults
14
Number of Key Bits Revealed (128-bit RSA)
20 30 40 50 60 70 80 90 1000
20
40
60
80
100
120
140
V=1.3 v
V=1.28 v
V=1.27 v
V=1.26 v
V=1.25 v
V=1.24 v
Temperature
Key
bits
reco
vere
d (o
ut o
f 128
)
Surprising insight: Attack is easier to implementwith more sophisticated cooling systems
15
Conclusions
· Transient faults can leak vital private key data
· Fault-based attack devised for OpenSSL 0.9.8i ’s Fixed Window Exponentiation algorithm
· Attack demonstrated on a complete physical Leon3 SPARC system
· Software fix using “blind”ing available in OpenSSL to protect against timing attacks
· Published: “Fault-based Attack of RSA Authentication” - DATE 2010· Presented: BlackHat 2012