Projekte pro Jahr
Abstract
Side-channel attacks exploiting (EC)DSA nonce leakage easily lead to full key recovery. Although (EC)DSA implementations have already been hardened against side-channel leakage using the constant-time paradigm, the long-standing cat-and-mouse-game of attacks and patches continues. In particular, current code review is prone to miss less obvious side channels hidden deeply in the call stack. To solve this problem, a systematic study of nonce leakage is necessary. We present a systematic analysis of nonce leakage in cryptographic implementations. In particular, we expand DATA, an open-source side-channel analysis framework, to detect nonce leakage. Our analysis identified multiple unknown nonce leakage vulnerabilities across all essential computation steps involving nonces. Among others, we uncover inherent problems in Bignumber implementations that break claimed constant-time guarantees of (EC)DSA implementations if secrets are close to a word boundary. We found that lazy resizing of Bignumbers in OpenSSL and LibreSSL yields a highly accurate and easily exploitable side channel, which has been acknowledged with two CVEs. Surprisingly, we also found a tiny but expressive leakage in the constant-time scalar multiplication of OpenSSL and BoringSSL. Moreover, in the process of reporting and patching, we identified newly introduced leakage with the support of our tool, thus preventing another attack-patch cycle. We open-source our tool, together with an intuitive graphical user interface we developed.
Originalsprache | englisch |
---|---|
Titel | Proceedings of the 29th USENIX Security Symposium |
Herausgeber (Verlag) | USENIX Association |
Seiten | 1767-1784 |
Seitenumfang | 18 |
ISBN (elektronisch) | 9781939133175 |
Publikationsstatus | Veröffentlicht - 1 Jan. 2020 |
Veranstaltung | 29th USENIX Security Symposium: USENIX Security 2020 - Virtuell, USA / Vereinigte Staaten Dauer: 12 Aug. 2020 → 14 Aug. 2020 https://www.usenix.org/conference/usenixsecurity20/ |
Publikationsreihe
Name | Proceedings of the 29th USENIX Security Symposium |
---|
Konferenz
Konferenz | 29th USENIX Security Symposium |
---|---|
Land/Gebiet | USA / Vereinigte Staaten |
Ort | Virtuell |
Zeitraum | 12/08/20 → 14/08/20 |
Internetadresse |
ASJC Scopus subject areas
- Information systems
- Sicherheit, Risiko, Zuverlässigkeit und Qualität
- Computernetzwerke und -kommunikation
Fingerprint
Untersuchen Sie die Forschungsthemen von „Big Numbers – Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations“. Zusammen bilden sie einen einzigartigen Fingerprint.-
Data Security - KC - KD-07 Skalierbare Knowledge-Discovery-Komponenten
Mangard, S. (Teilnehmer (Co-Investigator))
1/07/17 → 31/12/26
Projekt: Forschungsprojekt
-
Espresso - Skalierbare hardware-gesicherte authentifizierung und Personalisierung intelligenter Sensorknoten
Mangard, S. (Teilnehmer (Co-Investigator))
1/05/18 → 31/10/20
Projekt: Forschungsprojekt
-
Dessnet - Zuverlässige, sichere und zeitnahe Sensornetzwerke
Mangard, S. (Teilnehmer (Co-Investigator)), Glanzer, C. (Teilnehmer (Co-Investigator)), Görtschacher, L. J. (Teilnehmer (Co-Investigator)), Bösch, W. (Teilnehmer (Co-Investigator)), Grosinger, J. (Teilnehmer (Co-Investigator)), Fischbacher, R. B. (Teilnehmer (Co-Investigator)), Deutschmann, B. (Teilnehmer (Co-Investigator)) & Shetty, D. (Teilnehmer (Co-Investigator))
1/06/17 → 31/05/21
Projekt: Forschungsprojekt