Projects per year
Abstract
Side-channel attacks exploiting (EC)DSA nonce leakage easily lead to full key recovery. Although (EC)DSA implementations have already been hardened against side-channel leakage using the constant-time paradigm, the long-standing cat-and-mouse-game of attacks and patches continues. In particular, current code review is prone to miss less obvious side channels hidden deeply in the call stack. To solve this problem, a systematic study of nonce leakage is necessary. We present a systematic analysis of nonce leakage in cryptographic implementations. In particular, we expand DATA, an open-source side-channel analysis framework, to detect nonce leakage. Our analysis identified multiple unknown nonce leakage vulnerabilities across all essential computation steps involving nonces. Among others, we uncover inherent problems in Bignumber implementations that break claimed constant-time guarantees of (EC)DSA implementations if secrets are close to a word boundary. We found that lazy resizing of Bignumbers in OpenSSL and LibreSSL yields a highly accurate and easily exploitable side channel, which has been acknowledged with two CVEs. Surprisingly, we also found a tiny but expressive leakage in the constant-time scalar multiplication of OpenSSL and BoringSSL. Moreover, in the process of reporting and patching, we identified newly introduced leakage with the support of our tool, thus preventing another attack-patch cycle. We open-source our tool, together with an intuitive graphical user interface we developed.
Original language | English |
---|---|
Title of host publication | Proceedings of the 29th USENIX Security Symposium |
Publisher | USENIX Association |
Pages | 1767-1784 |
Number of pages | 18 |
ISBN (Electronic) | 9781939133175 |
Publication status | Published - 1 Jan 2020 |
Event | 29th USENIX Security Symposium: USENIX Security 2020 - Virtuell, United States Duration: 12 Aug 2020 → 14 Aug 2020 https://www.usenix.org/conference/usenixsecurity20/ |
Publication series
Name | Proceedings of the 29th USENIX Security Symposium |
---|
Conference
Conference | 29th USENIX Security Symposium |
---|---|
Country/Territory | United States |
City | Virtuell |
Period | 12/08/20 → 14/08/20 |
Internet address |
ASJC Scopus subject areas
- Information Systems
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications
Fingerprint
Dive into the research topics of 'Big Numbers – Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations'. Together they form a unique fingerprint.-
Data Security - KC - KD-07 Scalable Knowledge Discovery Components
1/07/17 → 31/12/26
Project: Research project
-
Espresso - Scalable hardware-secured authentication and personalization of intelligent sensor nodes
1/05/18 → 31/10/20
Project: Research project
-
Dessnet - Dependable, secure and time-aware sensor networks
Mangard, S., Glanzer, C., Görtschacher, L. J., Bösch, W., Grosinger, J., Fischbacher, R. B., Deutschmann, B. & Shetty, D.
1/06/17 → 31/05/21
Project: Research project