Formal Fault Analysis of Branch Predictors: Attacking ... · security of crypto-algorithms have not...
Transcript of Formal Fault Analysis of Branch Predictors: Attacking ... · security of crypto-algorithms have not...
-
Formal Fault Analysis of Branch Predictors:Attacking countermeasures of Asymmetric key
ciphers
Sarani Bhattacharya and Debdeep Mukhopadhyay
Indian Institute of Technology Kharagpur
PROOFS 2016August 20, 2016
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 1 / 25
-
Overview of the talk
Introduction
Motivation of the problem
Exponentiation primitives for Public key cryptography
Formalizing Differential of branch misses simulated from 2-bitpredictor
Developing the Attack Algorithm
Experimental validation over Hardware Performance Counters
Conclusion
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 2 / 25
-
Introduction
Asymmetric key algorithm have been threatened via timing sidechannels due to the behavior of the underlying branch predictors.
Effect of faults on such predictors and the consequences thereof onsecurity of crypto-algorithms have not been studied.
We develop a formal analysis of such a bimodal predictor under theeffect of faults.
Analysis shows that differences of branch misses under the effect ofbit faults can be exploited to attack implementations of RSA-likeasymmetric key algorithms, based on square and multiplicationoperations.
The attack is also threatening against Montgomery ladder ofCRT-RSA (RSA implemented using Chinese Remainder Theorem).
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25
-
Introduction
Asymmetric key algorithm have been threatened via timing sidechannels due to the behavior of the underlying branch predictors.
Effect of faults on such predictors and the consequences thereof onsecurity of crypto-algorithms have not been studied.
We develop a formal analysis of such a bimodal predictor under theeffect of faults.
Analysis shows that differences of branch misses under the effect ofbit faults can be exploited to attack implementations of RSA-likeasymmetric key algorithms, based on square and multiplicationoperations.
The attack is also threatening against Montgomery ladder ofCRT-RSA (RSA implemented using Chinese Remainder Theorem).
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25
-
Introduction
Asymmetric key algorithm have been threatened via timing sidechannels due to the behavior of the underlying branch predictors.
Effect of faults on such predictors and the consequences thereof onsecurity of crypto-algorithms have not been studied.
We develop a formal analysis of such a bimodal predictor under theeffect of faults.
Analysis shows that differences of branch misses under the effect ofbit faults can be exploited to attack implementations of RSA-likeasymmetric key algorithms, based on square and multiplicationoperations.
The attack is also threatening against Montgomery ladder ofCRT-RSA (RSA implemented using Chinese Remainder Theorem).
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25
-
Introduction
Asymmetric key algorithm have been threatened via timing sidechannels due to the behavior of the underlying branch predictors.
Effect of faults on such predictors and the consequences thereof onsecurity of crypto-algorithms have not been studied.
We develop a formal analysis of such a bimodal predictor under theeffect of faults.
Analysis shows that differences of branch misses under the effect ofbit faults can be exploited to attack implementations of RSA-likeasymmetric key algorithms, based on square and multiplicationoperations.
The attack is also threatening against Montgomery ladder ofCRT-RSA (RSA implemented using Chinese Remainder Theorem).
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25
-
Introduction
Asymmetric key algorithm have been threatened via timing sidechannels due to the behavior of the underlying branch predictors.
Effect of faults on such predictors and the consequences thereof onsecurity of crypto-algorithms have not been studied.
We develop a formal analysis of such a bimodal predictor under theeffect of faults.
Analysis shows that differences of branch misses under the effect ofbit faults can be exploited to attack implementations of RSA-likeasymmetric key algorithms, based on square and multiplicationoperations.
The attack is also threatening against Montgomery ladder ofCRT-RSA (RSA implemented using Chinese Remainder Theorem).
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 3 / 25
-
Contributions
The difference of branch misses observed through HPCs between thecorrect and the faulty execution can be modeled efficiently to developa key recovery attack.
We develop an iterative attack strategy, which simulates the branchescorresponding to partially known exponent bits and observes thedifference of branch misses from HPCs to reveal the next bit.
The theoretical simulations are validated on secret key-dependentmodular exponentiation algorithms as well as on CRT-RSAimplementation.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 4 / 25
-
Contributions
The difference of branch misses observed through HPCs between thecorrect and the faulty execution can be modeled efficiently to developa key recovery attack.
We develop an iterative attack strategy, which simulates the branchescorresponding to partially known exponent bits and observes thedifference of branch misses from HPCs to reveal the next bit.
The theoretical simulations are validated on secret key-dependentmodular exponentiation algorithms as well as on CRT-RSAimplementation.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 4 / 25
-
Contributions
The difference of branch misses observed through HPCs between thecorrect and the faulty execution can be modeled efficiently to developa key recovery attack.
We develop an iterative attack strategy, which simulates the branchescorresponding to partially known exponent bits and observes thedifference of branch misses from HPCs to reveal the next bit.
The theoretical simulations are validated on secret key-dependentmodular exponentiation algorithms as well as on CRT-RSAimplementation.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 4 / 25
-
Vulnerability of system due to HPCs in presence of fault
The scenario where the secret key gets flipped or corrupted canmanifest as a fault.
However, fault can also be introduced by skipping some targetinstructions as well [1].
On platforms such as Xilinx Microblaze where the HPC accesses areprovided [2], the instruction skip phenomenon can be exploited toreveal secret by monitoring events such as branching.
In recent processors, Rowhammer is a term coined for disturbancesobserved in DRAM devices, where repeated row activation causes theDRAM cells to electrically interact within themselves [3, 4].
Authors in [5] has exploited this Rowhammer vulnerability to flipsecret exponent bits residing in the memory of a x86 system. Thismotivates the study of differential analysis of HPCs when there is afault.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25
-
Vulnerability of system due to HPCs in presence of fault
The scenario where the secret key gets flipped or corrupted canmanifest as a fault.
However, fault can also be introduced by skipping some targetinstructions as well [1].
On platforms such as Xilinx Microblaze where the HPC accesses areprovided [2], the instruction skip phenomenon can be exploited toreveal secret by monitoring events such as branching.
In recent processors, Rowhammer is a term coined for disturbancesobserved in DRAM devices, where repeated row activation causes theDRAM cells to electrically interact within themselves [3, 4].
Authors in [5] has exploited this Rowhammer vulnerability to flipsecret exponent bits residing in the memory of a x86 system. Thismotivates the study of differential analysis of HPCs when there is afault.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25
-
Vulnerability of system due to HPCs in presence of fault
The scenario where the secret key gets flipped or corrupted canmanifest as a fault.
However, fault can also be introduced by skipping some targetinstructions as well [1].
On platforms such as Xilinx Microblaze where the HPC accesses areprovided [2], the instruction skip phenomenon can be exploited toreveal secret by monitoring events such as branching.
In recent processors, Rowhammer is a term coined for disturbancesobserved in DRAM devices, where repeated row activation causes theDRAM cells to electrically interact within themselves [3, 4].
Authors in [5] has exploited this Rowhammer vulnerability to flipsecret exponent bits residing in the memory of a x86 system. Thismotivates the study of differential analysis of HPCs when there is afault.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25
-
Vulnerability of system due to HPCs in presence of fault
The scenario where the secret key gets flipped or corrupted canmanifest as a fault.
However, fault can also be introduced by skipping some targetinstructions as well [1].
On platforms such as Xilinx Microblaze where the HPC accesses areprovided [2], the instruction skip phenomenon can be exploited toreveal secret by monitoring events such as branching.
In recent processors, Rowhammer is a term coined for disturbancesobserved in DRAM devices, where repeated row activation causes theDRAM cells to electrically interact within themselves [3, 4].
Authors in [5] has exploited this Rowhammer vulnerability to flipsecret exponent bits residing in the memory of a x86 system. Thismotivates the study of differential analysis of HPCs when there is afault.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25
-
Vulnerability of system due to HPCs in presence of fault
The scenario where the secret key gets flipped or corrupted canmanifest as a fault.
However, fault can also be introduced by skipping some targetinstructions as well [1].
On platforms such as Xilinx Microblaze where the HPC accesses areprovided [2], the instruction skip phenomenon can be exploited toreveal secret by monitoring events such as branching.
In recent processors, Rowhammer is a term coined for disturbancesobserved in DRAM devices, where repeated row activation causes theDRAM cells to electrically interact within themselves [3, 4].
Authors in [5] has exploited this Rowhammer vulnerability to flipsecret exponent bits residing in the memory of a x86 system. Thismotivates the study of differential analysis of HPCs when there is afault.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 5 / 25
-
In fault analysis attacks as well as their countermeasures, theadversary may be prevented in getting useful information but thehardware events reflects the systems internal state which may have adependence on the secret.
HPCs can be of potential threat with respect to fault analysis attacksand more notably against their countermeasures.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 6 / 25
-
In fault analysis attacks as well as their countermeasures, theadversary may be prevented in getting useful information but thehardware events reflects the systems internal state which may have adependence on the secret.
HPCs can be of potential threat with respect to fault analysis attacksand more notably against their countermeasures.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 6 / 25
-
Exponentiation and Underlying Multiplication Primitive
Inputs(M) are encrypted and decrypted by performing modularexponentiation with modulus N on public or private keys represented as nbit binary string.
Square and Multiply Exponentiation
Algorithm 1: Binary version of Square and Multiply Exponentiation AlgorithmS ← M ;for i from 1 to n − 1 do
S ← S ∗ S mod N ;if di = 1 then
S ← S ∗ M mod N ;end
endreturn S ;
Conditional execution of instruction and their dependence on secretexponent is exploited by the simple power and timing side-channels [6].
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 7 / 25
-
Montgomery Ladder Exponentiation Algorithm
A näıve modification is to have a balanced ladder structure having equalnumber of squarings and multiplications.
Most popular exponentiation primitive for Asymmetric-key cryptographicimplementations.
Algorithm 2: Montgomery Ladder AlgorithmR0 ← 1 ;R1 ← M ;for i from 0 to n − 1 do
if di = 0 thenR1 ← (R0 ∗ R1) mod N ;R0 ← (R0 ∗ R0) mod N ;
endelse
R0 ← (R0 ∗ R1) mod N ;R1 ← (R1 ∗ R1) mod N ;
end
endreturn R0 ;
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 8 / 25
-
Approximating the System predictor with 2-bit branchpredictor [7]
Predict Taken
Predict Not Taken
Predict Taken
Predict Not Taken
Taken
Not Taken
Not Taken
Not Taken
Taken
Taken
Taken
Not Taken
4290
4300
4310
4320
4330
4340
4350
4360
470 480 490 500 510 520 530 540 550 560
Obs
erve
d br
anch
mis
ses
from
Per
f
Predicted branch misses from 2-bit dynamic predictor
Figure: Variation of branch-misses from performancecounters with increase in branch miss from 2-bit predictoralgorithm
Direct correlation observed for the branch misses from HPCs and from thesimulated 2-bit dynamic predictor over a sample of exponent bitstream.
This confirms assumption of 2-bit dynamic predictor being an approximationto the underlying system branch predictor.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 9 / 25
-
Formalizing the differential of 2-bit predictor in faultattack setup
We model the strong effect of the bimodal predictor to exploit theside-channel leakage of branch misses from the performance counters.
Also we characterize the differential of branch misses from correct andfaulty branching sequences based on the behavior of 2-bit predictor.
Various parameters used during the analysis are defined as follows:
There is a sequence of n branches denoted as (b0, b1, · · · , bn−1)generated from execution of the algorithm under attack.
A fault at the i th execution of the algorithm changes the branchingdecision for the i th instance.
Difference in branch misses (∆i ) between the correct branchingsequence (b0, b1, · · · , bi , · · · , bn−1) and the faulty sequence(b0, b1, · · · , bi , · · · , bn−1) simulated theoretically over a 2-bitpredictor algorithm can be atleast −3 and atmost 3.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 10 / 25
-
Some more parameters
Table: Tabular Representation of Symbols
Symbols Meanings with respect to their analysis
(b0, b1, · · · , bi−1) Sequence of taken or not-taken known branchesStKj State of 2-bit predictor after j conditional branches with respect
to the Correct Sequence
StFij State of 2-bit predictor after j conditional branches with respect
to the Faulty Sequence
PKj+1 Branch predicted by 2-bit predictor for branch statement corre-sponding to (j + 1)th bit of Correct Sequence
PFij+1 Branch predicted by 2-bit predictor for branch statement corre-
sponding to (j + 1)th bit of Faulty Sequence
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 11 / 25
-
Formalizing 2-bit predictor behavior
Properties
Property 1:If StKi−1 = S0 or St
Ki−1 = S2, then P
Ki = P
Fi = bi−1.
Property 2:If StKi−1 = S0 or St
Ki−1 = S2, then there are guaranteed
mispredictions for branch statement at the i th instance foreither K or Fi . If the branch statement corresponding to(i + 1)th instance is not same as the predicted PKi , then there isa mismatch between the correct and the faulty sequence in thepredictor’s output for the (i + 2)th position as PKi+2 6= P
Fii+2.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 12 / 25
-
Differentials over 2-bit predictor
If StKi−1 = S0 and bi = 0 then ∆i ∈ {0, 1, 2, 3}
i−1 bits
0 0i−1 bits
1 0
0 0 0
0 1 0
P Fi+1PFi−1
bi
P Fi
PKi∆ = 1
Sti−1 = S0
PKi−1 PKi+1
bi−1
bi−1
bi+1
bi+1b̄i
(a) ∆i = 1
i−1 bits
0 01i−1 bits
1 1 1
0 0 1 0
0 1 1 0
PKi+3
P Fi+3PFi+2P
Fi+1
PKi+2
P Fi−1
bi
P Fi
PKi∆ = 2
Sti−1 = S0
PKi−1 PKi+1
bi−1
bi−1
bi+2
bi+2
bi+1
bi+1b̄i
(b) ∆i = 2
Figure: Variation of simulated branch-misses on the i th branching decision having Sti−1 = S0
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 13 / 25
-
If StKi−1 = S0 and bi = 0 then ∆i ∈ {0, 1, 2, 3}
i−1 bits
0 11i−1 bits
1 1 0
0 0 1 1
0 1 1 1
PKi+3
P Fi+3PFi+2P
Fi+1
PKi+2
P Fi−1
bi
P Fi
PKi∆ = 0
Sti−1 = S0
PKi−1 PKi+1
bi−1
bi−1
bi+2
bi+2
bi+1
bi+1b̄i
(a) ∆i = 0
i−1 bits
0 01i−1 bits
1 1 1
0 0 1 0 0
0 1 1 0 0
0
1
bi+3
bi+3
PKi+3
P Fi+3PFi+2P
Fi+1
PKi+2
P Fi−1
bi
P Fi
PKi∆ = 3
Sti−1 = S0
PKi−1 PKi+1
bi−1
bi−1
bi+2
bi+2
bi+1
bi+1b̄i
(b) Maximum Variation
Figure: Variation of simulated branch-misses on the i th branching decision having Sti−1 = S0
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 14 / 25
-
1 If StKi−1 = S0 and bi = 0 then ∆i ∈ {0, 1, 2, 3}2 If StKi−1 = S0 and bi = 1 then ∆i ∈ {0,−1,−2,−3}3 If StKi−1 = S2 and bi = 0 then ∆i ∈ {0,−1,−2,−3}, and4 If StKi−1 = S2 and bi = 1 then ∆i ∈ {0, 1, 2, 3}
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 15 / 25
-
Differential behavior of HPC due to an i th bit fault
The secret and faulty sequences only differ at the i th bit, the previous0th to (i − 1)th bits being same for both the exponents, the branchsequences corresponding to secret and its faulty counterpart variesonly at the i th bit.
Initially the adversary observes the number of branch misses forexponentiation operation using the secret exponent from HPCs.
In the next step, a fault induced at the target bit of secret key,simultaneously observing the number of branch misses from HPCs forexponentiation using the faulty exponent.
The difference of branch misses obtained through HPCs is denoted asδi .
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 16 / 25
-
0
5
10
15
20
25
30
-2000 -1500 -1000 -500 0 500 1000 1500 2000 2500
Fre
quencie
s
Differences of branch misses
ith
branch takenith
branch not-taken
(a) when StKi−1 = S0
0
5
10
15
20
25
30
35
40
-2000 -1500 -1000 -500 0 500 1000 1500 2000
Fre
quencie
s
Differences of branch misses
ith
branch takenith
branch not-taken
(b) StKi−1 = S2
Figure: Variation of branch-misses from performance counters based on the i th branchingdecision
If StKi−1 = S0,
If bi = 0, then δi > 0
Else if bi = 1, then δi < 0
If StKi−1 = S2,
If bi = 0, then δi < 0
Else if bi = 1, then δi > 0
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 17 / 25
-
Developing the Attack Algorithm
Let δi be the differences of branch misses over the secret and faultyexponent observed from the HPCs. We determine the next bit nbi as,
If StKi−1 = S0/S2:If δi < 0,
nbi = 0, if StKi−1 = S2 and
nbi = 1, when StKi−1 = S0.
Else if δi > 0
nbi = 0, if StKi−1 = S0 and
nbi = 1, when StKi−1 = S2.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 18 / 25
-
Else if, StKi−1 = S1/S3:If we flip the (i − 1)th bit, the state upto (i − 1)th bit changes to S0 or S2.
the characteristic property for Sti−1 = S1/S3 is such thatbi−2 = Pi−1 = Pi 6= bi−1.
If we inject a fault at (i − 1)th position then branching decision bi−1 getscomplemented. Effectively, if StKi−1 = S1 previously then after fault St
Fi−1i−1
becomes S0. Similarly, if StKi−1 = S3 previously then after fault St
Fi−1i−1
becomes S2.
Let δi−1,i be the differences of branch misses over the faulty exponentsobserved from the HPCs. We determine the next bit nbi as,
If δi−1,i < 0,nbi = 0, if St
Ki−1 = S3 and
nbi = 1, when StKi−1 = S1.
Else if δi−1,i > 0nbi = 0, if St
Ki−1 = S1 and
nbi = 1, when StKi−1 = S3.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 19 / 25
-
Modelling the System Noise
-50
0
50
100
150
200
250
300
350
400
450
3000 3500 4000 4500 5000 5500 6000
Fre
quencie
s
Branch misses
(a) Due to exponentiation on secret ex-ponent
-1000
0
1000
2000
3000
4000
5000
6000
3000 3500 4000 4500 5000 5500 6000 6500
Fre
quencie
s
Branch misses
(b) Due to environmental processes run-ning in the system
Figure: Distribution of branch-misses of secret and faulty exponent on square and multiplyimplementation from HPCs having Sti−1 = S0
Fig.(a) has similar nature to this noise distribution in Fig.(b) with a shiftin the respective statistics with an increase in branch misprediction due tothe conditional statements from the secret exponents.PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 20 / 25
-
Validation of the Attack Algorithm
We present the validation of previous discussion through experimentson 1024 bits of RSA.
The fault model is simulated in software.
Experiments are performed on various platforms as Core-2 DuoE7400, Intel Core i3 M350 and Intel Core i5-3470.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 21 / 25
-
Experiments on Square and Multiply Algorithm
-10
0
10
20
30
40
50
60
3000 3500 4000 4500 5000 5500 6000
Fre
que
nci
es
Branch misses
Secret ExponentFaulty Exponent
(a) bi = 0 and δi = 14.014
-50
0
50
100
150
200
250
300
350
400
450
3000 3500 4000 4500 5000 5500 6000
Fre
que
nci
es
Branch misses
Secret ExponentFaulty Exponent
(b) bi = 1 and δi = −35.79Figure: Distribution of branch-misses of secret and faulty exponent on square and multiplyimplementation from HPCs having Sti−1 = S0
Fig.(a) show distribution of branch misses from the square and multiply exponentiationhaving Sti−1 = S0 for bi = 0 and the fault being introduced at i = 1019
th position.
δi = 14.014 and since Sti−1 = S0, and with positive value of δi , the next branch is
decided as nbi = 0 and ki = bi .
Similarly, Fig.(b) i = 548th location having bi = 1 and Sti−1 = S0, we observed
δi = −35.79 which correctly decides the i th branch as 1.PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 22 / 25
-
Experiments on Montgomery Ladder
-10
0
10
20
30
40
50
60
3000 3500 4000 4500 5000 5500 6000
Fre
qu
en
cie
s
Branch misses
Secret ExponentFaulty Exponent
(a) bi = 0 and δi = 9.828
0
5
10
15
20
25
30
35
40
45
50
3000 3500 4000 4500 5000 5500 6000
Fre
qu
en
cie
s
Branch misses
Secret ExponentFaulty Exponent
(b) bi = 1 and δi = −139.086Figure: Distribution of branch-misses of secret and faulty exponent on Montgomery Ladderimplementation from HPCs having Sti−1 = S0
Fig.(a) shows for ki = 1 for i = 248 where Sti−1 = S0, bi = 0 and the branch misses fromHPCs δi = 9.828 reveals a positive difference correctly identifying nbi = 0.
While Fig.(b) shows a negative difference δi = −139.086 correctly identifying k1 = 0 fori = 337.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 23 / 25
-
Attacks on CRT-RSA implementation
-20
0
20
40
60
80
100
120
140
20000 22000 24000 26000 28000 30000 32000 34000
Fre
qu
en
cie
s
Branch misses
Secret ExponentFaulty Exponent
(a) dpi = 0 and δi = 243.212
-20
0
20
40
60
80
100
120
140
20000 22000 24000 26000 28000 30000 32000 34000
Fre
qu
en
cie
s
Branch misses
Secret ExponentFaulty Exponent
(b) dpi = 1 and δi = −136.029Figure: Distribution of branch-misses of secret and faulty exponent on CRT-RSAimplementation from HPCs having Sti−1 = S0
Fig.(a),(b) show two instances of the CRT-RSA implementation with square and multiplyand simulated fault induced in dp , while exponentiation for dq is computed unaffected.
In both situation, the target exponent bits of dp are shown to be retrieved correctly and
uniquely.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 24 / 25
-
Conclusion
HPCs used as performance monitors in modern systems can beobserved by adversaries to determine critical information of secret keybits.
The attack we illustrate exploit strong correlation of the 2-bit dynamicpredictor to unknown underlying branch predictor of the system.
We present a differential fault analysis to show that difference ofbranch misses for a 2-bit predictor can be utilized to revealinformation of key bits.
The attacks can be adapted to embedded soft-core processors withpractical faults being introduced by instruction skips.
Interestingly, fault attack countermeasures which stop or randomizethe output when a fault occurs can still be attacked using thesetechniques.
The work raises the question of secured implementation of ciphers inpresence of HPCs in modern processors where fault inductions arefeasible.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25
-
Conclusion
HPCs used as performance monitors in modern systems can beobserved by adversaries to determine critical information of secret keybits.
The attack we illustrate exploit strong correlation of the 2-bit dynamicpredictor to unknown underlying branch predictor of the system.
We present a differential fault analysis to show that difference ofbranch misses for a 2-bit predictor can be utilized to revealinformation of key bits.
The attacks can be adapted to embedded soft-core processors withpractical faults being introduced by instruction skips.
Interestingly, fault attack countermeasures which stop or randomizethe output when a fault occurs can still be attacked using thesetechniques.
The work raises the question of secured implementation of ciphers inpresence of HPCs in modern processors where fault inductions arefeasible.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25
-
Conclusion
HPCs used as performance monitors in modern systems can beobserved by adversaries to determine critical information of secret keybits.
The attack we illustrate exploit strong correlation of the 2-bit dynamicpredictor to unknown underlying branch predictor of the system.
We present a differential fault analysis to show that difference ofbranch misses for a 2-bit predictor can be utilized to revealinformation of key bits.
The attacks can be adapted to embedded soft-core processors withpractical faults being introduced by instruction skips.
Interestingly, fault attack countermeasures which stop or randomizethe output when a fault occurs can still be attacked using thesetechniques.
The work raises the question of secured implementation of ciphers inpresence of HPCs in modern processors where fault inductions arefeasible.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25
-
Conclusion
HPCs used as performance monitors in modern systems can beobserved by adversaries to determine critical information of secret keybits.
The attack we illustrate exploit strong correlation of the 2-bit dynamicpredictor to unknown underlying branch predictor of the system.
We present a differential fault analysis to show that difference ofbranch misses for a 2-bit predictor can be utilized to revealinformation of key bits.
The attacks can be adapted to embedded soft-core processors withpractical faults being introduced by instruction skips.
Interestingly, fault attack countermeasures which stop or randomizethe output when a fault occurs can still be attacked using thesetechniques.
The work raises the question of secured implementation of ciphers inpresence of HPCs in modern processors where fault inductions arefeasible.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25
-
Conclusion
HPCs used as performance monitors in modern systems can beobserved by adversaries to determine critical information of secret keybits.
The attack we illustrate exploit strong correlation of the 2-bit dynamicpredictor to unknown underlying branch predictor of the system.
We present a differential fault analysis to show that difference ofbranch misses for a 2-bit predictor can be utilized to revealinformation of key bits.
The attacks can be adapted to embedded soft-core processors withpractical faults being introduced by instruction skips.
Interestingly, fault attack countermeasures which stop or randomizethe output when a fault occurs can still be attacked using thesetechniques.
The work raises the question of secured implementation of ciphers inpresence of HPCs in modern processors where fault inductions arefeasible.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25
-
Conclusion
HPCs used as performance monitors in modern systems can beobserved by adversaries to determine critical information of secret keybits.
The attack we illustrate exploit strong correlation of the 2-bit dynamicpredictor to unknown underlying branch predictor of the system.
We present a differential fault analysis to show that difference ofbranch misses for a 2-bit predictor can be utilized to revealinformation of key bits.
The attacks can be adapted to embedded soft-core processors withpractical faults being introduced by instruction skips.
Interestingly, fault attack countermeasures which stop or randomizethe output when a fault occurs can still be attacked using thesetechniques.
The work raises the question of secured implementation of ciphers inpresence of HPCs in modern processors where fault inductions arefeasible.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25
-
AVR Freaks.
Instruction skipping after spurious interrupt,http://www.avrfreaks.net/forum/solved-instruction-skipping-after-spurious-interrupt, 2015.
mp-fpga.
Performance Counter for Microblaze, http://mp-fpga.blogspot.in/2007/10/performance-counter-for-microblaze.html,2007.
Wikipedia.
Rowhammer wikipedia page, https://en.wikipedia.org/wiki/Row-hammer, 2016.
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur
Mutlu.Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors.In ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Minneapolis, MN, USA, June 14-18,2014, pages 361–372. IEEE Computer Society, 2014.
Sarani Bhattacharya and Debdeep Mukhopadhyay.
Curious case of rowhammer: Flipping secret exponent bits using timing analysis.In CHES, 2015.
Paul C. Kocher.
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems.In Neal Koblitz, editor, CRYPTO ’96: Proceedings of the 16th Annual International Cryptology Conference on Advancesin Cryptology, volume 1109 of Lecture Notes in Computer Science, pages 104–113, London, UK, 1996. Springer-Verlag.
Sarani Bhattacharya and Debdeep Mukhopadhyay.
Who watches the watchmen?: Utilizing performance monitors for compromising keys of RSA on intel platforms.In Tim Güneysu and Helena Handschuh, editors, Cryptographic Hardware and Embedded Systems - CHES 2015 - 17thInternational Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, volume 9293 of Lecture Notes inComputer Science, pages 248–266. Springer, 2015.
PROOFS 2016 Sarani Bhattacharya Formal Fault Analysis of Branch Predictors 25 / 25
IntroductionConclusion