research-article

Single Trace Attack Against RSA Key Generation in Intel SGX SSL

Authors:

Raphael Spreitzer,

Lukas BodnerAuthors Info & Claims

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

Pages 575 - 586

https://doi.org/10.1145/3196494.3196524

Published: 29 May 2018 Publication History

Abstract

Microarchitectural side-channel attacks have received significant attention recently. However, while side-channel analyses on secret key operations such as decryption and signature generation are well established, the process of key generation did not receive particular attention so far. Especially due to the fact that microarchitectural attacks usually require multiple observations (more than one measurement trace) to break an implementation, one-time operations such as key generation routines are often considered as uncritical and out of scope. However, this assumption is no longer valid for shielded execution architectures, where sensitive code is executed - in the realm of a potential attacker - inside hardware enclaves. In such a setting, an untrusted operating system can conduct noiseless controlled-channel attacks by exploiting page access patterns. In this work, we identify a critical vulnerability in the RSA key generation procedure of Intel SGX SSL (and the underlying OpenSSL library) that allows to recover secret keys from observations of a single execution. In particular, we mount a controlled-channel attack on the binary Euclidean algorithm (BEA), which is used for checking the validity of the RSA key parameters generated within an SGX enclave. Thereby, we recover all but 16 bits of one of the two prime factors of the public modulus. For an 8192-bit RSA modulus, we recover the remaining 16 bits and thus the full key in less than 12 seconds on a commodity PC. In light of these results, we urge for careful re-evaluation of cryptographic libraries with respect to single trace attacks, especially if they are intended for shielded execution environments such as Intel SGX.

References

[1]

Onur Aciiçmez. 2007. Yet Another MicroArchitectural Attack: : Exploiting ICache. In Computer Security Architecture Workshop -- CSAW. ACM, 11--18.

Digital Library

[2]

Onur Aciiçmez, Shay Gueron, and Jean-Pierre Seifert. 2007. New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures. In Cryptography and Coding -- IMA 2007 (LNCS), Vol. 4887. Springer, 185--203.

Digital Library

[3]

Onur Aciiçmez, Çetin Kaya Koç, and Jean-Pierre Seifert. 2007. On the Power of Simple Branch Prediction Analysis. In Asia Conference on Computer and Communications Security -- AsiaCCS 2007. ACM, 312--320.

Digital Library

[4]

Onur Aciiçmez and Werner Schindler. 2008. A Vulnerability in RSA Implementations Due to Instruction Cache Analysis and Its Demonstration on OpenSSL. In Topics in Cryptology -- CT-RSA 2008 (LNCS), Vol. 4964. Springer, 256--273.

Digital Library

[5]

Sarang Aravamuthan and Viswanatha Rao Thumparthy. 2007. A Parallelization of ECDSA Resistant to Simple Power Analysis Attacks. In Communication System Software and Middleware -- COMSWARE 2007. IEEE, 1--7.

[6]

Elaine Barker and Allen Roginsky (NIST). 2015. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. (2015). NIST Special Publication 800--131A, Revision 1.

[7]

Aurélie Bauer, Éliane Jaulmes, Victor Lomné, Emmanuel Prouff, and Thomas Roche. 2014. Side-Channel Attack against RSA Key Generation Algorithms. In Cryptographic Hardware and Embedded Systems -- CHES 2014 (LNCS), Vol. 8731. Springer, 223--241.

Digital Library

[8]

Daniel J. Bernstein. 2005. Cache-Timing Attacks on AES. Available online at http://cr.yp.to/antiforgery/cachetiming-20050414.pdf. (April 2005).

[9]

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom. 2017. Sliding Right into Disaster: Left-to-Right Sliding Windows Leak. In Cryptographic Hardware and Embedded Systems -- CHES 2017 (LNCS), Vol. 10529. Springer, 555-- 576.

[10]

Dan Boneh. 1999. Twenty Years of Attacks on the RSA Cryptosystem. Notices of the American Mathematical Society (AMS) 46 (1999), 203--213.

[11]

Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In Workshop on Offensive Technologies -- WOOT 2017. USENIX Association.

Digital Library

[12]

Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In System Software for Trusted Execution -- SysTEX 2017. ACM. In press.

Digital Library

[13]

Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In USENIX Security Symposium 2017. USENIX Association, 1041--1056.

[14]

Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. 2017. Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu. In Asia Conference on Computer and Communications Security -- AsiaCCS. ACM, 7--18.

Digital Library

[15]

Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. 2009. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors. In IEEE Symposium on Security and Privacy -- S&P 2009. IEEE Computer Society, 45--60.

Digital Library

[16]

Intel Corporation. 2017. Intel Software Guard Extensions Developer Guide. https://software.intel.com/en-us/sgx-sdk/documentation. (2017).

[17]

Intel Corporation. 2017. Intel Software Guard Extensions (Intel SGX). https: //software.intel.com/en-us/sgx. (2017).

[18]

Intel Corporation. 2017. Using the Intel Software Guard Extensions (Intel SGX) SSL Library. https://software.intel.com/en-us/sgx/resource-library. (2017).

[19]

Thomas Finke, Max Gebhardt, and Werner Schindler. 2009. A New Side-Channel Attack on RSA Prime Generation. In Cryptographic Hardware and Embedded Systems -- CHES 2009 (LNCS), Vol. 5747. Springer, 141--155.

Digital Library

[20]

OpenSSL Software Foundation. 2017. OpenSSL -- Cryptography and SSL/TLS Toolkit. https://www.openssl.org/. (2017).

[21]

Yangchun Fu, Erick Bauman, Raul Quinonez, and Zhiqiang Lin. 2017. SGX-LAPD: Thwarting Controlled Side Channel Attacks via Enclave Verifiable Page Faults. In Recent Advances in Intrusion Detection -- RAID 2017 (LNCS), Vol. 10453. Springer, 357--380.

[22]

Cesar Pereida García and Billy Bob Brumley. 2017. Constant-Time Callees with Variable-Time Callers. In USENIX Security Symposium 2017. USENIX Association, 83--98.

[23]

Qian Ge, Yuval Yarom, David Cock, and Gernot Heiser. 2016. A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware. Journal of Cryptographic Engineering (2016), 1--27.

[24]

Vinodh Gopal, James Guilford, Erdinc Ozturk, Wajdi Feghali, Gil Wolrich, and Martin Dixon. 2009. Fast and Constant-Time Implementation of Modular Exponentiation. In Embedded Systems and Communications Security -- ECSC 2009.

[25]

Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache Attacks on Intel SGX. In European Workshop on System Security -- EUROSEC 2017. ACM, 2:1--2:6.

Digital Library

[26]

Shay Gueron. 2012. Efficient Software Implementations of Modular Exponentiation. J. Cryptographic Engineering 2 (2012), 31--43.

[27]

Marcus Hähnel, Weidong Cui, and Marcus Peinado. 2017. High-Resolution Side Channels for Untrusted Operating Systems. In USENIX Annual Technical Conference -- USENIX ATC 2017. USENIX Association, 299--312.

Digital Library

[28]

Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan del Cuvillo. 2013. Using Innovative Instructions to Create Trustworthy Software Solutions. In Hardware and Architectural Support for Security and Privacy -- HASP. ACM, 11.

Digital Library

[29]

American National Standards Institute. 1998. Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA). (1998).

[30]

Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology -- CRYPTO 1996 (LNCS), Vol. 1109. Springer, 104--113.

Digital Library

[31]

Robert Könighofer. 2008. A Fast and Cache-Timing Resistant Implementation of the AES. In Topics in Cryptology -- CT-RSA 2008 (LNCS), Vol. 4964. Springer, 187--202.

Digital Library

[32]

Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In USENIX Security Symposium 2017. USENIX Association, 557--574.

[33]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative Instructions and Software Model for Isolated Execution. In Hardware and Architectural Support for Security and Privacy -- HASP. ACM, 10.

Digital Library

[34]

Alfred Menezes, Paul C. van Oorschot, and Scott A. Vanstone. 1996. Handbook of Applied Cryptography. CRC Press.

Digital Library

[35]

Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. 2017. CacheZoom: How SGX Amplifies the Power of Cache Attacks. In Cryptographic Hardware and Embedded Systems -- CHES 2017 (LNCS), Vol. 10529. Springer, 69--90.

[36]

Elaine Barker (NIST). 2016. Recommendation for Key Management, Part 1: General. (2016).

[37]

Colin Percival. 2005. Cache Missing for Fun and Profit. http://daemonology.net/ hyperthreading-considered-harmful/. (2005).

[38]

Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. 1978. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Commun. ACM 21 (1978), 120--126.

Digital Library

[39]

Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In Detection of Intrusions and Malware &Vulnerability Assessment -- DIMVA 2017 (LNCS), Vol. 10327. Springer, 3--24.

[40]

Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In Network and Distributed System Security Symposium -- NDSS 2017. The Internet Society.

[41]

Ming-Wi Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In Network and Distributed System Security Symposium -- NDSS 2017. In press.

[42]

Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. 2015. Preventing Your Faults From Telling Your Secrets: Defenses Against Pigeonhole Attacks. arXiv ePrint Archive, Report 1506.04832 (2015).

[43]

Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. 2016. Preventing Page Faults from Telling Your Secrets. In Asia Conference on Computer and Communications Security -- AsiaCCS. ACM, 317--328.

Digital Library

[44]

J. Stein. 1967. Computational Problems Associated with Racah Algebra. J. Comput. Phys. 1 (1967), 397--405.

[45]

Raoul Strackx and Frank Piessens. 2016. Ariadne: A Minimal Approach to State Continuity. In USENIX Security Symposium 2016. USENIX Association, 875--892.

[46]

Raoul Strackx and Frank Piessens. 2017. The Heisenberg Defense: Proactively Defending SGX Enclaves against Page-Table-Based Side-Channel Attacks. CoRR abs/1712.08519 (2017).

[47]

Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient Cache Attacks on AES, and Countermeasures. J. Cryptology 23 (2010), 37--71.

Digital Library

[48]

Camille Vuillaume, Takashi Endo, and Paul Wooderson. 2012. RSA Key Generation: New Attacks. In Constructive Side-Channel Analysis and Secure Design -- COSADE 2012 (LNCS), Vol. 7275. Springer, 105--119.

Digital Library

[49]

Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. 2017. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. In Conference on Computer and Communications Security -- CCS 2017. ACM, 2421-- 2434.

Digital Library

[50]

Yuan Xiao, Mengyuan Li, Sanchuan Chen, and Yinqian Zhang. 2017. STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves. In Conference on Computer and Communications Security -- CCS 2017. ACM, 859--874.

Digital Library

[51]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In IEEE Symposium on Security and Privacy -- S&P 2015. IEEE Computer Society, 640--656.

Digital Library

[52]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In USENIX Security Symposium 2014. USENIX Association, 719--732.

Digital Library

[53]

Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2016. CacheBleed: A Timing Attack on OpenSSL Constant Time RSA. In Cryptographic Hardware and Embedded Systems -- CHES 2016 (LNCS), Vol. 9813. Springer, 346--367.

Cited By

Van Schaik SSeto AYurek TBatori AAlBassam BGenkin DMiller ARonen EYarom YGarman C(2024)SoK: SGX.Fail: How Stuff Gets eXposed2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00260(4143-4162)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00260
Shepherd CMarkantonakis KShepherd CMarkantonakis K(2024)ConclusionTrusted Execution Environments10.1007/978-3-031-55561-9_9(185-191)Online publication date: 22-Feb-2024
https://doi.org/10.1007/978-3-031-55561-9_9
Constable SVan Bulck JCheng XXiao YXing CAlexandrovich IKim TPiessens FVij MSilberstein MCalandrino JTroncoso C(2023)AEX-NotifyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620464(4051-4068)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620464
Show More Cited By

Index Terms

Single Trace Attack Against RSA Key Generation in Intel SGX SSL
1. Security and privacy
  1. Cryptography
  2. Software and application security

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
SGX-Bomb: Locking Down the Processor via Rowhammer Attack
SysTEX'17: Proceedings of the 2nd Workshop on System Software for Trusted Execution

Intel Software Guard Extensions (SGX) provides a strongly isolated memory space, known as an enclave, for a user process, ensuring confidentiality and integrity against software and hardware attacks. Even the operating system and hypervisor cannot ...
Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization
SysTEX '18: Proceedings of the 3rd Workshop on System Software for Trusted Execution

Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computation from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

May 2018

866 pages

ISBN:9781450355766

DOI:10.1145/3196494

General Chairs:
Jong Kim
Pohang University of Science and Technology, South Korea
,
Gail-Joon Ahn
Arizona State University, USA &Samsung Electronics, South Korea
,
Seungjoo Kim
Korea University, South Korea
,
Program Chairs:
Yongdae Kim
KAIST, South Korea
,
Javier Lopez
University of Malaga, Spain
,
Taesoo Kim
Georgia Tech, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Technische Universität Graz
H2020 European Research Council
Österreichische Forschungsförderungsgesellschaft

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

ASIACCS '18 Paper Acceptance Rate 52 of 310 submissions, 17%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
398
Total Downloads

Downloads (Last 12 months)37
Downloads (Last 6 weeks)8

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Van Schaik SSeto AYurek TBatori AAlBassam BGenkin DMiller ARonen EYarom YGarman C(2024)SoK: SGX.Fail: How Stuff Gets eXposed2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00260(4143-4162)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00260
Shepherd CMarkantonakis KShepherd CMarkantonakis K(2024)ConclusionTrusted Execution Environments10.1007/978-3-031-55561-9_9(185-191)Online publication date: 22-Feb-2024
https://doi.org/10.1007/978-3-031-55561-9_9
Constable SVan Bulck JCheng XXiao YXing CAlexandrovich IKim TPiessens FVij MSilberstein MCalandrino JTroncoso C(2023)AEX-NotifyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620464(4051-4068)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620464
Tani KKunihiro N(2023)HS-Based Error Correction Algorithm for Noisy Binary GCD Side-Channel SequencesApplied Cryptography and Network Security10.1007/978-3-031-33488-7_3(59-88)Online publication date: 29-May-2023
https://doi.org/10.1007/978-3-031-33488-7_3
Schwarzl MKraft EGruss D(2023)Layered Binary TemplatingApplied Cryptography and Network Security10.1007/978-3-031-33488-7_2(33-58)Online publication date: 29-May-2023
https://doi.org/10.1007/978-3-031-33488-7_2
Yoon HLee M(2022)SGXDump: A Repeatable Code-Reuse Attack for Extracting SGX Enclave MemoryApplied Sciences10.3390/app1215765512:15(7655)Online publication date: 29-Jul-2022
https://doi.org/10.3390/app12157655
Jiang KBao YWang SLiu ZZhang TYin HStavrou ACremers CShi E(2022)Cache Refinement Type for Side-Channel Detection of Cryptographic SoftwareProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560672(1583-1597)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560672
Lou XZhang TJiang JZhang Y(2021)A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in CryptographyACM Computing Surveys10.1145/345662954:6(1-37)Online publication date: 13-Jul-2021
https://dl.acm.org/doi/10.1145/3456629
Lata KBansal A(2021)Timing Side-Channel Attack Resistant Key Derivation Functions for Cryptosystems2021 IEEE International Symposium on Smart Electronic Systems (iSES)10.1109/iSES52644.2021.00096(395-399)Online publication date: Dec-2021
https://doi.org/10.1109/iSES52644.2021.00096
García CUl Hassan STuveri NGridin IAldaya ABrumley BCapkun SRoesner F(2020)Certified side channelsProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489326(2021-2038)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489326
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents