Showing papers on "Timing attack published in 2021"

Secure Elliptic Curve Crypto-Processor for Real-Time IoT Applications

Abstract: Cybersecurity is a critical issue for Real-Time IoT applications since high performance and low latencies are required, along with security requirements to protect the large number of attack surfaces to which IoT devices are exposed. Elliptic Curve Cryptography (ECC) is largely adopted in an IoT context to provide security services such as key-exchange and digital signature. For Real-Time IoT applications, hardware acceleration for ECC-based algorithms can be mandatory to meet low-latency and low-power/energy requirements. In this paper, we propose a fast and configurable hardware accelerator for NIST P-256/-521 elliptic curves, developed in the context of the European Processor Initiative. The proposed architecture supports the most used cryptography schemes based on ECC such as Elliptic Curve Digital Signature Algorithm (ECDSA), Elliptic Curve Integrated Encryption Scheme (ECIES), Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV). A modified version of Double-And-Add-Always algorithm for Point Multiplication has been proposed, which allows the execution of Point Addition and Doubling operations concurrently and implements countermeasures against power and timing attacks. A simulated approach to extract power traces has been used to assess the effectiveness of the proposed algorithm compared to classical algorithms for Point Multiplication. A constant-time version of the Shamir’s Trick has been adopted to speed-up the Double-Point Multiplication and modular inversion is executed using Fermat’s Little Theorem, reusing the internal modular multipliers. The accelerator has been verified on a Xilinx ZCU106 development board and synthesized on both 45 nm and 7 nm Standard-Cell technologies.

Invisible Probe: Timing Attacks with PCIe Congestion Side-channel

Abstract: PCIe (Peripheral Component Interconnect express) protocol is the de facto protocol to bridge CPU and peripheral devices like GPU, NIC, and SSD drive. There is an increasing demand to install more peripheral devices on a single machine, but the PCIe interfaces offered by Intel CPUs are fixed. To resolve such contention, PCIe switch, PCH (Platform Controller Hub), or virtualization cards are installed on the machine to allow multiple devices to share a PCIe interface. Congestion happens when the collective PCIe traffic from the devices overwhelm the PCIe link capacity, and transmission delay is then introduced.In this work, we found the PCIe delay not only harms device performance but also leaks sensitive information about a user who uses the machine. In particular, as user’s activities might trigger data movement over PCIe (e.g., between CPU and GPU), by measuring PCIe congestion, an adversary accessing another device can infer the victim’s secret indirectly. Therefore, the delay resulted from I/O congestion can be exploited as a side-channel. We demonstrate the threat from PCIe congestion through 2 attack scenarios and 4 victim settings. Specifically, an attacker can learn the workload of a GPU in a remote server by probing a RDMA NIC that shares the same PCIe switch and measuring the delays. Based on the measurement, the attacker is able to know the keystroke timings of the victim, what webpage is rendered on the GPU, and what machine-learning model is running on the GPU. Besides, when the victim is using a low-speed device, e.g., an Ethernet NIC, an attacker controlling an NVMe SSD can launch a similar attack when they share a PCH or virtualization card. The evaluation result shows our attack can achieve high accuracy (e.g., 96.31% accuracy in inferring webpage visited by a victim).

Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator

Abstract: Edge deep learning accelerators are optimised hardware to enable efficient inference on the edge. The models deployed on these accelerators are often proprietary and thus sensitive for commercial and privacy reasons. In this paper, we demonstrate practical vulnerability of deployed deep learning models to timing side-channel attacks. By measuring the execution time of the inference, the adversary can determine and reconstruct the model from a known family of well known deep learning model and then use available techniques to recover remaining hyperparameters. The vulnerability is validated on Intel Compute Stick 2 for VGG and ResNet family of models. Moreover, the presented attack is quite devastating as it can be performed in a cross-device setting, where adversary profiles constructed on a legally own device can be used to exploit the victim device with a single query and still can achieve near perfect success rate.

End-to-end automated cache-timing attack driven by machine learning

Abstract: Cache-timing attacks are serious security threats that exploit cache memories to steal secret information. We believe that the identification of a sequence of function calls from cache-timing data measurements is not a trivial step when building an attack. We present a recurrent neural network model able to automatically retrieve a sequence of operations from cache timings. Inspired from natural language processing, our model is able to learn on partially labelled data. We use the model to unfold an end-to-end automated attack on OpenSSL ECDSA on the secp256k1 curve. Our attack is able to extract the 256 bits of the secret key by automatic analysis of about 2400 traces without any human processing.

Chronos: Timing Interference as a New Attack Vector on Autonomous Cyber-physical Systems

Abstract: Timing property plays a vital role in the Cyber-Physical System(CPS) due to its interaction with the physical world. The smooth operation of these robotic systems often relies on an accurate and timely perception and actuation of the physical world. In this poster, we demonstrated a unique new class of attack, Chronos, that exploits timing interference to cause system destabilization in cyber-physical systems. Using a compromised non-privileged non-critical task on the system, we launch timing interference attacks on both drone and autonomous vehicle platforms. Through both open-loop and close-loop testing on the end-to-end stack, we showed that the timing attack could lead to complete loss of control of the autonomous system, crashing them onto the surroundings when there is no software vulnerability. To further understand this novel attack vector, we perform preliminary investigations on the localization component of these two platforms, because they both make use of well-known simultaneous localization and mapping (SLAM) algorithms that depend on timing-sensitive multimodal data from different sensors. Building on the insights from the case study, we present our formulation of the timing attack surface and highlight future directions.

SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers

Abstract: JavaScript-based timing attacks have been greatly explored over the last few years. They rely on subtle timing differences to infer information that should not be available inside of the JavaScript sandbox. In reaction to these attacks, the W3C and browser vendors have implemented several countermeasures, with an important focus on JavaScript timers. However, as these attacks multiplied in the last years, so did the countermeasures, in a cat-and-mouse game fashion. In this paper, we present the evolution and current situation of timing attacks in browsers, as well as statistical tools to characterize available timers. Our goal is to present a clear view of the attack surface and understand: what are the main prerequisites and classes of browser-based timing attacks and what are the main countermeasures. We focus on determining to what extent the changes on timing-based countermeasures impact browser security. In particular, we show that the shift in protecting against transient execution attacks has re-enabled other attacks such as microarchitec-tural side-channel attacks with a higher bandwidth than what was possible just two years ago.

DAMARU: A Denial-of-Service Attack on Randomized Last-Level Caches

Abstract: Cross-core conflict-based timing attacks like Prime+Probe at the shared last-level cache (LLC) are practical and can cause information leakage. Cache address randomization is one of the techniques that claim to mitigate these attacks. CEASER, CEASER-S, and ScatterCache are the three recent randomized caches that use encryption engines to randomize the memory address mapping. CEASER and CEASER-S, along with encryption engines, remap the cache blocks periodically to break the static mapping of memory blocks into the LLC blocks. Encryption engine and remapping provide security to the randomized caches. However, access to encryption engines and the remapping of cache blocks are on the critical path of LLC accesses. We target encryption engine and remapping of randomized cache to mount a denial of service (DoS) attack named DAMARU. In DAMARU, the attacker frequently sends memory requests to the LLC that causes an increase in the victim's LLC access waiting time for the encryption engine. DAMARU is the first DoS attack on randomized caches where an attacker can cause a DoS even without thrashing the LLC. DAMARU provides a performance slowdown of up to 3.19X and 6X for 8-core and 16-core simulated systems, respectively. In terms of performance slowdown, the effectiveness of our DAMARU attack decreases with an increase in the number of encryption engines.

Trident: A Hybrid Correlation-Collision GPU Cache Timing Attack for AES Key Recovery

Abstract: Given the parallel processing capabilities of Graphics Processing Units (GPUs), many applications are exploiting GPUs and cryptographic systems have also begun to leverage GPUs to accelerate encryption/decryption. Recent work has identified how microarchitectural side-channel attacks can be carried out on AES (Advanced Encryption Standard) by exploiting the SIMT characteristics and memory coalescing of GPUs. In this work, we first show that previously proposed correlation-based side-channel attacks are not feasible on modern GPUs that support narrower data-cache accesses via a sectored-cache microarchitecture–resulting in memory accesses from different levels of the memory hierarchy. In comparison, we identify how negative timing correlation can occur in modern GPUs when data is fetched from different levels of the cache hierarchy. We then propose Trident - a hybrid cache-collision timing attack on GPUs that can fully recover all AES key bytes on modern GPUs. Cache collisions in GPUs present challenges due to the large number of threads and the number of samples required. To address these challenges, Trident consists of three different components - negative timing correlation, cache-collision attack, and chosen plaintext attack. We leverage the negative timing correlation to recover earlier key bytes of AES while exploiting cache-collision attacks for the latter AES key bytes. To enable GPU cache collision attacks, we exploit memory coalescing to control the number of memory accesses through chosen-plaintext attacks to significantly reduce the number of timing samples needed. Our proposed Trident attack results in over 10× reduction in the number of samples needed to recover the key bytes compared with prior work, while still being successful in full AES key recovery in modern GPUs. We also propose TridentShield - a latency-based countermeasure to the Trident attack that minimizes throughput degradation in GPUs.

Security Enhancement Using Modified AES and Diffie–Hellman Key Exchange

Abstract: In today’s world, providing data security is a primary concern. For this purpose, many researchers have introduced asymmetric and symmetric algorithms to ensure security. But they are not resistant to many attacks. In this paper, we combine symmetric and asymmetric techniques to provide more security. Advanced Encryption Standard algorithm is modified by generating Dynamic S-Boxes (DS-Boxes) to provide a better attack-resistant algorithm. In our approach, Diffie–Hellman is used to generate and exchange both keys and random numbers. These random numbers create DS-Boxes used in Modified AES. The proposed algorithm is resistant to timing attacks, linear, and differential cryptanalysis attacks due to the usage of DS-Boxes.

RSA and ECC universal, constant time modular inversion

Abstract: Modular inversion is a crucial operation for performance and security of the public key cryptography. Unfortunately its use cases in the most popular algorithms like ECC and RSA are a bit different. It makes development of universal system/ algorithm for both of them difficult. This paper presents results of the constant time modular inversion algorithm development process which achieves high level of security in context of Timing Attacks and Simple Power Analysis which are basic but serious danger for cryptographic implementations.

Time Insertion Functions

Abstract: Time insertion functions as a tool to guarantee security of processes with respect to timing attacks are discussed and studied. We work with a security property called opacity and we investigate how it can be enforced by such functions. The time insertion function can alter time behaviour of original system by inserting some time delays to guarantee its security. We investigate conditions under which such functions do exist and also some of their properties.

PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild

Abstract: Protocols for password-based authenticated key exchange (PAKE) allow two users sharing only a short, low-entropy password to establish a secure session with a cryptographically strong key. The challenge in designing such protocols is that they must resist offline dictionary attacks in which an attacker exhaustively enumerates the dictionary of likely passwords in an attempt to match the used password. In this paper, we study the resilience of one particular PAKE against these attacks. Indeed, we focus on the Secure Remote Password (SRP) protocol that was designed by T. Wu in 1998. Despite its lack of formal security proof, SRP has become a de-facto standard. For more than 20 years, many projects have turned towards SRP for their authentication solution, thanks to the availability of open-source implementations with no restrictive licenses. Of particular interest, we mention the Stanford reference implementation (in C and Java) and the OpenSSL one (in C). In this paper, we analyze the security of the SRP implementation inside the OpenSSL library. In particular, we identify that this implementation is vulnerable to offline dictionary attacks. Indeed, we exploit a call for a function computing modular exponentiation of big numbers in OpenSSL. In the SRP protocol, this function leads to the call of a non-constant time function, thereby leaking some information about the used password when leveraging cache-based Flush+Reload timing attack. Then, we show that our attack is practical, since it only requires one single trace, despite the noise of cache measurements. In addition, the attack is quite efficient as the reduction of some common dictionaries is very fast using modern resources at negligible cost. We also prove that the scope of our vulnerability is not only limited to OpenSSL, since many other projects, including Stanford's, ProtonMail and Apple Homekit, rely on OpenSSL, which makes them vulnerable. We find that our flaw might also impact projects written in Python, Erlang, JavaScript and Ruby, as long as they load the OpenSSL dynamic library for their big number operations. We disclosed our attack to OpenSSL who acknowledged the attack and timely fixed the vulnerability.

JAXED: Reverse Engineering DNN Architectures Leveraging JIT GEMM Libraries

Abstract: General matrix multiplication (GEMM) libraries on x86 architectures have recently adopted Just-in-time (JIT) based optimizations to dramatically reduce the execution time of small and medium-sized matrix multiplication. The exploitation of the latest CPU architectural extensions, such as the AVX2 and AVX-512 extensions, are the target for these optimizations. Although JIT compilers can provide impressive speedups to GEMM libraries, they expose a new attack surface through the built-in JIT code caches. These software-based caches allow an adversary to extract sensitive information through carefully designed timing attacks. The attack surface of such libraries has become more prominent due to their widespread integration into popular Machine Learning (ML) frameworks such as PyTorch and Tensorflow.In our paper, we present a novel attack strategy for JIT-compiled GEMM libraries called JAXED. We demonstrate how an adversary can exploit the GEMM library’s vulnerable state management to extract confidential CNN model hyperparameters. We show that using JAXED, one can successfully extract the hyperparameters of models with fully-connected layers with an average accuracy of 92%. Further, we demonstrate our attack against the final fully connected layer of 10 popular DNN models. Finally, we perform an end-to-end attack on MobileNetV2, on both the convolution and FC layers, successfully extracting model hyperparameters.

A Counter Measure to Prevent Timing-based Side-Channel Attack on FPGA

Abstract: FPGA stands for field-programmable gate array. An FPGA is an integrated circuit. A designer can program on FPGA to perform some logical operations. As FPGA is expanding at an exponential rate, threats associated with it are also increasing. A side-channel attack is a serious threat to FPGA. This paper shown how a timing-based side-channel attack can be performed. Further, the proposed research work has observed the run time of the RSA algorithm that can be implemented by using FPGA and shown how timing based side channel attack can be performed. Attackers calculate the run time of the algorithm that is dependent on the secret key and then extract the secret key. Also, the research work has shown how the cryptographic algorithm can be modified to prevent the attackers from performing the timing-based attack. In this paper, the run time of a cryptographic algorithm is calculated for a different set of messages and then by comparing those run times, the secret key is extracted. The algorithm can be modified in such a way that the run time of the algorithm for different set of inputs does not vary and hence the adversaries will be unable to execute the timing based side channel attack. The experimental results have shown that the FPGAs are very much vulnerable to timing-based side-channel attacks and that is why FPGAs should be designed in a way so that attackers cannot perform timing attacks. As the FPGA is gaining popularity security vulnerabilities that arises must be prevented. This motivates us to provide some method to prevent Timing based side channel attack.

Timing attacks and local timing attacks against Barrett’s modular multiplication algorithm

Abstract: Montgomery’s and Barrett’s modular multiplication algorithms are widely used in modular exponentiation algorithms, e.g. to compute RSA or ECC operations. While Montgomery’s multiplication algorithm has been studied extensively in the literature and many side-channel attacks have been detected, to our best knowledge no thorough analysis exists for Barrett’s multiplication algorithm. This article closes this gap. For both Montgomery’s and Barrett’s multiplication algorithm, differences of the execution times are caused by conditional integer subtractions, so-called extra reductions. Barrett’s multiplication algorithm allows even two extra reductions, and this feature increases the mathematical difficulties significantly. We formulate and analyse a two-dimensional Markov process, from which we deduce relevant stochastic properties of Barrett’s multiplication algorithm within modular exponentiation algorithms. This allows to transfer the timing attacks and local timing attacks (where a second side-channel attack exhibits the execution times of the particular modular squarings and multiplications) on Montgomery’s multiplication algorithm to attacks on Barrett’s algorithm. However, there are also differences. Barrett’s multiplication algorithm requires additional attack substeps, and the attack efficiency is much more sensitive to variations of the parameters. We treat timing attacks on RSA with CRT, on RSA without CRT, and on Diffie–Hellman, as well as local timing attacks against these algorithms in the presence of basis blinding. Experiments confirm our theoretical results.

Constructing Covert Channel on Intel CPU-iGPU platform

Abstract: Most modern multi-core CPUs are implemented in System-on-a-Chip (SoC), where CPU and integrated Graphics Processing Unit (iGPU) share physical memory and some microarchitectures iGPUs provide horsepower required by computeintensive tasks, taking off CPU’s heavy workload These tasks include rendering graphics, executing cryptographic or machine learning algorithms While iGPU utilization has been expanded to various fields, now covering security-sensitive applications as well, possible security threats that could follow has not received enough attention yet In this paper, we present a novel covert channel attack on heterogeneous processor platforms (CPU-iGPU) by using cache activity on LLC as a communication channel To successfully mount this attack, iGPU-side trojan finds LLC eviction set on Shared Virtual Memory (SVM), which will create contention on target cache line of CPU-side spy We successfully construct covert channel between a CPU process and an iGPU kernel, making it the first micro-architectural timing attack on Intel CPU-iGPU platform We also evaluate performance of the attack in terms of channel bandwidth and bit error rate

A Randomized Montgomery Powering Ladder Exponentiation for Side-Channel Attack Resilient RSA and Leakage Assessment

Abstract: This paper presents a randomized Montgomery Powering Ladder Modular Exponentiation (RMPLME) scheme for side channel attacks (SCA) resistant Rivest-Shamir-Adleman (RSA) and its leakage resilience analysis. This method randomizes the computation time of square-and-multiply operations for each exponent bit of the Montgomery Powering Ladder (MPL) based RSA exponentiation using various radices (Radix – 2, 22, and 24) based Montgomery Modular multipliers (MMM) randomly. The randomized computations of RMPLME generates non-uniform timing channels information and power traces thus protecting against SCA. In this work, we have developed and implemented a) an unmasked right-to-left Montgomery Modular Exponentiation (R-L MME), b) MPL exponentiation and c) the proposed RMPLME schemes for RSA decryption. All the three realizations have been assessed for side channel leakage using Welch’s t-test and analyzed for secured realizations based on degree of side channel information leakage. RMPLME scheme shows the least side-channel leakage and resilient against SPA, DPA, C-Safe Error, CPA and Timing Attacks.

Detecting Timing Attack on PMU Data utilizing Unwrapped Phase Angle and Low-Rank Henkel Matrix Properties.

Abstract: Introduction of PMUs to cyber-physical system pro-vides accurate data acquisition, while posing additional risk of being the victim of cyber attack. Both False Data Injection Attack (FDIA) and GPS-spoofing or timing attack can provide malicious data to the cyber system, though these two attacks require different post-attack contingency plan. Thus accurate detection of timing attack and separating it from conventional FDIA has become a very important research area. In this article, a successful detection of timing attack mechanism is proposed. Firstly, a method to distinguish timing attack and FDIA using unwrapped phase angle data is developed. Secondly, utilizing low rank Henkel matrix property to differentiate timing attack from electrical events is also presented. Finally, an experimental validation of proposed model is performed on IEEE 13 bus system using simulated GPS-spoofing attack. It can be observed that the timing attack can increase the rank 1 approximation error of Henkel matrix of unwrapped angles by 700% for 3 sec delay in GPS time-stamp. The rank 1 approximation error is increased by 500% for 2 sec delay and the increase is insignificant for 1sec delay attack. FDIA doesn't show any significant change in the low rank approximation profile of Henkel matrix.

Déjà vu: Abusing Browser Cache Headers to Identify and Track Online Users

Abstract: Many browser cache attacks have been proposed in the literature to sniff the user's browsing history. All of them rely on specific time measurements to infer if a resource is in the cache or not. Unlike the state-of-the-art, this paper reports on a novel cache-based attack that is not a timing attack but that abuses the HTTP cache-control and expires headers to extract the exact date and time when a resource was cached by the browser. The privacy implications are serious as this information can not only be utilized to detect if a website was visited by the user but it can also help build a timeline of the user's visits. This goes beyond traditional history sniffing attacks as we can observe patterns of visit and model user's behavior on the web. To evaluate the impact of our attack, we tested it on all major browsers and found that all of them, except the ones based on WebKit, are vulnerable to it. Since our attack requires specific HTTP headers to be present, we also crawled the Tranco Top 100K websites and identified 12,970 of them can be detected with our approach. Among them, 1,910 deliver resources that have expiry dates greater than 100 days, enabling long-term user tracking. Finally, we discuss possible defenses at both the browser and standard levels to prevent users from being tracked.