Vahemälu ajastuse tehnikad: DSA algoritmi rakendus
Date
2016
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Külgkanali informatsioon on igat tüüpi info, mis lekib andmeid töötleva süsteemi füüsiliste eripärade tõttu. Vahemälu on üks võimalik külgkanal, kust \n\rvõib lekkida andmeid täidetava protsessi kohta, muuhulgas võivad lekked võimaldada salajase informatsiooni taastamist. Vahemälu külgkanali ründed on tõsine oht krüptograafiliste primitiivide teostuses, eriti kui vead esinevad jagatud teekides. \n\rKäesolev töö tutvustab mõningaid sagedaselt kasutatavaid vahemälu ajastuse ründeid. Muuhulgas demonstreerib töö DSA algoritmi teostuse nõrkust OpenSSL teegis. Vahemälu ajastuse rünne on suunatud DSA algoritmi libiseva aknaga astendamise algoritmi vastu. Lisaks näidatakse, kuidas seda rünnet laiemalt kasutada erinevate protokollide vastu, mis DSA algoritmi vajavad. SSH ja TLS-i ründed võimaldavad taastada kasutatud võtmeid. \n\rOn vaja 260 SSH-2 kätlust, et saada teada 1024/160-bitine DSA võti OpenSSH serverist ning 580 TLS 1.2 kätlust, et ekstraheerida 2048/256-bitiseid DSA võtmeid stunnel serverist.
Side-channel information is any type of information leaked through unexpected \n\rchannels due to physical features of a system dealing with data. \n\rThe memory cache can be used as a side-channel, leakage and exploitation of \n\rside-channel information from the executing processes is possible, leading to the recovery of secret information. \n\rCache-based side-channel attacks represent a serious threat to implementations \n\rof several cryptographic primitives, especially in shared libraries. \n\rThis work explains some of the cache-timing techniques commonly used \n\rto exploit vulnerable software. Using a particular combination of techniques and exploiting a vulnerability found in the implementation of the DSA signature scheme in the OpenSSL shared library, a cache-timing attack is performed against the DSA's sliding window exponentiation algorithm.\n\rMoreover, the attack is expanded to show that it is possible to perform cache-timing attacks against protocols relying on the DSA signature scheme. SSH and TLS are attacked, leading to a key-recovery attack:\n\r260 SSH-2 handshakes to extract a 1024/160-bit DSA hostkey from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server.
Side-channel information is any type of information leaked through unexpected \n\rchannels due to physical features of a system dealing with data. \n\rThe memory cache can be used as a side-channel, leakage and exploitation of \n\rside-channel information from the executing processes is possible, leading to the recovery of secret information. \n\rCache-based side-channel attacks represent a serious threat to implementations \n\rof several cryptographic primitives, especially in shared libraries. \n\rThis work explains some of the cache-timing techniques commonly used \n\rto exploit vulnerable software. Using a particular combination of techniques and exploiting a vulnerability found in the implementation of the DSA signature scheme in the OpenSSL shared library, a cache-timing attack is performed against the DSA's sliding window exponentiation algorithm.\n\rMoreover, the attack is expanded to show that it is possible to perform cache-timing attacks against protocols relying on the DSA signature scheme. SSH and TLS are attacked, leading to a key-recovery attack:\n\r260 SSH-2 handshakes to extract a 1024/160-bit DSA hostkey from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server.