A complete key recovery timing attack on a GPU

Timing attack is the type of side-channel attack involves the time taken to complete critical operations. Securing crypto processor from timing attack is critical issue. This paper implements the Bernstein’s Timing Attack and timing attack based on hamming weight. The countermeasures of Bernstein’s Timing attack are implemented in our experimental test bed and their performance is compared. This paper also proposes the key recovery method based on timing attack using hamming weight of the key.

Download Full-text

One Bit is All It Takes: A Devastating Timing Attack on BLISS’s Non-Constant Time Sign Flips

Journal of Mathematical Cryptology ◽

10.1515/jmc-2020-0079 ◽

2020 ◽

Vol 15 (1) ◽

pp. 131-142

Author(s):

Mehdi Tibouchi ◽

Alexandre Wallet

Keyword(s):

Likelihood Estimation ◽

Constant Time ◽

Side Channel ◽

Key Recovery ◽

Signature Generation ◽

Fisher Information Metric ◽

Timing Attack ◽

Information Metric ◽

Key Recovery Attack ◽

Cache Attacks

AbstractAs one of the most efficient lattice-based signature schemes, and one of the only ones to have seen deployment beyond an academic setting (e.g., as part of the VPN software suite strongSwan), BLISS has attracted a significant amount of attention in terms of its implementation security, and side-channel vulnerabilities of several parts of its signing algorithm have been identified in previous works. In this paper, we present an even simpler timing attack against it. The bimodal Gaussian distribution that BLISS is named after is achieved using a random sign flip during signature generation, and neither the original implementation of BLISS nor strongSwan ensure that this sign flip is carried out in constant time. It is therefore possible to recover the corresponding sign through side-channel leakage (using, e.g., cache attacks or branch tracing). We show that obtaining this single bit of leakage (for a moderate number of signatures) is in fact sufficient for a full key recovery attack. The recovery is carried out using a maximum likelihood estimation on the space of parameters, which can be seen as a statistical manifold. The analysis of the attack thus reduces to the computation of the Fisher information metric.

Download Full-text

Trident: A Hybrid Correlation-Collision GPU Cache Timing Attack for AES Key Recovery

2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA) ◽

10.1109/hpca51647.2021.00036 ◽

2021 ◽

Author(s):

Jaeguk Ahn ◽

Cheolgyu Jin ◽

Jiho Kim ◽

Minsoo Rhu ◽

Yunsi Fei ◽

...

Keyword(s):

Key Recovery ◽

Timing Attack

Download Full-text

Cache-Timing Attacks on RSA Key Generation

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2019.i4.213-242 ◽

2019 ◽

pp. 213-242 ◽

Cited By ~ 1

Author(s):

Alejandro Cabrera Aldaya ◽

Cesar Pereida García ◽

Luis Manuel Alvarez Tapia ◽

Billy Bob Brumley

Keyword(s):

Constant Time ◽

Key Generation ◽

Limited Information ◽

Key Recovery ◽

Lattice Problem ◽

Timing Attack ◽

Problem Instances ◽

Single Trace ◽

Bulk Processing ◽

Trace Cache

During the last decade, constant-time cryptographic software has quickly transitioned from an academic construct to a concrete security requirement for real-world libraries. Most of OpenSSL’s constant-time code paths are driven by cryptosystem implementations enabling a dedicated flag at runtime. This process is perilous, with several examples emerging in the past few years of the flag either not being set or software defects directly mishandling the flag. In this work, we propose a methodology to analyze security-critical software for side-channel insecure code path traversal. Applying our methodology to OpenSSL, we identify three new code paths during RSA key generation that potentially leak critical algorithm state. Exploiting one of these leaks, we design, implement, and mount a single trace cache-timing attack on the GCD computation step. We overcome several hurdles in the process, including but not limited to: (1) granularity issues due to word-size operands to the GCD function; (2) bulk processing of desynchronized trace data; (3) non-trivial error rate during information extraction; and (4) limited high-confidence information on the modulus factors. Formulating lattice problem instances after obtaining and processing this limited information, our attack achieves roughly a 27% success rate for key recovery using the empirical data from 10K trials.

Download Full-text

Key Recovery Attacks on Multivariate Public Key Cryptosystems Derived from Quadratic Forms over an Extension Field

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e100.a.18 ◽

2017 ◽

Vol E100.A (1) ◽

pp. 18-25 ◽

Cited By ~ 3

Author(s):

Yasufumi HASHIMOTO

Keyword(s):

Quadratic Forms ◽

Public Key ◽

Extension Field ◽

Key Recovery ◽

Public Key Cryptosystems ◽

Multivariate Public Key ◽

Key Recovery Attacks

Download Full-text

Impact of water scarcity on dryland sheep meat production and quality: Key recovery and resilience strategies

Journal of Arid Environments ◽

10.1016/j.jaridenv.2021.104511 ◽

2021 ◽

Vol 190 ◽

pp. 104511

Author(s):

Obert C. Chikwanha ◽

Sandra Mupfiga ◽

Bosede R. Olagbegi ◽

Chenaimoyo L.F. Katiyatiya ◽

Annelin H. Molotsi ◽

...

Keyword(s):

Water Scarcity ◽

Meat Production ◽

Key Recovery ◽

Sheep Meat

Download Full-text

Secure Encapsulation Schemes Using Key Recovery System in IoMT Environments

Sensors ◽

10.3390/s21103474 ◽

2021 ◽

Vol 21 (10) ◽

pp. 3474

Author(s):

Taehoon Kim ◽

Wonbin Kim ◽

Daehee Seo ◽

Imyeong Lee

Keyword(s):

Internet Of Things ◽

Diagnosis And Treatment ◽

Key Recovery ◽

Collusion Attacks ◽

Malicious User ◽

Systems Security ◽

Recovery System ◽

Multi Agent ◽

Internet Of Medical Things ◽

Gain Access

Recently, as Internet of Things systems have been introduced to facilitate diagnosis and treatment in healthcare and medical environments, there are many issues concerning threats to these systems’ security. For instance, if a key used for encryption is lost or corrupted, then ciphertexts produced with this key cannot be decrypted any more. Hence, this paper presents two schemes for key recovery systems that can recover the lost or the corrupted keys of an Internet of Medical Things. In our proposal, when the key used for the ciphertext is needed, this key is obtained from a Key Recovery Field present in the cyphertext. Thus, the recovered key will allow decrypting the ciphertext. However, there are threats to this proposal, including the case of the Key Recovery Field being forged or altered by a malicious user and the possibility of collusion among participating entities (Medical Institution, Key Recovery Auditor, and Key Recovery Center) which can interpret the Key Recovery Field and abuse their authority to gain access to the data. To prevent these threats, two schemes are proposed. The first one enhances the security of a multi-agent key recovery system by providing the Key Recovery Field with efficient integrity and non-repudiation functions, and the second one provides a proxy re-encryption function resistant to collusion attacks against the key recovery system.

Download Full-text