Constructing Sliding Windows Leak from Noisy Cache Timing Information of OSS-RSA

Rei Ueno; Junko Takahashi; Yu-Ichi Hayashi; Naofumi Homma

doi:10.29007/ws8z

Download PDF Open PDF in browser

Constructing Sliding Windows Leak from Noisy Cache Timing Information of OSS-RSA

14 pages•Published: September 6, 2019

Rei Ueno, Junko Takahashi, Yu-Ichi Hayashi and Naofumi Homma

Abstract

This paper presents a method for constructing an operation sequence of sliding window exponentiation from the noisy cache information of RSA, which can be used for a cache attack using sliding window's leak (SWL). SWL, which was reported in CHES 2017, is a kind of cache side-channel leak of a sequence of operations (i.e., multiplication and squaring) from software RSA decryption using the sliding window method for modular exponentiation. It was shown that an SWL attack can retrieve the secret keys of 1,024-bit and 2,048-bit RSA with non-negligible probability if the SWL is correctly captured. How- ever, in practice, it is not always possible for an attacker to acquire a complete and correct operation sequence from cache information observation. In addition, no concrete method for deriving a fully correct operation sequence from a partially acquired operation sequence as been reported in literature. In this paper, we first show that the capture errors in an operation sequence can be evaluated based on the Levenshtein distance between correct and estimated sequences. The dynamic time warping (DTW) algorithm is employed for quantitative evaluation. Then, we present a method of accurately estimating a complete and correct operation sequence from noisy sequences obtained through multiple observations. The basic idea of the proposed method and DTW-based evaluation is to divide the acquired operation sequence into short subsequences referred to as "operation patterns." Furthermore, we show the effectiveness of the proposed method through a set of experiments performed using RSA software in Libgcrypt, which is one of the most common open source software in cryptography.

Keyphrases: cache (or micro-architectural) attack, Flush+Reload, RSA, sliding window

In: Karine Heydemann, Ulrich Kühne and Letitia Li (editors). Proceedings of 8th International Workshop on Security Proofs for Embedded Systems, vol 11, pages 64--77

Links:	https://easychair.org/publications/paper/fBNC
	https://doi.org/10.29007/ws8z

BibTeX entry

@inproceedings{PROOFS2019:Constructing_Sliding_Windows_Leak,
  author    = {Rei Ueno and Junko Takahashi and Yu-Ichi Hayashi and Naofumi Homma},
  title     = {Constructing Sliding Windows Leak from Noisy Cache Timing Information of OSS-RSA},
  booktitle = {Proceedings of 8th International Workshop on Security Proofs for Embedded Systems},
  editor    = {Karine Heydemann and Ulrich K\textbackslash{}"uhne and Letitia Li},
  series    = {Kalpa Publications in Computing},
  volume    = {11},
  pages     = {64--77},
  year      = {2019},
  publisher = {EasyChair},
  bibsource = {EasyChair, https://easychair.org},
  issn      = {2515-1762},
  url       = {https://easychair.org/publications/paper/fBNC},
  doi       = {10.29007/ws8z}}

Download PDF Open PDF in browser