*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Making Crypto Libraries Robust Against Physical Side-Channel Attacks
Monjur Alam
Ph.D. Candidate in Computer Science
School of Computer Science
College of Computing
Georgia Institute of Technology
Date: Friday, September 6, 2019
Time: 13:00 - 15:00 (EST)
Location: Klaus 3100
Committee:
Dr. Milos Prvulovic (Advisor), School of Computer Science, Georgia Institute of Technology
Dr. Alenka Zajic(Co-advisor), School of Computer Science, Georgia Institute of Technology
Dr. Alexandra Boldyreva, School of Computer Science, Georgia Institute of Technology
Dr. Raheem Beyah, School of Computer Science, Georgia Institute of Technology
Dr. Angelos Keromytis, School of Electrical and Computer Engineering, Georgia Institute of Technology
Abstract:
The connection between theoretical and applied cryptography is often not well established due to difficulties in translating the theoretical security proofs to real world software and hardware implementations. Physical side-channel cryptanalysis is a very effective approach to break a secure cryptographic system. Most side-channel attacks on cryptographic primitives and implementations rely on different control flow or memory access patterns. As a countermeasure, the cryptographic community has established the notion of constant time program code which avoids secret-dependent control flow and data access patterns.
This thesis focuses on detailing a set of new techniques to exploit widely used open sources for software implementations of cryptographic primitives. First, we present One&Done, a side-channel attack that is based on the analysis of signals that correspond to the brief computation activity that computes the value of each window during exponentiation, i.e. activity between large-integer multiplications. As the attack is message-independent, it makes the attack completely immune to existing countermeasures that focus on thwarting chosen-ciphertext attacks and/or square/multiply sequence analysis. Second, we present Nonce@Once, the first side-channel attack that recovers the secret scalar from the electromagnetic signal that corresponds to a single signing operation in current versions of Libgcrypt, OpenSSL. Our attack uses the signal differences created by systematic differences in operand values during a conditional swap operation itself to recover each bit of the secret. We also propose a mitigation that randomizes the exclusive-or mask in the conditional swap operation, is effective in preventing this and similar attacks. Next, we present a physical side-channel attack on DSA implementation, which utilizes constant-time fixed-window (m-ary) modular exponentiation. We demonstrated different implementation aspects and their effects as countermeasures which embrace the importance of re-thinking before designing and implementing PKC, in general. Lastly, We present the security issues on NAF based OpenSSL's ECDSA implementation.
