Periodic Reporting for period 4 - SCARE (Side-Channel Aware Engineering)
Período documentado: 2023-06-01 hasta 2023-11-30
Side-Channel Analysis (SCA) is an offensive security technique that targets secrets in the implementation of security-critical devices. SCA leverages leakage through side channels to recover system or algorithm states that should critically remain secret. Examples of existing side-channels include power consumption, electro-magnetic radiation, timing, and acoustic emanations. At a high level, "SCARE: Side-Channel Aware Engineering" discovers new side-channels, utilizes them to develop attacks on real-world devices and protocols, and mitigates the attacks with a regression testing approach. The first objective of SCARE concerns next-generation side-channels. SCARE research is foundational in the goal of discovering new sources of leakage, leading to novel covert channel classes that build a foundation for new types of SCA. The second objective of SCARE concerns side-channel security assurance—it provides side-channel security as part of the development lifecycle. SCARE secures devices and systems that are deployed in the real world to maximize societal impact. This approach ensures that the scientific results of SCARE have a distinct, immediate application, inspired by the implementation characteristics that are the foundation of SCA.
The SCARE Project accomplished its objective of advancing the comprehension of side-channel attacks and vulnerabilities in contemporary computer systems. The project, which was divided into three distinct Work Packages (WP), not only increased our understanding of extant and emerging side-channel leakage, but also investigated the exploitability of these channels and developed countermeasures for them. The important results, such as the discovery of the PortSmash technique, the vulnerability analysis of Mozilla's NSS library, and the creation of the Triggerflow tool, have significantly advanced the field. We discovered Common Vulnerabilities and Exposures (CVE) span multiple vendors of security-critical real-world products. They also serve as a foundation for future research while actively enhancing the security of extensively used open-source software.
We discovered PortSmash (CVE-2018-5407), a novel microarchitecture SCA technique exploiting port contention in architectures featuring Simultaneous Multi-Threading (SMT). PortSmash constructs a high-resolution timing side channel based on port contention by utilizing SMT execution engine sharing as a source of side-channel leakage. This method is inherently covert because it is not dependent on the memory subsystem.
Outside of research articles, the PortSmash attack attracted considerable public interest.
Intel noted "On November 2nd, researchers from Tampere University of Technology in Finland and Technical University of Havana, Cuba published details and a proof of concept exploit they called PortSmash.”
https://www.intel.com/content/www/us/en/developer/articles/news/more-information-portsmash.html
The attack code is available on GitHub; it has 468 stars and 66 forks.
https://github.com/bbbrumley/portsmash
News magazines published stories, i.e. “The new attack method -- named PortSmash -- was discovered by the team of Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan and Nicola Tuveri, based at the Tampere University of Technology in Finland, and Alejandro Cabrera Aldaya of the Universidad Tecnológica de la Habana CUJAE in Cuba.”
https://www.techtarget.com/searchsecurity/news/252452053/PortSmash-side-channel-attack-targets-Intel-Hyper-Threading
The analysis of Mozilla's NSS library represents a significant achievement.
CVE-2020-12401: Timing-attack on ECDSA signature generation. During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data.
CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation. When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used, which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.
CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion. When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack.
CVE-2020-12399: Timing attack on DSA signatures in the NSS library. NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.
CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack. During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm, which entailed a significantly input-dependent flow. This allowed an attacker to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.
Our primary contribution to this work package is Triggerflow, a dynamic utility designed to track software application execution paths. Triggerflow employs debugger analysis to evaluate the binary code dynamically, aided by source annotations. It's a versatile tool initially created for regression testing in software development as part of Continuous Integration (CI) procedures. Triggerflow was applied to the OpenSSL open-source software project, enabling automated testing to verify that the control flow at runtime adheres to the specified parameters.
We discovered PortSmash (CVE-2018-5407), a novel microarchitecture SCA technique exploiting port contention in architectures featuring Simultaneous Multi-Threading (SMT). PortSmash constructs a high-resolution timing side channel based on port contention by utilizing SMT execution engine sharing as a source of side-channel leakage. This method is inherently covert because it is not dependent on the memory subsystem.
Outside of research articles, the PortSmash attack attracted considerable public interest.
Intel noted "On November 2nd, researchers from Tampere University of Technology in Finland and Technical University of Havana, Cuba published details and a proof of concept exploit they called PortSmash.”
https://www.intel.com/content/www/us/en/developer/articles/news/more-information-portsmash.html
The attack code is available on GitHub; it has 468 stars and 66 forks.
https://github.com/bbbrumley/portsmash
News magazines published stories, i.e. “The new attack method -- named PortSmash -- was discovered by the team of Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan and Nicola Tuveri, based at the Tampere University of Technology in Finland, and Alejandro Cabrera Aldaya of the Universidad Tecnológica de la Habana CUJAE in Cuba.”
https://www.techtarget.com/searchsecurity/news/252452053/PortSmash-side-channel-attack-targets-Intel-Hyper-Threading
The analysis of Mozilla's NSS library represents a significant achievement.
CVE-2020-12401: Timing-attack on ECDSA signature generation. During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data.
CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation. When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used, which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.
CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion. When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack.
CVE-2020-12399: Timing attack on DSA signatures in the NSS library. NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.
CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack. During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm, which entailed a significantly input-dependent flow. This allowed an attacker to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.
Our primary contribution to this work package is Triggerflow, a dynamic utility designed to track software application execution paths. Triggerflow employs debugger analysis to evaluate the binary code dynamically, aided by source annotations. It's a versatile tool initially created for regression testing in software development as part of Continuous Integration (CI) procedures. Triggerflow was applied to the OpenSSL open-source software project, enabling automated testing to verify that the control flow at runtime adheres to the specified parameters.
The SCARE methodology will continue to be utilized by the research and industry sectors. It will continue to offer new leakage sources in security-critical software and hardware implementations, develop methods to exploit the leakage at the system or protocol level, and expand our testing frameworks to automatically detect and prevent leakage as part of the product life cycle. We have published our research in the leading security venues, and this research is cited as foundational work in SCA.
Triggerflow is an execution path tracking tool. Originally developed for dynamic analysis of software for SCA vulnerabilities, it is a development tool automating the debugger to allow contextual inspection of breakpoints, with false positive considerations to facilitate automated regression testing. Additionally for OpenSSL, we have a Continuous Integration system powered by Triggerflow, watching for known execution paths vulnerable to SCA. We also submitted two security-related PRs based on the results, now merged in OpenSSL.
We discovered PortSmash (CVE-2018-5407), a novel microarchitecture SCA technique exploiting port contention in architectures featuring Simultaneous Multi-Threading (SMT). We applied PortSmash to steal the private key of an OpenSSL-linked TLS server. We also produced a proof-of-concept artifact, demonstrating PortSmash in action against a vulnerable OpenSSL version performing non-constant-time scalar multiplications. We backported the security fix to OpenSSL, now merged.
Triggerflow is an execution path tracking tool. Originally developed for dynamic analysis of software for SCA vulnerabilities, it is a development tool automating the debugger to allow contextual inspection of breakpoints, with false positive considerations to facilitate automated regression testing. Additionally for OpenSSL, we have a Continuous Integration system powered by Triggerflow, watching for known execution paths vulnerable to SCA. We also submitted two security-related PRs based on the results, now merged in OpenSSL.
We discovered PortSmash (CVE-2018-5407), a novel microarchitecture SCA technique exploiting port contention in architectures featuring Simultaneous Multi-Threading (SMT). We applied PortSmash to steal the private key of an OpenSSL-linked TLS server. We also produced a proof-of-concept artifact, demonstrating PortSmash in action against a vulnerable OpenSSL version performing non-constant-time scalar multiplications. We backported the security fix to OpenSSL, now merged.