Our results show the feasibility of compromising current RSA implementations such as OpenSSL. After we shared our result with OpenSSL development team, they included a patch into the stable branch (), which allows users to compile an OpenSSL version that is resistent against our attack (). In particular, this patch will affect the upcoming version of 0.9.8f. We also contacted the US CERT who informed software vendors. The US CERT assigned the vulnerability explained in this paper CVE name CVE-2007-3108 and CERT vulnerability number VU#724968, and they issued a vulnerability note ([47â€“49]). We point out that this publication appeared in accordance with the OpenSSL development team.
Several countermeasures have been developed and employed in widely used cryptographic libraries like OpenSSL to mitigate such side-channel analysis threats. However the current implementations still do not provide sufficient protection against MicroArchitectural Analysis, despite of all the sophisticated mitigation techniques employed in these implementations. In this paper, we will show that one can completely break the RSA implementation of the current OpenSSL version (v.0.9.8e) even if the most secure configuration, including all of the countermeasures against side-channel and MicroArchitectural analysis, is in place. We have only analyzed OpenSSL, thus we currently do not know the strength of other cryptographic libraries. Other libraries and software products need to be thoroughly analyzed and appropriately modified if it is necessary. At least, developers of the current software applications that rely on OpenSSL RSA implementation need to update their products based on the recent OpenSSL changes. Our results indicate that MicroArchitectural Analysis threatens at least 60% of the internet traffic worldwide and the current systems should be analyzed thoroughly to evaluate their overall strength against MicroArchitectural Analysis (). We will eventually discuss appropriate countermeasures that must be employed in security systems.
Category / Keywords: public-key cryptography / RSA, Montgomery Multiplication, MicroArchitectural Analysis, Instruction-Cache Attack, Branch Prediction Attack, Timing Analysis, Side Channel Analysis, Stochastic Process Date: received 26 Aug 2007, last revised 26 Aug 2007 Contact author: onur aciicmez at gmail com Available format(s): PDF | BibTeX Citation Version: 20070828:160926 (All versions of this report) Short URL: ia.cr/2007/336 Discussion forum: Show discussion | Start new discussion