Paper 2015/1141

Amplifying Side Channels Through Performance Degradation

Thomas Allan, Billy Bob Brumley, Katrina Falkner, Joop van de Pol, and Yuval Yarom

Abstract

Interference between processes executing on shared hardware can be used to mount performance-degradation attacks. However, in most cases, such attacks offer little benefit for the adversary. In this paper, we demonstrate that software-based performance-degradation attacks can be used to amplify side-channel leaks, enabling the adversary to increase both the amount and the quality of information captured. We identify a new information leak in the OpenSSL implementation of the ECDSA digital signature algorithm, albeit seemingly unexploitable due to the limited granularity of previous trace procurement techniques. To overcome this imposing hurdle, we combine the information leak with a microarchitectural performance=degradation attack that can slow victims down by a factor of over 150. We demonstrate how this combination enables the amplification of a side-channel sufficiently to exploit this new information leak. Using the combined attack, an adversary can break a private key of the secp256k1 curve, used in the Bitcoin protocol, after observing only 6 signatures—a four-fold improvement over all previously described attacks.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. ACSAC 2016
Keywords
cryptanalysisside-channelECDSA
Contact author(s)
yval @ cs adelaide edu au
History
2016-09-24: revised
2015-11-26: received
See all versions
Short URL
https://ia.cr/2015/1141
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/1141,
      author = {Thomas Allan and Billy Bob Brumley and Katrina Falkner and Joop van de Pol and Yuval Yarom},
      title = {Amplifying Side Channels Through Performance Degradation},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1141},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/1141}},
      url = {https://eprint.iacr.org/2015/1141}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.