Paper 2015/621

Who watches the watchmen? : Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms

Sarani Bhattacharya and Debdeep Mukhopadhyay

Abstract

Asymmetric-key cryptographic algorithms when implemented on systems with branch predictors, are subjected to side-channel attacks exploiting the deterministic branch predictor behavior due to their key-dependent input sequences. We show that branch predictors can also leak information through the hardware performance monitors which are accessible by an adversary at the user-privilege level. This paper presents an iterative attack which target the key-bits of 1024 bit RSA, where in offline phase, the system’s underlying branch predictor is approximated by a theoretical predictor in literature. Subsimulations are performed to classify the message-space into distinct partitions based on the event branch misprediction and the target key bit value. In online phase, we ascertain the secret key bit using branch mispredictions obtained from the hardware performance monitors which reflect the information of branch miss due to the underlying predictor hardware. We theoretically prove that the probability of success of the attack is equivalent to the accurate modelling of the theoretical predictor to the underlying system predictor. Experimentations reveal that the success-rate increases with message-count and reaches such a significant value so as to consider side-channel from the performance counters as a real threat to RSA-like ciphers due to the underlying branch predictors and needs to be considered for developing secured-systems.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A minor revision of an IACR publication in CHES 2015
Keywords
Branch mispredictionHPCpublic-key cipherside-channel.
Contact author(s)
tinni1989 @ gmail com
History
2015-06-30: received
Short URL
https://ia.cr/2015/621
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/621,
      author = {Sarani Bhattacharya and Debdeep Mukhopadhyay},
      title = {Who watches the watchmen? : Utilizing Performance Monitors for Compromising keys of {RSA} on Intel Platforms},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/621},
      year = {2015},
      url = {https://eprint.iacr.org/2015/621}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.