### Jolt: Recovering TLS Signing Keys via Rowhammer Faults

##### Abstract

Digital Signature Schemes such as DSA, ECDSA, and RSA are widely deployed to protect the integrity of security protocols such as TLS, SSH, and IPSec. In TLS, for instance, RSA and (EC)DSA are used to sign the state of the agreed upon protocol parameters during the handshake phase. Naturally, RSA and (EC)DSA implementations have become the target of numerous attacks, including powerful side-channel attacks. Hence, cryptographic libraries were patched repeatedly over the years. Here we introduce Jolt, a novel attack targeting signature scheme implementations. Our attack exploits faulty signatures gained by injecting faults during signature generation. By using the signature verification primitive, we correct faulty signatures and, in the process deduce bits of the secret signing key. Compared to recent attacks that exploit single bit biases in the nonce that require $2^{45}$ signatures, our attack requires less than a thousand faulty signatures for a $256$-bit (EC)DSA. The performance improvement is due to the fact that our attack targets the secret signing key, which does not change across signing sessions. We show that the proposed attack also works on Schnorr and RSA signatures with minor modifications. We demonstrate the viability of Jolt by running experiments targeting TLS handshakes in common cryptographic libraries such as WolfSSL, OpenSSL, Microsoft SymCrypt, LibreSSL, and Amazon s2n. On our target platform, the online phase takes less than 2 hours to recover $192$ bits of a $256$-bit ECDSA key, which is sufficient for full key recovery. We note that while RSA signatures are protected in popular cryptographic libraries, OpenSSL remains vulnerable to double fault injection. We have also reviewed their FIPS hardened versions which is slightly less efficient but still vulnerable to our attack. We found that (EC)DSA signatures remain largely unprotected against software-only faults, posing a threat to real-life deployments such as TLS, and potentially other security protocols such as SSH and IPSec. This highlights the need for a thorough review and implementation of faults checking in security protocol implementations.

Available format(s)
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
TLS attack signature correction attack Rowhammer attack fault attacks microarchitectural attacks
Contact author(s)
kmus @ wpi edu
ydoroz @ wpi edu
mtol @ wpi edu
krahman @ wpi edu
sunar @ wpi edu
History
2022-12-02: approved
See all versions
Short URL
https://ia.cr/2022/1669

CC BY

BibTeX

@misc{cryptoeprint:2022/1669,
author = {Koksal Mus and Yarkın Doröz and M. Caner Tol and Kristi Rahman and Berk Sunar},
title = {Jolt: Recovering TLS Signing Keys via Rowhammer Faults},
howpublished = {Cryptology ePrint Archive, Paper 2022/1669},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/1669}},
url = {https://eprint.iacr.org/2022/1669}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.