Jolt: Recovering TLS Signing Keys via Rowhammer Faults

Koksal Mus; Yarkın Doröz; M. Caner Tol; Kristi Rahman; Berk Sunar

Paper 2022/1669

Jolt: Recovering TLS Signing Keys via Rowhammer Faults

Koksal Mus

, Worcester Polytechnic Institute

Yarkın Doröz, Worcester Polytechnic Institute

M. Caner Tol

, Worcester Polytechnic Institute

Kristi Rahman, Worcester Polytechnic Institute

Berk Sunar, Worcester Polytechnic Institute

Abstract

Digital Signature Schemes such as DSA, ECDSA, and RSA are widely deployed to protect the integrity of security protocols such as TLS, SSH, and IPSec. In TLS, for instance, RSA and (EC)DSA are used to sign the state of the agreed upon protocol parameters during the handshake phase. Naturally, RSA and (EC)DSA implementations have become the target of numerous attacks, including powerful side-channel attacks. Hence, cryptographic libraries were patched repeatedly over the years. Here we introduce Jolt, a novel attack targeting signature scheme implementations. Our attack exploits faulty signatures gained by injecting faults during signature generation. By using the signature verification primitive, we correct faulty signatures and, in the process deduce bits of the secret signing key. Compared to recent attacks that exploit single bit biases in the nonce that require $2^{45}$ signatures, our attack requires less than a thousand faulty signatures for a $256$-bit (EC)DSA. The performance improvement is due to the fact that our attack targets the secret signing key, which does not change across signing sessions. We show that the proposed attack also works on Schnorr and RSA signatures with minor modifications. We demonstrate the viability of Jolt by running experiments targeting TLS handshakes in common cryptographic libraries such as WolfSSL, OpenSSL, Microsoft SymCrypt, LibreSSL, and Amazon s2n. On our target platform, the online phase takes less than 2 hours to recover $192$ bits of a $256$-bit ECDSA key, which is sufficient for full key recovery. We note that while RSA signatures are protected in popular cryptographic libraries, OpenSSL remains vulnerable to double fault injection. We have also reviewed their Federal Information Processing Standard (FIPS) hardened versions which are slightly less efficient but still vulnerable to our attack. We found that (EC)DSA signatures remain largely unprotected against software-only faults, posing a threat to real-life deployments such as TLS, and potentially other security protocols such as SSH and IPSec. This highlights the need for a thorough review and implementation of faults checking in security protocol implementations.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. IEEE Symposium on Security and Privacy 2023
Keywords: TLS attack signature correction attack Rowhammer attack fault attacks microarchitectural attacks
Contact author(s): kmus @ wpi edu
ydoroz @ wpi edu
mtol @ wpi edu
krahman @ wpi edu
sunar @ wpi edu
History: 2023-04-13: revised; 2022-11-30: received; See all versions
Short URL: https://ia.cr/2022/1669
License: CC BY

BibTeX

@misc{cryptoeprint:2022/1669,
      author = {Koksal Mus and Yarkın Doröz and M. Caner Tol and Kristi Rahman and Berk Sunar},
      title = {Jolt: Recovering {TLS} Signing Keys via Rowhammer Faults},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1669},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1669}
}