Torturing OpenSSL
Todd Austin
University of Michigan with Andrea Pellegrini, William Arthur and Valeria Bertacco
(Based on Valeria’s BlackHat 2012 Presentation)

Understanding Side Channel Attacks

Systems leak info about internal computation
•
E.g., safes can be cracked by carefully listening to the tumblers

Clever attackers can utilize leaked info to grain secrets
•
Generally not directly
•
Use statistical methods over time

Attacks implementation, rather than algorithm
2

Fault-Based Attack of RSA
Correct behavior:
•
Server challenge:
Private Key
(d,n) s = m d mod n
•
Client verifies: s m = s e
Tactical advantage: We have years mod n m
Private Key
(d,n) m
Faulty Server: ŝ != m d mod n
Public Key
(e,n) m
Public Key
(e,n) ŝ
3

Injecting Faults in RSA Authentication
Making hardware fail:

Lower voltage causes signals to slow down, thus missing the deadline imposed by the system clock

High temperatures increase signal propagation delays

Over-clocking shortens the allowed time for traversing the logic cloud

Charged particles cause internal signals to change value, causing errors
4

Wanted: Single-Bit Errors in Multiplication
A corrupted signature leaks data if only one multiplication is corrupted by a single bit flip
30
20
10
0
60
50
40
Single bit faults
Faulty multiplications
1.30 1.29 1.28 1.27 1.26 1.25 1.24 1.23
Voltage [V]
0
16.50
13.75
11.00
8.25
5.50
2.75
5

Implementing the Fault-Based Attack
Fault-Based Attack of RSA Attackers
1. Subject server to potential single-bit faults in multiplications
2. Repeatedly authenticate to collect faulty RSA signatures
3. Offline, analyze RSA signatures to extract private key bits
4. Repeat steps 2 & 3 until entire RSA private key identified
6

Extracting the Key with Offline Analysis

The attacker collects the faulty signatures m
Private Key Public Key ŝŝ ŝŝ

The private key is recovered one window at the time ŝŝ ŝ ŝ d= X X X X
0

The attacker checks its guess against the collected faulty signatures
7

Computing (s=m d mod n) in OpenSSL d=214= 1101 0110 window 1 window 2 s=1 s=1 for each window: for each bit in window: //4times s = (s * s) mod n s= (∙∙∙(m 1101 ) 2 ) 2 ) 2 ) 2 s = (s * mˆd[window]) mod n return s s= m 1101 s= (∙∙∙(m 1101 ) 2 ) 2 ) 2 ) 2 )m 0110
8

Faulty Signature: ŝ!=m d mod n d=214= 1101 0110 window 1 window 2 s=1 s=1 for each window: for each bit in window: //4times s = (s * s) mod n ŝ = (∙∙∙(m 1101 ) 2 ) 2 ) ± 2 f ) 2 ) 2 s = (s * mˆd[window]) mod n return s s= m 1101 ŝ = (∙∙∙(m 1101 ) 2 ) 2 ) ± 2 f ) 2 ) 2 )m 0110
9

Reconstructing the Signature
The private key is recovered one window at the time, guessing where and when the fault hits d= d k
X k-1
X
…
X Which multiplication?
ŝ = (∙∙∙(m d k
) 64 )m d k-1
) 2 ) 2 ) 2 ±2 f ) 2 ) 2 ) 2 ) m d k-2
) 64 …m d
0
Already
Which bit?
known
Value?
For each window value to be guessed and signature we test:
•
16 possible key values
•
2 possible error values (0→1 or 1→0)
•
4 squaring iterations
10

Implementing Offline Analysis

In practice 40 bit positions typically affected by faults
→ the computation time is reduced to 2.5 seconds

Analyzing 8,800 corrupted signatures requires 1 CPUyear – only ~1,000 are useful ŝŝ ŝŝ ŝŝ

Signatures can be checked in parallel

Performed the analysis with 81 workstations
11

Fault-Based Attack of Leon3 SPARC
8,800 corrupted signatures collected in 10 hours
RSA 1024-bit private key
Distributed application with 81 machines for offline analysis
12

Exploring Temperature-Induced Faults
13

Number of Key Bits Revealed (128-bit RSA)
140
120
100
80
60
40
Surprising insight: Attack is easier to implement with more sophisticated cooling systems
V=1.3 v
V=1.28 v
V=1.27 v
V=1.26 v
V=1.25 v
V=1.24 v
20
0
20 30 40 80 90 100 50 60
Temperature
70
14

Conclusions

Transient faults can leak vital private key data

Fault-based attack devised for OpenSSL 0.9.8i ’s
Fixed Window Exponentiation algorithm

Attack demonstrated on a complete physical Leon3 SPARC system

Software fix using “blind”ing available in OpenSSL to protect against timing attacks

Published: “Fault-based Attack of RSA Authentication” - DATE 2010

Presented: BlackHat 2012
15