More Web Proxy on the site http://driver.im/

Article

Practical realisation and elimination of an ECC-Related software bug attack

Authors:

Billy B. Brumley,

Manuel Barbosa,

Frederik VercauterenAuthors Info & Claims

CT-RSA'12: Proceedings of the 12th conference on Topics in Cryptology

Pages 171 - 186

https://doi.org/10.1007/978-3-642-27954-6_11

Published: 27 February 2012 Publication History

Abstract

We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality. The attack, although more general, can recover the entire (static) private key from an associated SSL server via 633 adaptive queries when the NIST curve P-256 is used. One can view it as a software-oriented analogue of the bug attack concept due to Biham et al. and, consequently, as the first bug attack to be successfully applied against a real-world system. In addition to the attack and a posteriori countermeasures, we show that formal verification, while rarely used at present, is a viable means of detecting the features which the attack hinges on. Based on the security implications of the attack and the extra justification posed by the possibility of intentionally incorrect implementations in collaborative software development, we conclude that applying and extending the coverage of formal verification to augment existing test strategies for OpenSSL-like software should be deemed a worthwhile, long-term challenge.

References

[1]

Antipa, A., Brown, D. R. L., Menezes, A., Struik, R., Vanstone, S. A.: Validation of Elliptic Curve Public Keys. In: Desmedt, Y. G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 211-223. Springer, Heidelberg (2002)

[2]

Barbosa, M.: CACE Deliverable D5.2: formal specification language definitions and security policy extensions (2009), http://www.cace-project.eu

[3]

Barbosa, M., Moss, A., Page, D.: Constructive and destructive use of compilers in elliptic curve cryptography. J. Cryptology 22(2), 259-281 (2009)

[4]

Biham, E., Carmeli, Y., Shamir, A.: Bug Attacks. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 221-240. Springer, Heidelberg (2008)

[5]

Ciet, M., Joye, M.: Elliptic curve cryptosystems in the presence of permanent and transient faults. Designs, Codes and Cryptography 36(1), 33-43 (2005)

[6]

Conchon, S., Contejean, E., Kanig, J.: Ergo : a theorem prover for polymorphic first-order logic modulo theories (2006), http://ergo.lri.fr/papers/ergo.ps

[7]

Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç. K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292-302. Springer, Heidelberg (1999)

[8]

Detlefs, D., Nelson, G., Saxe, J. B.: Simplify: a theorem prover for program checking. J. ACM 52(3), 365-473 (2005)

[9]

Filliâtre, J.-C., Marché, C.: Multi-Prover Verification of C Programs. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 15-29. Springer, Heidelberg (2004)

[10]

Filliâtre, J.-C., Marché, C.: The Why/Krakatoa/Caduceus Platform for Deductive Program Verification. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 173-177. Springer, Heidelberg (2007)

[11]

Herley, C.: So long, and no thanks for the externalities: The rational rejection of security advice by users. In: New Security Paradigms Workshop (NSPW), pp. 133-144 (2009)

[12]

Hoare, C. A. R.: An axiomatic basis for computer programming. Communications of the ACM 12, 576-580 (1969)

[13]

Montgomery, P. L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comp. 48(177), 243-264 (1987)

[14]

Nguyen, P. Q.: Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3. In: Cachin, C., Camenisch, J. L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 555-570. Springer, Heidelberg (2004)

[15]

Paterson, K. G., Yau, A. K. L.: Cryptography in Theory and Practice: The Case of Encryption in IPsec. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 12-29. Springer, Heidelberg (2006)

[16]

Reimann, H.: BN_nist_mod_384 gives wrong answers. openssl-dev mailing list #1593 (2007), http://marc.info/?t=119271238800004

[17]

Solinas, J. A.: Generalized Mersenne numbers. Technical Report CORR 99-39, Centre for Applied Cryptographic Research (CACR), University of Waterloo (1999), http://www.cacr.math.uwaterloo.ca/techreports/1999/corr99-39.pdf

[18]

The Coq Development Team. The Coq Proof Assistant Reference Manual - Version V8.2 (2008), http://coq.inria.fr

[19]

Vieira, B., Barbosa, M., Sousa Pinto, J., Filliatre, J.-C.: A deductive verification platform for cryptographic software. In: International Workshop on Foundations and Techniques for Open Source Software Certification, OpenCert (2010)

Cited By

Schoolderman MMoerman JSmetsers Svan Eekelen M(2021)Efficient Verification of Optimized CodeNASA Formal Methods10.1007/978-3-030-76384-8_19(304-321)Online publication date: 24-May-2021
https://dl.acm.org/doi/10.1007/978-3-030-76384-8_19
Belyavsky DBrumley BChi-Domínguez JRivera-Zamarripa LUstinov I(2020)Set It and Forget It! Turnkey ECC for Instant IntegrationProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427291(760-771)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427291
Mouha NCeli C(2020)Extending NIST’s CAVP Testing of Cryptographic Hash Function ImplementationsTopics in Cryptology – CT-RSA 202010.1007/978-3-030-40186-3_7(129-145)Online publication date: 24-Feb-2020
https://dl.acm.org/doi/10.1007/978-3-030-40186-3_7
Show More Cited By

Practical realisation and elimination of an ECC-Related software bug attack
1. Security and privacy

Recommendations

Faster Software for Fast Endomorphisms
COSADE 2015: Revised Selected Papers of the 6th International Workshop on Constructive Side-Channel Analysis and Secure Design - Volume 9064

GLV curves Gallant et al. have performance advantages over standard elliptic curves, using half the number of point doublings for scalar multiplication. Despite their introduction in 2001, implementations of the GLV method have yet to permeate ...
On the Need of Randomness in Fault Attack Countermeasures - Application to AES
FDTC '12: Proceedings of the 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography

Recent works show that a combination of perturbation and observation attacks on symmetric ciphers thwarts state-of-the-art countermeasures. In this paper, we first propose a new way - to our knowledge - to classifyfault attacks against block ciphers, ...
Single Trace Attack Against RSA Key Generation in Intel SGX SSL
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

Microarchitectural side-channel attacks have received significant attention recently. However, while side-channel analyses on secret key operations such as decryption and signature generation are well established, the process of key generation did not ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

CT-RSA'12: Proceedings of the 12th conference on Topics in Cryptology

February 2012

432 pages

ISBN:9783642279539

Editor:
Orr Dunkelman
Computer Science Department, University of Haifa, Haifa, Israel

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 27 February 2012

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Schoolderman MMoerman JSmetsers Svan Eekelen M(2021)Efficient Verification of Optimized CodeNASA Formal Methods10.1007/978-3-030-76384-8_19(304-321)Online publication date: 24-May-2021
https://dl.acm.org/doi/10.1007/978-3-030-76384-8_19
Belyavsky DBrumley BChi-Domínguez JRivera-Zamarripa LUstinov I(2020)Set It and Forget It! Turnkey ECC for Instant IntegrationProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427291(760-771)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427291
Mouha NCeli C(2020)Extending NIST’s CAVP Testing of Cryptographic Hash Function ImplementationsTopics in Cryptology – CT-RSA 202010.1007/978-3-030-40186-3_7(129-145)Online publication date: 24-Feb-2020
https://dl.acm.org/doi/10.1007/978-3-030-40186-3_7
Tuveri NHassan SGarcia CBrumley B(2018)Side-Channel Analysis of SM2Proceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274725(147-160)Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.1145/3274694.3274725
Jager TSchwenk JSomorovsky J(2015)Practical Invalid Curve Attacks on TLS-ECDHComputer Security -- ESORICS 201510.1007/978-3-319-24174-6_21(407-425)Online publication date: 21-Sep-2015
https://dl.acm.org/doi/10.1007/978-3-319-24174-6_21
Chen YHsu CLin HSchwabe PTsai MWang BYang BYang SAhn GYung MLi N(2014)Verifying Curve25519 SoftwareProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660370(299-309)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660370
Almeida JBarbosa MBarthe GDupressoir FSadeghi AGligor VYung M(2013)Certified computer-aided cryptographyProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516652(1217-1230)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516652

View Options

View options

Media

Figures

Other

Tables

View Table of Contents