- Sofiane Takarabt18,19,
- Alexander Schaub19,
- Adrien Facon18,20,
- Sylvain Guilley18,19,20,
- Laurent Sauvage18,19,
- Youssef Souissi18 &
- …
- Yves Mathieu19
Part of the book series:Lecture Notes in Computer Science ((LNSC,volume 11445))
Included in the following conference series:
921Accesses
Abstract
Deployed widely and embedding sensitive data, The security of IoT devices depend on the reliability of cryptographic libraries to protect user information. However when implemented on real systems, cryptographic algorithms are vulnerable to side-channel attacks based on their execution behavior, which can be revealed by measurements of physical quantities such as timing or power consumption. Some countermeasures can be implemented in order to prevent those attacks. However those countermeasures are generally designed at high level description, and when implemented, some residual leakage may persist. In this article we propose a methodology to assess the robustness of the MbedTLS library against timing and cache-timing attacks. This comprehensive study of side-channel security allows us to identify the most frequent weaknesses in software cryptographic code and how those might be fixed. This methodology checks the whole source code, from the top level routines to low level primitives, that are used for the final application. We retrieve hundreds of lines of code that leak sensitive information.
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 5719
- Price includes VAT (Japan)
- Softcover Book
- JPY 7149
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Arnaud, C., Fouque, P.-A.: Timing attack against protected RSA-CRT implementation used in PolarSSL. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 18–33. Springer, Heidelberg (2013).https://doi.org/10.1007/978-3-642-36095-4_2
Bauer, A., Jaulmes, E., Lomné, V., Prouff, E., Roche, T.: Side-channel attack against RSA key generation algorithms. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 223–241. Springer, Heidelberg (2014).https://doi.org/10.1007/978-3-662-44709-3_13
Bernstein, D.J.: Cache-timing attacks on AES (2005)
Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 215–236. Springer, Heidelberg (2016).https://doi.org/10.1007/978-3-662-53140-2_11
Bouvet, A., Bruneau, N., Facon, A., Guilley, S., Marion, D.: Give me your binary, I’ll tell you if it leaks, pp. 1–4 (2018)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004).https://doi.org/10.1007/978-3-540-28632-5_2
Groot Bruinderink, L., Hülsing, A., Lange, T., Yarom, Y.: Flush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 323–345. Springer, Heidelberg (2016).https://doi.org/10.1007/978-3-662-53140-2_16
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011).https://doi.org/10.1007/978-3-642-23822-2_20
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999).https://doi.org/10.1007/3-540-48059-5_25
Dugardin, M., Guilley, S., Danger, J.-L., Najm, Z., Rioul, O.: Correlated extra-reductions defeat blinded regular exponentiation. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 3–22. Springer, Heidelberg (2016).https://doi.org/10.1007/978-3-662-53140-2_1
Facon, A., Guilley, S., Lec’hvien, M., Schaub, A., Souissi, Y.: Detecting cache-timing vulnerabilities in post-quantum cryptography algorithms. In: 2018 IEEE 3rd International Verification and Security Workshop (IVSW), pp. 7–12. IEEE (2018)
Itoh, K., Izu, T., Takenaka, M.: Address-bit differential power analysis of cryptographic schemes OK-ECDH and OK-ECDSA. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 129–143. Springer, Heidelberg (2003).https://doi.org/10.1007/3-540-36400-5_11
Itoh, K., Izu, T., Takenaka, M.: A practical countermeasure against address-bit differential power analysis. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 382–396. Springer, Heidelberg (2003).https://doi.org/10.1007/978-3-540-45238-6_30
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996).https://doi.org/10.1007/3-540-68697-5_9
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).https://doi.org/10.1007/3-540-48405-1_25
Le, T.-H., Canovas, C., Clédiere, J.: An overview of side-channel analysis attacks. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 33–43. ACM (2008)
Nakano, Y., et al.: A pre-processing composition for secret key recovery on android smartphone. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 76–91. Springer, Heidelberg (2014).https://doi.org/10.1007/978-3-662-43826-8_6
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006).https://doi.org/10.1007/11605805_1
Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. In: IACR Cryptology ePrint Archive, 2014:140 (2014)
Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security Symposium, pp. 719–732 (2014)
Acknowledgments
The authors are grateful to Matthieu Lec’hvien for having initiated this work (under the guidance of Alexander Schaub). This work has benefited from a funding viaTeamPlay (https://teamplay-h2020.eu/), a project from European Union’s Horizon2020 research and innovation programme, under grand agreement No. 779882. Besides, this work has been partly financed by NSFC grant No. 61632020, and French PIA (Projet d’Investissment d’Avenir) grant P141580, of acronym RISQ (Regroupement de l’Industrie pour la Sécurité post-Quantique).
Author information
Authors and Affiliations
Secure-IC S.A.S., 15 Rue Claude Chappe, Bât. B, 35 510, Cesson-Sévigné, France
Sofiane Takarabt, Adrien Facon, Sylvain Guilley, Laurent Sauvage & Youssef Souissi
LTCI, Télécom ParisTech, Institut Polytechnique de Paris, 75 013, Paris, France
Sofiane Takarabt, Alexander Schaub, Sylvain Guilley, Laurent Sauvage & Yves Mathieu
École Normale Supérieure, Département d’informatique, 75 005, Paris, France
Adrien Facon & Sylvain Guilley
- Sofiane Takarabt
You can also search for this author inPubMed Google Scholar
- Alexander Schaub
You can also search for this author inPubMed Google Scholar
- Adrien Facon
You can also search for this author inPubMed Google Scholar
- Sylvain Guilley
You can also search for this author inPubMed Google Scholar
- Laurent Sauvage
You can also search for this author inPubMed Google Scholar
- Youssef Souissi
You can also search for this author inPubMed Google Scholar
- Yves Mathieu
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toSylvain Guilley.
Editor information
Editors and Affiliations
Université Paris 8, Saint-Denis, France
Claude Carlet
Institut MINES-TELECOM, Paris, France
Sylvain Guilley
Université de Caen, Caen, France
Abderrahmane Nitaj
Mohammed V University, Rabat, Morocco
El Mamoun Souidi
A Appendix
A Appendix
Here we give all the inter-procedural graphs that show the dependency and the leakage location for each algorithm (Figs. 13,14,15,16,17, and18).
Full RSA graph with leakage dependency for\(mbedtls\_rsa\_private\) function
Part of ECDSA graph with leakage dependency for\(mbedtls\_ecdsa\_sign\) function
Full AES graph with leakage dependency:\(mbedtls\_aes\_self\_test\)
Full DES graph with leakage dependency:\(mbedtls\_des\_self\_test\) function
Full Blowfish graph with leakage dependency:\(blowfish\_enc\) function
Full Camellia graph with leakage dependency:\(mbedtls\_camellia\_self\_test\) function
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Takarabt, S.et al. (2019). Cache-Timing Attacks Still Threaten IoT Devices. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2019. Lecture Notes in Computer Science(), vol 11445. Springer, Cham. https://doi.org/10.1007/978-3-030-16458-4_2
Download citation
Published:
Publisher Name:Springer, Cham
Print ISBN:978-3-030-16457-7
Online ISBN:978-3-030-16458-4
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative