CS计算机代考程序代写 cache ECEN 4133

ECEN 4133
Side channel attacks and defenses

Side channel
• Measure something secret using other available indirect measurement
• Secrets:
• Passwords
• Private keys
• Confidentialinformation
• Available data: • Timing
• Power
• Heat
• Sound
• Pizza deliveries…???
• Panama invasion (1990)
• Operation Desert Storm (1991)

Side channel example: passwords
bool check_password(char *pw, char *correct) { if (strlen(pw)!=strlen(correct))
return false;
for (int i=0; i 10us check_password(“aaaaaa”, “s3cr37”) => 15us check_password(“baaaaa”, “s3cr37”) => 15us check_password(“saaaaa”, “s3cr37”) => 20us

Side channel example: passwords
bool check_password(char *pw, char *correct) { if (strlen(pw)!=strlen(correct))
return false;
for (int i=0; i 20us check_password(“s3aaaa”, “s3cr37”) => 25us
How many guesses to get correct N-character password?

Side channel example: passwords
• How should we fix this vulnerability?

Side channel solution: constant time
// Note: strlen(correct) must be equal to strlen(pw)
// This function still leaks the length of strlen(correct)! // (how could we fix?)
bool check_password(char *pw, char *correct) {
if (strlen(pw) != strlen(correct)) return false;
int diff = 0;
for (int i=0; i 1:
if n%2==1: # n is odd y = x * y;
x = x * x;
n = (n – 1) / 2;
# n is even
x = x * x;
n = n / 2;
else: return x * y

Side channel example: repeated squaring
Time (us)
Square and multiply

• Solving the repeated squaring side channel?

Repeated squaring: Montgomery’s Ladder:
x1 = x
x2 = x*x
for i = k – 2 to 0:
if n_i == 0: x2 = x1 =
x1 =
x2 =
# k bits in n, MSB (n_(k-1)) = 1
# bit is even x1*x2
# bit is odd
x1*x2 x2*x2
return x1

Alternative side channel defense: blinding
• Given c = x^e mod N
• Don’t want to compute c^d mod N (might leak d!)
• First blind: b = c*r^e mod N for random r (this is just (xr)^e mod N)
• Then decrypt: a = b^d mod N = (xr)^ed mod N = xr mod N
• Remove blinding: a*r^-1 mod N = xr*r^-1 mod N = x mod N
• Since attacker doesn’t know r, can’t learn d during “blinded” decryption

Other side channels?
• What other examples of side channels exist? • How can we fix them?

Other side channels?
• EM-emission
• Sound
• Accelerometer data
• Timing of key presses
• Shared resources:
• Cache timing
• Bandwidth / latency
• IPID field in IP packets

Cache side channels
• Caches improve performance by storing recently-accessed data close to the CPU
• Potentially leaks what was recently accessed!
1. Attacker fills cache:
2. Victim process reads from 0xC8:
3. Attacker reads: 0xA0 (52ns) 0xA4 (55ns) 0xA8 (397ns) 0xAC (49ns)
Attacker learns 0xA8 was not in cache! (recently evicted by another process)
0xA8 is evicted

Leave a Reply

Your email address will not be published. Required fields are marked *