Template attacks exploiting static power and application to CMOS lightweight crypto-hardware

Side-channel attacks are a serious threat to security-critical software. OpenSSL is a prime security attack target due to the library’s ubiquitous real world applications, therefore, the history of cache-timing attacks against OpenSSL is varied and rich. The presentation includes a brief history of cache-timing attacks in OpenSSL. To mitigate remote timing and cache-timing attacks, many ubiquitous cryptography software libraries such as OpenSSL and LibreSSL feature constant-time implementations of cryptographic primitives. Unfortunately, software defects in these libraries only provide temporary security as new side-channel techniques are developed. The result is vulnerable code that leaks confidential information and that can be exploited to recover private keys using state-of-the-art side-channel techniques. Adding a new chapter to OpenSSL rich history, this presentation features a concrete example of a new cache-timing attack exploiting a software defect in OpenSSL. We disclose a vulnerability in OpenSSL 1.0.1u that recovers ECDSA private keys for the standardized elliptic curve P-256 despite the library featuring both constant-time curve operations and modular inversion with microarchitecture attack mitigations. Exploiting this defect, we target the errant modular inversion code path with a cache-timing and improved performance degradation attack, recovering the inversion state sequence. The improved performance degradation attack allow us to accurately recover the inversion state sequence despite the speed of this operation compared to the scalar multiplication. We propose a new approach of extracting a variable number of nonce bits from these sequences, and improve upon the best theoretical result to recover private keys in a lattice attack with as few as 50 signatures and corresponding traces. As far as we are aware, this is the first timing attack against OpenSSL ECDSA that does not target scalar multiplication, and furthermore the first side-channel attack on cryptosystems leveraging P256 constant-time scalar multiplication. Moreover, we demonstrate a cache-based key recovery attack against two ubiquitous security protocols (SSH and TLS) linked against OpenSSL to perform ECDSA signature operations. We extract P-256 ECDSA keys from an OpenSSH server for the SSH scenario and from an stunnel server for the TLS scenario.