Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for RSA
| Autor: | Maria Mushtaq, Vianney Lapotre, Muhammad Asim Mukhtar, Muhammad Khurram Bhatti, Guy Gogniat |
|---|---|
| Přispěvatelé: | ADAptive Computing (ADAC), Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier (LIRMM), Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM), Information Technology University [Lahore] (ITU), Lab-STICC_UBS_CACS_MOCS, Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (Lab-STICC), Institut Mines-Télécom [Paris] (IMT)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-École Nationale d'Ingénieurs de Brest (ENIB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Centre National de la Recherche Scientifique (CNRS)-Université Bretagne Loire (UBL)-Institut Mines-Télécom [Paris] (IMT)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-École Nationale d'Ingénieurs de Brest (ENIB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Centre National de la Recherche Scientifique (CNRS)-Université Bretagne Loire (UBL) |
| Jazyk: | angličtina |
| Rok vydání: | 2020 |
| Předmět: |
Computer science
Intel’s x86 architecture Cryptography 02 engineering and technology Computer security computer.software_genre law.invention Countermeasures [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] RSA law 020204 information systems 0202 electrical engineering electronic engineering information engineering Cryptosystem Side channel attack Side-channel attacks (SCAs) Cache side-channel attacks business.industry Caches Multi-core architecture Hardware and Architecture Privacy Threat model Information leakage Key (cryptography) Security 020201 artificial intelligence & image processing [INFO.INFO-ES]Computer Science [cs]/Embedded Systems Cache Cryptanalysis business computer Software Information Systems |
| Zdroj: | Information Systems Information Systems, Elsevier, In press, ⟨10.1016/j.is.2020.101524⟩ |
| ISSN: | 0306-4379 |
| DOI: | 10.1016/j.is.2020.101524⟩ |
| Popis: | International audience; Timing-based side-channels play an important role in exposing the state of a process execution on underlying hardware by revealing information about timing and access patterns. Side-channel attacks (SCAs) are powerful cryptanalysis techniques that focus on the underlying implementation of cryptographic ciphers during execution rather than attacking the structure of cryptographic functions. This paper reviews cache-based software side-channel attacks, mitigation and detection techniques that target various cryptosystems, particularly RSA, proposed over the last decade (2007–2018). It provides a detailed taxonomy of attacks on RSA cryptosystems and discusses their strengths and weaknesses while attacking different algorithmic implementations of RSA. A threat model is presented based on the cache features that are being leveraged for such attacks across cache hierarchy in computing architectures. The paper also provides a classification of these attacks based on the source of information leakage. It then undertakes a qualitative analysis of secret key retrieval efficiency, complexity, and the features being exploited on target cryptosystems in these attacks. The paper also discusses the mitigation and detection techniques proposed against such attacks and classifies them based on their effectiveness at various levels in caching hardware and leveraged features. Finally, the paper discusses recent trends in attacks, the challenges involved in their mitigation, and future research directions needed to deal with side-channel information leakage. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect