Testing Side-channel Security of Cryptographic Implementations against Future Microarchitectures
| dc.contributor.author | Barthe, G. | |
| dc.contributor.author | Böhme, M. | |
| dc.contributor.author | Cauligi, S. | |
| dc.contributor.author | Chuengsatiansup, C. | |
| dc.contributor.author | Genkin, D. | |
| dc.contributor.author | Guarnieri, M. | |
| dc.contributor.author | Romero, D.M. | |
| dc.contributor.author | Schwabe, P. | |
| dc.contributor.author | Wu, D. | |
| dc.contributor.author | Yarom, Y. | |
| dc.contributor.conference | ACM SIGSAC Conference on Computer and Communications Security (CCS) (14 Oct 2024 - 18 Oct 2024 : Salt Lake City, UT, USA) | |
| dc.contributor.editor | Luo, B. | |
| dc.contributor.editor | Liao, X. | |
| dc.contributor.editor | Xu, J. | |
| dc.contributor.editor | Kirda, E. | |
| dc.contributor.editor | Lie, D. | |
| dc.date.issued | 2024 | |
| dc.description.abstract | How will future microarchitectures impact the security of existing cryptographic implementations? As we cannot keep reducing the size of transistors, chip vendors have started developing new microarchitectural optimizations to speed up computation. A recent study (Sanchez Vicarte et al., ISCA 2021) suggests that these optimizations might open the Pandora’s box of microarchitectural attacks. However, there is little guidance on how to evaluate the security impact of future optimization proposals. To help chip vendors explore the impact of microarchitectural optimizations on cryptographic implementations, we develop (i) an expressive domain-specific language, called LmSpec, that allows them to specify the leakage model for the given optimization and (ii) a testing framework, called LmTest, to automatically detect leaks under the specified leakage model within the given implementation. Using this framework,we conduct an empirical study of 18 proposed microarchitectural optimizations on 25 implementations of eight cryptographic primitives in five popular libraries.We find that every implementation would contain secret-dependent leaks, sometimes sufficient to recover a victim’s secret key, if these optimizations were realized. Ironically, some leaks are possible only because of coding idioms used to prevent leaks under the standard constant-time model. | |
| dc.description.statementofresponsibility | Gilles Barthe, Marcel Böhme, Sunjay Cauligi, Chitchanok Chuengsatiansup, Daniel Genkin, Marco Guarnieri, David Mateos Romero, Peter Schwabe, David Wu, Yuval Yarom | |
| dc.identifier.citation | Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS'24), 2024 / Luo, B., Liao, X., Xu, J., Kirda, E., Lie, D. (ed./s), pp.1076-1090 | |
| dc.identifier.doi | 10.1145/3658644.3670319 | |
| dc.identifier.isbn | 979-8-4007-0636-3 | |
| dc.identifier.orcid | Yarom, Y. [0000-0003-0401-4197] | |
| dc.identifier.uri | https://hdl.handle.net/2440/145741 | |
| dc.language.iso | en | |
| dc.publisher | Association for Computing Machinery (ACM) | |
| dc.relation.grant | http://purl.org/au-research/grants/arc/DP210102670 | |
| dc.rights | © 2024 Copyright held by the owner/author(s). This work is licensed under a Creative Commons Attribution International 4.0 License. | |
| dc.source.uri | https://dl.acm.org/doi/proceedings/10.1145/3658644 | |
| dc.subject | Side-channel attacks,; microarchitectural attacks; leakage models; random testing | |
| dc.title | Testing Side-channel Security of Cryptographic Implementations against Future Microarchitectures | |
| dc.type | Conference paper | |
| pubs.publication-status | Published |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- hdl_145741.pdf
- Size:
- 1.61 MB
- Format:
- Adobe Portable Document Format
- Description:
- Published version