News

Researchers discover attacks against widely used cryptographic libraries

The researchers fixed the vulnerability by editing the code in a way that the attacker cannot learn the secret key of the victim.

Different levels of cache include smaller and faster memories.

Security in the Internet is provided by underlying cryptographic protocols. Two of the prominent ones are the Transparent Layer Security (TLS) providing security to network communications and the more specialized Secure Shell (SSH) providing secure login to remote hosts.

'Web banks use the TLS protocol to cryptographically authenticate to their clients when their clients log in. Weaknesses in TLS implementations can allow an attacker to put up a fake website that looks and behaves exactly the same as the original web bank,' explains Cesar Pereida Garcia, a Master’s student at the Department of Computer Science and researcher with the Secure Systems Group.

Many of these protocols use OpenSSL in their implementations. OpenSSL is a widely used library of cryptographic algorithm implementations. However, side-channels can be used as other information channels to leak critical secrets from implementations of cryptographic algorithms.

'When a computer is executing an algorithm, unless the algorithm was designed and implemented carefully, an attacker can learn what the computer is doing by monitoring different types of information channels. For example, electromagnetic radiation emanating from the computer is one such side-channel,' says professor N. Asokan who is Pereida Garcia’s thesis supervisor.

Pereida Garcia, in collaboration with Billy Brumley, Tampere University of Technology, and Yuval Yarom, The University of Adelaide and NICTA, discovered a side-channel attack, based on cache timing measurements, against the OpenSSL implementation of the Digital Signature Algorithm (DSA) which is used to authenticate messages.

The secret key

Recent Intel computer architecture has three levels of cache. Intel caches are inclusive: if the data gets deleted from the cache at one level, it will also be deleted from all higher level caches. The last level cache (LLC) in a processor is shared by all cores in that processor.

'The critical operation of DSA involves exponentiations, reduced to a sequence of square and multiply operations. The code for each operation is at a unique memory address. Due to the discovered software defect, the exact sequence of these operations depends on the secret key. Therefore the attacker whose code is running on one core can learn the sequence of operations and thus the key of the victim’s DSA implementation running on another core by manipulating and monitoring the LLC,' explains Pereida Garcia.

'The execution path of the DSA algorithm should have been tested when the mitigation was created in 2005. It is rather simple to test if the code behaves as intended with a debugger,' tells Pereida Garcia’s thesis advisor, Tampere University of Technology assistant professor Billy Brumley who is an alumnus of Aalto University.

Fixing the vulnerability

The developers of the OpenSSL library were informed on the vulnerability on 23.5.2016 and have already merged Pereida Garcia’s fix for the security vulnerability. Two open-source forks of OpenSSL, Google’s BoringSSL and FreeBSD’s LibreSSL, also merged Pereida Garcia’s fix.

'Fixing the code was straightforward once the software defect was detected. Now the DSA square and multiply algorithm always runs in constant-time independently from the key bits,' concludes Pereida Garcia.

Cesar Pereida Garcia is part of the Erasmus Mundus NordSecMob Master’s Programme. The project is also supported by TEKES Cyber Trust.

More information:

Cesar Pereida García
Aalto University
[email protected]

Billy Bob Brumley
Tampere University of Technology
p. 050 553 2851
[email protected]

Article

US-CERT/NIST National Vulnerability Database

TEKES Cyber Trust

  • Published:
  • Updated:
Share
URL copied!

Read more news

Kerrostalo ja kallioita
Cooperation, Press releases, Research & Art Published:

The SUBURBAN PRIDE project examines the relationship between mental images of suburbs and the built environment

The multidisciplinary project combines history of architecture, sociology, and research in critical cultural heritage and landscape architecture. The purpose of the project, based on research and workshops, is to build a sustainable future for suburbs.
Aalto-yliopiston kauppakorkeakoulu. Kuva: Mika Huisman
Research & Art Published:

School of Business is getting more high-quality international applications for professorships

Our excellent rankings reveal the high quality of our research work.
Henrika Yliriskun väitös taidekasvatuksen alalta tarkastettiin Aalto-yliopistossa maaliskuussa 2021.
Research & Art, Studies Published:

‘Environmental art education should address the problem of human-centeredness’

‘I claim’ series presents our researchers and the results of their work. Henrika Ylirisku researches the premises of environmental art education.
InteraktiiQuantum Garden on interaktiivinen elektroninen valotaideteos, jota koskettamalla teoksen värit muuttuvat. Tummasävyisessä kuvassa kaksi kättä kurkottaa eriväristen valoantureiden päälle.
Aalto Magazine, Research & Art Published:

Quantum literacy for all

What do computers, cell phones and GPS navigation have in common? And what about digital cameras, solar panels and fibre optics? The answer is that the functioning of these devices is based on quantum phenomena.