On the power of Simple Branch Prediction Analysis
| dc.contributor.author | Acıiçmez, Onur | |
| dc.contributor.author | Koç, Çetin Kaya | |
| dc.contributor.author | Seifert, J.-P. | |
| dc.date.accessioned | 2020-11-21T15:56:55Z | |
| dc.date.available | 2020-11-21T15:56:55Z | |
| dc.date.issued | 2007 | en_US |
| dc.department | İstanbul Ticaret Üniversitesi | en_US |
| dc.description | 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07 -- 20 March 2007 through 22 March 2007 -- Singapore -- 70307 | en_US |
| dc.description.abstract | Very recently, a new software side-channel attack, called Branch Prediction Analysis (BPA) attack, has been discovered and also demonstrated to be practically feasible on popular commodity PC platforms. While the above recent attack still had the flavor of a classical timing attack against RSA, where one uses many execution-time measurements under the same key in order to statistically amplify some small but key-dependent timing differences, we dramatically improve upon the former result. We prove that a carefully written spy-process running simultaneously with an RSA-process, is able to collect during one single RSA signing execution almost all of the secret key bits. We call such an attack, analyzing the CPU's Branch Predictor states through spying on a single quasi-parallel computation process, a Simple Branch Prediction Analysis (SBPA) attack - sharply differentiating it from those one relying on statistical methods and requiring many computation measurements under the same key. The successful extraction of almost all secret key bits by our SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless. Additional to that very crucial security implication, targeted at such implementations which are assumed to be at least statistically secure, our successful SBPA attack also bears another equally critical security implication. Namely, in the context of simple side-channel attacks, it is widely believed that equally balancing the operations after branches is a secure countermeasure against such simple attacks. Unfortunately, this is not true, as even such "balanced branch" implementations can be completely broken by our SBPA attacks. Moreover, despite sophisticated hardware-assisted partitioning methods such as memory protection, sandboxing or even virtualization, SBPA attacks empower an unprivileged process to successfully attack other processes running in parallel on the same processor. Thus, we conclude that SBPA attacks are much more dangerous than previously anticipated, as they obviously do not belong to the same category as pure timing attacks. Copyright 2007 ACM. | en_US |
| dc.identifier.doi | 10.1145/1229285.1266999 | en_US |
| dc.identifier.endpage | 320 | en_US |
| dc.identifier.issn | 1595935746; 9781595935748 | |
| dc.identifier.scopus | 2-s2.0-84876307879 | en_US |
| dc.identifier.scopusquality | N/A | en_US |
| dc.identifier.startpage | 312 | en_US |
| dc.identifier.uri | https://doi.org/10.1145/1229285.1266999 | |
| dc.identifier.uri | https://hdl.handle.net/11467/4196 | |
| dc.indekslendigikaynak | Scopus | en_US |
| dc.language.iso | en | en_US |
| dc.relation.ispartof | eProceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07 | en_US |
| dc.relation.publicationcategory | Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı | en_US |
| dc.rights | info:eu-repo/semantics/closedAccess | en_US |
| dc.subject | Branch prediction analysis | en_US |
| dc.subject | Modular exponentiation | en_US |
| dc.subject | RSA | en_US |
| dc.subject | Side channel analysis | en_US |
| dc.title | On the power of Simple Branch Prediction Analysis | en_US |
| dc.type | Conference Object | en_US |
