Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for RSA. (September 2020)
- Record Type:
- Journal Article
- Title:
- Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for RSA. (September 2020)
- Main Title:
- Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for RSA
- Authors:
- Mushtaq, Maria
Mukhtar, Muhammad Asim
Lapotre, Vianney
Bhatti, Muhammad Khurram
Gogniat, Guy - Abstract:
- Abstract: Timing-based side-channels play an important role in exposing the state of a process execution on underlying hardware by revealing information about timing and access patterns. Side-channel attacks (SCAs) are powerful cryptanalysis techniques that focus on the underlying implementation of cryptographic ciphers during execution rather than attacking the structure of cryptographic functions. This paper reviews cache-based software side-channel attacks, mitigation and detection techniques that target various cryptosystems, particularly RSA, proposed over the last decade (2007–2018). It provides a detailed taxonomy of attacks on RSA cryptosystems and discusses their strengths and weaknesses while attacking different algorithmic implementations of RSA. A threat model is presented based on the cache features that are being leveraged for such attacks across cache hierarchy in computing architectures. The paper also provides a classification of these attacks based on the source of information leakage. It then undertakes a qualitative analysis of secret key retrieval efficiency, complexity, and the features being exploited on target cryptosystems in these attacks. The paper also discusses the mitigation and detection techniques proposed against such attacks and classifies them based on their effectiveness at various levels in caching hardware and leveraged features. Finally, the paper discusses recent trends in attacks, the challenges involved in their mitigation, andAbstract: Timing-based side-channels play an important role in exposing the state of a process execution on underlying hardware by revealing information about timing and access patterns. Side-channel attacks (SCAs) are powerful cryptanalysis techniques that focus on the underlying implementation of cryptographic ciphers during execution rather than attacking the structure of cryptographic functions. This paper reviews cache-based software side-channel attacks, mitigation and detection techniques that target various cryptosystems, particularly RSA, proposed over the last decade (2007–2018). It provides a detailed taxonomy of attacks on RSA cryptosystems and discusses their strengths and weaknesses while attacking different algorithmic implementations of RSA. A threat model is presented based on the cache features that are being leveraged for such attacks across cache hierarchy in computing architectures. The paper also provides a classification of these attacks based on the source of information leakage. It then undertakes a qualitative analysis of secret key retrieval efficiency, complexity, and the features being exploited on target cryptosystems in these attacks. The paper also discusses the mitigation and detection techniques proposed against such attacks and classifies them based on their effectiveness at various levels in caching hardware and leveraged features. Finally, the paper discusses recent trends in attacks, the challenges involved in their mitigation, and future research directions needed to deal with side-channel information leakage. Highlights: We propose a threat model to identify various leakage channels We investigate the timing channels on various cryptographic implementations We analyze software and hardware countermeasure and detection techniques proposed so far. We discuss various open threats against cache hierarchy that have not been properly addressed by the proposed mitigation techniques. We discuss the challenges associated with hardware mitigation solutions and argue in favor of strong software countermeasures … (more)
- Is Part Of:
- Information systems. Volume 92(2020)
- Journal:
- Information systems
- Issue:
- Volume 92(2020)
- Issue Display:
- Volume 92, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 92
- Issue:
- 2020
- Issue Sort Value:
- 2020-0092-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-09
- Subjects:
- Security -- Privacy -- Cryptography -- Side-channel attacks (SCAs) -- Cache side-channel attacks -- Countermeasures -- RSA -- Intel's x86 architecture -- Multi-core architecture -- Caches
Database management -- Periodicals
Electronic data processing -- Periodicals
Bases de données -- Gestion -- Périodiques
Informatique -- Périodiques
Database management
Electronic data processing
Periodicals
005.7 - Journal URLs:
- http://www.sciencedirect.com/science/journal/03064379 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.is.2020.101524 ↗
- Languages:
- English
- ISSNs:
- 0306-4379
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4496.367300
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 13546.xml