Timing Attacks on Modular Exponentiations: Vulnerability Study - Prof. Krzysztof Gaj, Study Guides, Projects, Research of Cryptography and System Security

A final report on the timing cryptanalysis attack, a side channel attack that exploits the variation in processing times for modular exponentiations to reveal secret keys. The report includes an abstract of the attack, its history, the vulnerability exploited, and the attack process. It also presents the results of an experiment using a 'perfect timing' scenario and discusses the efficiency and limitations of the attack.

Typology: Study Guides, Projects, Research

Pre 2010

Uploaded on 02/12/2009

koofers-user-tdu-1
koofers-user-tdu-1 🇺🇸

9 documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Timing Cryptanalysis Final Report
Kevin Magee, ECE 646, Fall 2003, Prof. Kris Gaj
Abstract - Accurate timing measurements of
modular exponentiations used in public key
cryptography can reveal the secret key
exponent. Using nothing more than a
common personal computer the author was
able to successfully crack a modern
cryptographic library routine that performed
modular exponentiations with a 64-bit key.
Paul Kocher first proposed the timing attack
in his famous 1995 paper, “Timing Attacks
on Implementations of Diffie-Hellman,
RSA, DSS, and Other Systems”. Any
public-key implementation where an
attacker can make accurate timing
measurements is potentially at risk. This
purpose of this paper is to explain how a
timing attack works and to add to an
increasing list of public-key
implementations that are vulnerable to Paul
Kocher’s brilliant idea.
1. INTRODUCTION
Searching for an algorithmic flaw in
mathematical functions will almost certainly
not prove to be a successful strategy for
breaking modern ciphers. The increasing
importance of cryptography is encouraging
experts from around the world to
collaboratively work together to produce
algorithmically secure encryption
techniques. However, attackers will always
go after the weakest link in a security chain.
If the mathematical algorithm is not the
weakest link, attackers will look elsewhere.
The “elsewhere” types of attacks are
grouped into a new category of cryptanalysis
called Side Channel attacks. Side Channel
attacks focus on the implementations of
cryptographic algorithms instead of on the
algorithms themselves. Side Channel attacks
use implementation vulnerabilities such as
fluctuations in power consumption, changes
in electromagnetic radiation, and
unprotected memory spaces to crack ciphers.
The demonstrated success of these attacks
has show that any mechanism that carries
information from a secure area to an
insecure area should be viewed as a
potential vulnerability. This paper is to focus
on a specific instance of these Side Channel
attacks – the Timing Attack.
2. THE VULNERABILITY
Modular exponentiation in public key
cryptography is often implemented with the
following pseudo code:
Algorithm 1. Modular Exponentiation
Calculating M Secret Key mod N
Result = 1
for ( every bit of the secret key- from
right to left )
{
if ( the secret key bit = ‘1’ )
Result = Result * M % N
M = M * M % N;
}
return Result
Where M is the message being
encrypted/decrypted and N is the
modulus.
The bolded line “Result = Result * M %
N” in the Algorithm 1 above is only
executed when the secret key bit equals ‘1’.
Therefore, execution time is dependent not
only on the message (all calculations
containing M) but also on the secret key.
1
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Timing Attacks on Modular Exponentiations: Vulnerability Study - Prof. Krzysztof Gaj and more Study Guides, Projects, Research Cryptography and System Security in PDF only on Docsity!

Timing Cryptanalysis Final Report

Kevin Magee, ECE 646, Fall 2003, Prof. Kris Gaj

Abstract - Accurate timing measurements of modular exponentiations used in public key cryptography can reveal the secret key exponent. Using nothing more than a common personal computer the author was able to successfully crack a modern cryptographic library routine that performed modular exponentiations with a 64-bit key. Paul Kocher first proposed the timing attack in his famous 1995 paper, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems”. Any public-key implementation where an attacker can make accurate timing measurements is potentially at risk. This purpose of this paper is to explain how a timing attack works and to add to an increasing list of public-key implementations that are vulnerable to Paul Kocher’s brilliant idea.

1. INTRODUCTION

Searching for an algorithmic flaw in mathematical functions will almost certainly not prove to be a successful strategy for breaking modern ciphers. The increasing importance of cryptography is encouraging experts from around the world to collaboratively work together to produce algorithmically secure encryption techniques. However, attackers will always go after the weakest link in a security chain. If the mathematical algorithm is not the weakest link, attackers will look elsewhere.

The “elsewhere” types of attacks are grouped into a new category of cryptanalysis called Side Channel attacks. Side Channel attacks focus on the implementations of cryptographic algorithms instead of on the algorithms themselves. Side Channel attacks

use implementation vulnerabilities such as fluctuations in power consumption, changes in electromagnetic radiation, and unprotected memory spaces to crack ciphers. The demonstrated success of these attacks has show that any mechanism that carries information from a secure area to an insecure area should be viewed as a potential vulnerability. This paper is to focus on a specific instance of these Side Channel attacks – the Timing Attack.

2. THE VULNERABILITY

Modular exponentiation in public key cryptography is often implemented with the following pseudo code:

Algorithm 1. Modular Exponentiation Calculating M Secret Key^ mod N

Result = 1 for ( every bit of the secret key- from right to left ) { if ( the secret key bit = ‘1’ ) Result = Result ***** M % N M = M * M % N; } return Result

Where M is the message being encrypted/decrypted and N is the modulus.

The bolded line “ Result = Result * M % N” in the Algorithm 1 above is only executed when the secret key bit equals ‘1’. Therefore, execution time is dependent not only on the message (all calculations containing M) but also on the secret key.

Mathematically speaking, Time = f(Key, Message).

The threat of the timing attack is that if an attacker is given a series of messages and their corresponding encryption times he may be able to derive the secret key. We will see that armed only with these encryption times and the capability to accurately time the modular exponentiation algorithm at the bit level, an attacker can indeed recover the key. The figure below illustrates what the attacker needs to know.

Message Encryption Times

0 20 40 60 80 100

T e nc ( M n)

T e nc ( M 3 )

T e nc ( M 2 )

T e nc ( M 1)

Tim e to encrypt

Tenc(Mi) = Time to encrypt/decrypt Message #i Figure 1.

Aggregating all the message times produces a distribution that is measurable by a standard deviation. If encryption times for the messages are relatively similar, the standard deviation will be smaller than if the encryption times are relatively disparate. Figure 2 illustrates a typical distribution profile.

Time

Messages

Figure 2. Example timing distribution for a set of messages

The vulnerability exploited by the timing attack is that processing times for modular exponentiations vary and that this time variance is partly dependent on the content of the secret key. Carefully measuring message encryption/decryption times can leak the content of the key to a determined attacker.

  1. THE ATTACK

The attack begins with the attacker going after the first bit of the key. This paper will assume a right to left attack so the first bit will be the least significant bit of the key. The attacker will take two sets of measurements: one set will measure how much time each message takes to encrypt a single bit key of ‘0’ and the other set will measure how much time each message takes to encrypt a single bit key of ‘1’. These two timing sets are then subtracted from the known total encryption times to produce two distinct distributions. One distribution reflects the total time minus the time for the ‘0’ single bit key, the other distribution reflects the total time minus the time for the ‘1’ single bit key. For reasons to be explained shortly, the distribution having the smallest standard deviation is most likely to be the accurate value for the key.

The attack proceeds to the second bit. Given the first bit guess (assume the guess is ‘1’), another set of 0/1 bit times are calculated to guess the second bit. These times are added to the time for the previous guess of two timings: one timing for “01” and another timing for “11” (remember we are proceeding right to left). These 2-bit distributions are subtracted from the known total encryption times. Again the two distributions are examined: one distribution is the total time minus the “01” value for the first two bits and the other distribution is the total time minus the “11” value for the first two bits. The distribution with the smallest standard deviation is chosen as the most likely candidate for the first two bits.

To develop a perfect timing environment I had to write my own modular exponentiation routine to perform the encryptions. This routine would have to return identical timing characteristics no matter how many times that attack was run. Here are the design assumptions for my “Perfect Timing” environment:

The unit of time measurement is the Time Slot A Bit Shift costs 1 Time Slot Addition costs 1 Time Slot Multiplication costs 1 Time Slot The modulo operation cost 1 Time Slot

Here is the pseudo code for my modular exponentiation routines.

Algorithm 2. Modular exponentiation with perfect timing

int MyModExp( Key, Message, Modulus) { TimeSlots = 0; z = 1;

for (each bit of the key ) { if( the key bit value = ‘1’ ) { determine time for modular multiplication routine MultTime = MyMult (z, Message)

Add t ime for multiplication and modulation routine to Timeslots TimeSlots += MultTime + 1; } Message = Message * Message % Modulus; increase time for above multiplication and mod operations TimeSlots += 2 } return TimeSlots }

int MyMult ( Mult1, Mult2) { answer = 0 MultTime = 0; while (Mult1 != 0) { if (Mult1 & 1 )

answer += Mult1; increase time for above addition MultTime++ } Mult2 = Mult2<< 1; Mult1 = Mult12 >> 1; increase time for above shifts MultTime += 2; } return MultTime; }

What results is a predictable timing mechanism for exponential modulation in the unit of Time Slots.

6. THE “PERFECT TIMING” ATTACK

The classical timing attack as explained by Paul Kocher in 1995 attacks the key one bit at a time as explained in Section 3. However, the attack can be made in any increments of 2n^ bits (2,4,8,16…). The cost of higher bit groupings is that more tests have to be made in each of the attack’s iterations and that recovering from an incorrect guess is more computationally intensive. This phenomenon is more fully explained in Section 10. However, to more efficiently explain the attack with significant key lengths, hex values (4-bits) are used as the increment value.

Here are the results for a 10,000 message run (each message 16 bits long) using perfect timing with a 16 bit key of “859A” and testing one hex character (4-bits) at a time. The results are presented as a pair of numbers. The left most value is the hex value of the bit pattern and the right most value is the standard deviation (in decimal) of the distribution after the time for the bit pattern has been subtracted from the total encryption time.

Iteration 1 : Test all combinations for the least significant hex character and compares standard deviations

a 9. e 10. b 10. 8 10. 2 10. f 10. c 10. 6 10. 9 11. 3 11. d 11. 7 11. 4 11. 0 11. 5 12. 1 12.

‘A’ or “1010” has the lowest standard deviation so guess that the least significant hex character of the secret key is ‘A’.

Iteration 2 : Assuming ‘A’ as the first hex character, tests all combinations for the second hex character and compare standard deviations.

9 7. d 7. b 7. 8 8. 1 8. f 8. c 8. 5 8. a 8. 3 8. e 9. 7 9. 0 9. 4 9. 2 9. 6 10.

‘9’ or “1001” has the lowest standard deviation so guess that the second hex character of the secret key is ‘9’.

Iteration 3 : Assuming ‘9A’ as the first two hex character, tests all combinations for the third hex character and compare standard deviations.

5 3. d 5. 7 5. 1 5. 4 5. 9 6. 3 6. 6 6. c 6. f 6. 0 7. b 7.

2 7. e 7. 8 7. a 8.

‘5’ or “0101” has the lowest standard

deviation so guess that the third hex

character of the secret key is ‘5’.

Iteration 4 : Assuming ‘59A’ as the first three hex character, tests all combinations for the fourth hex character and compare standard deviations.

8 0. 9 3. 0 3. a 3. c 3. 4 5. 2 5. 1 5. d 5. b 5. e 5. 5 6. 6 6. 3 6. f 7. 7 7.

‘8 or “1000” has the lowest standard

deviation so guess that the fourth hex

character is ‘8’.

A sixteen bit key has 2^16 or 65,536 possible key combinations. This timing attack determined the key on a single run with no mistakes!! This type of result caught the attention of the leaders of the cryptographic world. It was quickly accepted that this timing attack was indeed a serious side- channel vulnerability.

7. THE “REAL WORLD”

ENVIRONMENT

To do the testing I used the Multiprocessing Integer and Rational Arithmetic C/C++ Library (MIRACL) from Shamus Software to perform the exponential modulations. MIRACL uses a data type called a BIG that can be an arbitrarily large number (5,000 bit numbers are used regularly in the demonstration programs). The BIG data

generally follow the baseline path. The baseline slope is used to compare the results of an actual attack to help indicate when an incorrect guess is driving the attack down a wrong path.

9. ACTIVATE THE ATTACK AGAINST

THE ESTABLISHED BASELINE

With the baseline slope as a guide an attacker can determine when an incorrect guesses is leading the attack in the wrong direction. Figure 5 below shows the results of an actual attack. The 32-bit, hex key used was “AF90BFC6”. The first four rounds of the attack correctly guessed the actual values of the key. The attack works right to left so the hex values ‘6’, ‘C’, ‘F’, and ‘B’ were correctly guessed. The reader will notice how the slopes of the standard deviations for the first four rounds generally follow the slopes for the baseline.

Actual Real World Attack

50

75

100

125

150

175

200

225

Start

1 2 3 4 5 6 7 8

Round #

Standard Deviation Baseline Incorrect Correct

Figure 5.

At the fifth round the standard deviation values presented to the attack were as follows:

f 181. b 185. 7 186. 9 188. d 188. 5 189. 3 190. 8 190. a 90. c 191. 4 192.

6 193. e 194. 1 194. 2 195. 0 198.

The actual correct hex value for the fifth round is ‘0’. So, all fifteen previous hex values had to be tested and rejected before reaching the correct value. All the previously fifteen values eventually led the standard deviation slopes away from the baseline slope, so the attacker could assume that these guesses were incorrect. The attack had to backtrack back to the fourth round and test the ‘0’ hex value to eventually derive the correct key values for hex values 5 through 8. Notice that correct key path for round 5 shows an anomaly in the slope progression. This anomaly occurs because the key value is ‘0‘ which means that the exponential modulation will be performed with an exponent of 0. This operation will occur in practically no time by the cryptographic routine and therefore there will be little change in the overall standard deviation. But after round 5 the standard deviation slope again closely tracks the baseline slope for the hex values ‘9’, ‘F’, and ‘A’.

10. RECOVERING FROM AN

INCORRECT GUESS

Paul Kocher’s experiments with computer- based timings predict that an attack should correctly guess the partial key approximately 84% of the time. These results generally agreed with my findings. This also means, unfortunately, that 16% of the time the attack will guess incorrectly and the attack must recover from this incorrect guess.

Assuming the attack is using bit value increments instead of hex value increments, the formula for determining how many tests will be necessary to recover from an incorrect guess is:

2 #Realization Rounds + 1^ – 1

A

where #Realization Rounds = number of rounds before the mistake is realized.

The number of rounds needed to recover from an incorrect guess includes all the tests necessary to return to the point in the attack where the incorrect guess was made. The attack has to explore all the combinations possible for #Realization Rounds from the mistake point. This becomes a well- understood discrete mathematics problem for determining the number of nodes in a binary tree. The formula for the number of nodes (tests) is 2n+1^ –1 where n is the height of the binary tree. This formula directly applies to the results of the timing attack.

12. ATTACK RESULTS

More mistakes (wrong guesses) are likely to be made during the early part of the attack than during the later stages of the attack. This occurs because the percentage drop in the standard deviations is larger as the attack nears the end of the process. Additionally, if an incorrect guess is made, the mistake most often occurs when the correct key bit value is a ‘0’. Zero values have little affect on decreasing the standard deviation slope and are more likely than a one to be guessed as driving the standard deviation slope away from the baseline path.

The efficiency of the timing attack using binary increments can be summarized as follows:

Number of bits in the key = N

#Realization Rounds = R

Probability of a correct choice = 85 %

Probability of an incorrect choice = 15%

Number of iterations needed to recover from an incorrect choice = 2R+1^ – 1

Total iterations spent recovering from incorrect choices = 0.15 N( 2R+1^ – 1)

Average # of tests for attack = N + 0.15 N (2R+1^ – 1)

It was also discovered that as the length of the bit pattern tested per iteration grows, the efficiency of the attack degrades exponentially. For instance if hex values are used the attack will take on the order of 16^5 or 1,000,000 tests to recover from each incorrect guess instead of 2^5 or 32 tests for binary values. # Tests to Recover from an Incorrect Guess

1

10

100

1000

10000

100000

1 2 3 4 Bit Increments at each iteration

Log scale for # of tests

Figure 6

Bottom line; the attack should use as small a key increment as possible for the timing attack. Many commercial cryptographic routines will use two or even four bit increments for their modular exponentiation routines, these larger increments will be more difficult to crack than routines that use smaller bit increments.

The complexity of the attack is proportional to the length of the key. This fact makes the attack a serious threat. When using a brute force attack, key combinations increases exponentially with the length of the key. The timing attack transforms the key search to a search with a proportional relationship with the key length. This reduction puts the attack into the realm of the possible given the computing power available to attackers today.

be enjoyed, security vulnerabilities will always be a part our lives.

REFERENCES

  1. Paul C. Kocher, "Cryptanalysis of Diffie- Hellman, RSA, DSS, and Other Systems Using Timing Attacks," extended abstract, December 1995.
  2. J. Markoff, "Secure digital transactions just got a little less secure," New York Times, December 11, 1995.
  3. B. Kaliski, "Timing Attacks on Cryptosystems," RSA Laboratories' Bulletin, no 2, January 23, 1996.
  4. Paul C. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," Proc. CRYPTO'96, pp. 104-113.
  5. RSAREF library, available via ftp from ftp://ftp.rsa.com. 6)Handbook of Applied Cryptography , Menezes, Oorschat, Vanstone
  6. Cryptography and Network Security, Stallings
  7. “A Practical Implementation of the Timing Attack”, Dehm, Koeune, Leroux, Mestre,Quisquater, Willems. UCL Crypto Group
  8. “A Timing Attack Against Rinjdael”, Koeune, Quisquater. UCL Crypto Group
  9. “Fast Modular Reduction with Precomputation”, Chae Loon Him, Hyo Sun Hwang
  10. GSL Reference Manual, version 1.0. 1 November 2001 “Careful Design and Integration of Cryptographic Primitives”, Koeune, UCL Crypto Group
  11. “Timing Attack: What Can be Achieved by a Powerful Adversary?”, Hachez, Koeune
  12. M.I.R.A.C.L. Users Manual, Shamus Software Ltd.