- Webinar |
- Netherlands 2024 |
- USA 2024 |
- Netherlands 2023 |
- USA 2023 |
- Netherlands 2022 |
- USA 2022 |
- Netherlands 2021 |
- USA 2021 |
- Germany 2021 |
- Berlin 2021 |
- Netherlands 2020 |
- Virtual Con 2020 |
- Berlin 2020 |
- Netherlands 2019 |
- USA 2019 |
- Berlin 2019 |
- Netherlands 2018 |
- Berlin 2018 |
- Netherlands 2017 |
- Netherlands 2016 |
- Netherlands 2015
Sarani Bhattacharya
PhD student, SEAL, IIT Kharagpur
Talk Title
To Guess Wrong is Expensive: A Deduce & Remove Attack on Blinded Scalar Multiplication with Asynchronous perf-ioctl Calls
Talk Abstract
In recent years, performance counters have been used as a side channel source for the branch mispredictions which has been used to attack ciphers with user privileges. However, existing research considers blinding techniques, like scalar blinding, scalar splitting as a mechanism of thwarting such attacks. In this endeavor, we reverse engineer the undisclosed model of Intel's Broadwell and Sandybridge branch predictor and further utilize the largely unexplored 'perf ioctl' calls in sampling mode to granularly monitor the branch prediction events asynchronously when a victim cipher is executing. With these artifacts in place, we target scalar blinding and splitting countermeasures to develop a key retrieval process using what is called as Deduce & Remove. The Deduce step uses template based on the number of branch misses as expected from the 3-bit model of the BPU to infer the matched candidate values. In the Remove step, we correct any erroneous conclusions that are made, by using the properties of the blinding technique under attack. It may be emphasized that as in iterated attacks the cost of a mistaken deduction could be significant, the blinding techniques actually aids in removing wrong guesses and in a way auto-corrects the key retrieval process. Finally, detailed experimental results have been provided to illustrate all the above steps for point blinding, scalar blinding, and scalar splitting to show that the secret scalar can be correctly recovered with high confidence. The talk concludes with recommendation on some suitable countermeasure at the algorithm level to thwart such attacks.
Bio
Sarani Bhattacharya received the BTech degree from the West Bengal University of Technology and MTech degree in Computer Science and Engineering from Indian Institute of Technology Kharagpur. She is persuing the PhD degree in computer science and engineering from Indian Institute of Technology Kharagpur. Her Ph.D research is titled as Micro-architectural attacks and countermeasures of cryptographic primitives and she works on the vulnerability analysis of branch predictor hardware. She is currently doing her research internship in PACE Labs, NTU Singapore.