PhD student, SEAL, IIT Kharagpur
To Guess Wrong is Expensive: A Deduce & Remove Attack on Blinded Scalar Multiplication with Asynchronous perf-ioctl Calls
In recent years, performance counters have been used as a side channel source for the branch mispredictions which has been used to attack ciphers with user privileges. However, existing research considers blinding techniques, like scalar blinding, scalar splitting as a mechanism of thwarting such attacks. In this endeavor, we reverse engineer the undisclosed model of Intel's Broadwell and Sandybridge branch predictor and further utilize the largely unexplored 'perf ioctl' calls in sampling mode to granularly monitor the branch prediction events asynchronously when a victim cipher is executing. With these artifacts in place, we target scalar blinding and splitting countermeasures to develop a key retrieval process using what is called as Deduce & Remove. The Deduce step uses template based on the number of branch misses as expected from the 3-bit model of the BPU to infer the matched candidate values. In the Remove step, we correct any erroneous conclusions that are made, by using the properties of the blinding technique under attack. It may be emphasized that as in iterated attacks the cost of a mistaken deduction could be significant, the blinding techniques actually aids in removing wrong guesses and in a way auto-corrects the key retrieval process. Finally, detailed experimental results have been provided to illustrate all the above steps for point blinding, scalar blinding, and scalar splitting to show that the secret scalar can be correctly recovered with high confidence. The talk concludes with recommendation on some suitable countermeasure at the algorithm level to thwart such attacks.
Sarani Bhattacharya received the BTech degree from the West Bengal University of Technology and MTech degree in Computer Science and Engineering from Indian Institute of Technology Kharagpur. She is persuing the PhD degree in computer science and engineering from Indian Institute of Technology Kharagpur. Her Ph.D research is titled as Micro-architectural attacks and countermeasures of cryptographic primitives and she works on the vulnerability analysis of branch predictor hardware. She is currently doing her research internship in PACE Labs, NTU Singapore.