Practical realisation and elimination of an ECC-related software bug attack

Billy Brumley; Manuel Barbosa; Dan Page; Frederik Vercauteren

doi:10.1007/978-3-642-27954-6_11

Practical realisation and elimination of an ECC-related software bug attack

Billy Brumley, Manuel Barbosa, Dan Page, Frederik Vercauteren

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

21 Citations (Scopus)

Abstract

We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality. The attack, although more general, can recover the entire (static) private key from an associated SSL server via 633 adaptive queries when the NIST curve P-256 is used. One can view it as a software-oriented analogue of the bug attack concept due to Biham et al. and, consequently, as the first bug attack to be successfully applied against a real-world system. In addition to the attack and a posteriori countermeasures, we show that formal verification, while rarely used at present, is a viable means of detecting the features which the attack hinges on. Based on the security implications of the attack and the extra justification posed by the possibility of intentionally incorrect implementations in collaborative software development, we conclude that applying and extending the coverage of formal verification to augment existing test strategies for OpenSSL-like software should be deemed a worthwhile, long-term challenge.

Original language	English
Title of host publication	Topics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings
Pages	171-186
Number of pages	16
Volume	7178 LNCS
DOIs	https://doi.org/10.1007/978-3-642-27954-6_11
Publication status	Published - 2012
Publication type	A4 Article in conference proceedings
Event	12th Cryptographers' Track at the RSA Conference, CT-RSA 2012 - San Francisco, CA, United States Duration: 27 Feb 2012 → 2 Mar 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7178 LNCS
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Conference

Conference	12th Cryptographers' Track at the RSA Conference, CT-RSA 2012
Country/Territory	United States
City	San Francisco, CA
Period	27/02/12 → 2/03/12

Keywords

bug attack
Elliptic curve
fault attack
NIST
OpenSSL

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-642-27954-6_11

Cite this

Brumley, B., Barbosa, M., Page, D., & Vercauteren, F. (2012). Practical realisation and elimination of an ECC-related software bug attack. In Topics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings (Vol. 7178 LNCS, pp. 171-186). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7178 LNCS). https://doi.org/10.1007/978-3-642-27954-6_11

Brumley, Billy ; Barbosa, Manuel ; Page, Dan et al. / Practical realisation and elimination of an ECC-related software bug attack. Topics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings. Vol. 7178 LNCS 2012. pp. 171-186 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{12a70e340ff5465c9e8a33be1125bf1f,

title = "Practical realisation and elimination of an ECC-related software bug attack",

abstract = "We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality. The attack, although more general, can recover the entire (static) private key from an associated SSL server via 633 adaptive queries when the NIST curve P-256 is used. One can view it as a software-oriented analogue of the bug attack concept due to Biham et al. and, consequently, as the first bug attack to be successfully applied against a real-world system. In addition to the attack and a posteriori countermeasures, we show that formal verification, while rarely used at present, is a viable means of detecting the features which the attack hinges on. Based on the security implications of the attack and the extra justification posed by the possibility of intentionally incorrect implementations in collaborative software development, we conclude that applying and extending the coverage of formal verification to augment existing test strategies for OpenSSL-like software should be deemed a worthwhile, long-term challenge.",

keywords = "bug attack, Elliptic curve, fault attack, NIST, OpenSSL",

author = "Billy Brumley and Manuel Barbosa and Dan Page and Frederik Vercauteren",

year = "2012",

doi = "10.1007/978-3-642-27954-6_11",

language = "English",

isbn = "9783642279539",

volume = "7178 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "171--186",

booktitle = "Topics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings",

note = "12th Cryptographers' Track at the RSA Conference, CT-RSA 2012 ; Conference date: 27-02-2012 Through 02-03-2012",

}

Brumley, B, Barbosa, M, Page, D & Vercauteren, F 2012, Practical realisation and elimination of an ECC-related software bug attack. in Topics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings. vol. 7178 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7178 LNCS, pp. 171-186, 12th Cryptographers' Track at the RSA Conference, CT-RSA 2012, San Francisco, CA, United States, 27/02/12. https://doi.org/10.1007/978-3-642-27954-6_11

Practical realisation and elimination of an ECC-related software bug attack. / Brumley, Billy; Barbosa, Manuel; Page, Dan et al.

Topics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings. Vol. 7178 LNCS 2012. p. 171-186 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7178 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Practical realisation and elimination of an ECC-related software bug attack

AU - Brumley, Billy

AU - Barbosa, Manuel

AU - Page, Dan

AU - Vercauteren, Frederik

PY - 2012

Y1 - 2012

N2 - We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality. The attack, although more general, can recover the entire (static) private key from an associated SSL server via 633 adaptive queries when the NIST curve P-256 is used. One can view it as a software-oriented analogue of the bug attack concept due to Biham et al. and, consequently, as the first bug attack to be successfully applied against a real-world system. In addition to the attack and a posteriori countermeasures, we show that formal verification, while rarely used at present, is a viable means of detecting the features which the attack hinges on. Based on the security implications of the attack and the extra justification posed by the possibility of intentionally incorrect implementations in collaborative software development, we conclude that applying and extending the coverage of formal verification to augment existing test strategies for OpenSSL-like software should be deemed a worthwhile, long-term challenge.

AB - We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality. The attack, although more general, can recover the entire (static) private key from an associated SSL server via 633 adaptive queries when the NIST curve P-256 is used. One can view it as a software-oriented analogue of the bug attack concept due to Biham et al. and, consequently, as the first bug attack to be successfully applied against a real-world system. In addition to the attack and a posteriori countermeasures, we show that formal verification, while rarely used at present, is a viable means of detecting the features which the attack hinges on. Based on the security implications of the attack and the extra justification posed by the possibility of intentionally incorrect implementations in collaborative software development, we conclude that applying and extending the coverage of formal verification to augment existing test strategies for OpenSSL-like software should be deemed a worthwhile, long-term challenge.

KW - bug attack

KW - Elliptic curve

KW - fault attack

KW - NIST

KW - OpenSSL

UR - http://www.scopus.com/inward/record.url?scp=84857727360&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-27954-6_11

DO - 10.1007/978-3-642-27954-6_11

M3 - Conference contribution

AN - SCOPUS:84857727360

SN - 9783642279539

VL - 7178 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 171

EP - 186

BT - Topics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings

T2 - 12th Cryptographers' Track at the RSA Conference, CT-RSA 2012

Y2 - 27 February 2012 through 2 March 2012

ER -

Brumley B, Barbosa M, Page D, Vercauteren F. Practical realisation and elimination of an ECC-related software bug attack. In Topics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings. Vol. 7178 LNCS. 2012. p. 171-186. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-27954-6_11

Practical realisation and elimination of an ECC-related software bug attack

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this