Déjà Vu: Side-Channel Analysis of Mozilla's NSS

Sohaib Ul Hassan, Iaroslav Gridin, Ignacio M. Delgado-Lozano, Cesar Pereida García, Jesús Javier Chi-Domínguez, Alejandro Cabrera Aldaya, Billy Bob Brumley

Tutkimustuotos: KonferenssiartikkeliScientificvertaisarvioitu

57 Lataukset (Pure)

Abstrakti

Recent work on Side Channel Analysis (SCA) targets old, well-known vulnerabilities, even previously exploited, reported, and patched in high-profile cryptography libraries. Nevertheless, researchers continue to find and exploit the same vulnerabilities in old and new products, highlighting a big issue among vendors: effectively tracking and fixing security vulnerabilities when disclosure is not done directly to them. In this work, we present another instance of this issue by performing the first library-wide SCA security evaluation of Mozilla's NSS security library. We use a combination of two independently-developed SCA security frameworks to identify and test security vulnerabilities. Our evaluation uncovers several new vulnerabilities in NSS affecting DSA, ECDSA, and RSA cryptosystems. We exploit said vulnerabilities and implement key recovery attacks using signals - -extracted through different techniques such as timing, microarchitecture, and EM - -and improved lattice methods.

AlkuperäiskieliEnglanti
OtsikkoCCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
KustantajaACM
Sivut1887-1902
Sivumäärä16
ISBN (elektroninen)9781450370899
DOI - pysyväislinkit
TilaJulkaistu - 30 lokak. 2020
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaACM SIGSAC Conference on Computer and Communications Security -
Kesto: 9 marrask. 202013 marrask. 2020

Julkaisusarja

NimiProceedings of the ACM Conference on Computer and Communications Security
ISSN (painettu)1543-7221

Conference

ConferenceACM SIGSAC Conference on Computer and Communications Security
Ajanjakso9/11/2013/11/20

Julkaisufoorumi-taso

  • Jufo-taso 2

!!ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Sormenjälki

Sukella tutkimusaiheisiin 'Déjà Vu: Side-Channel Analysis of Mozilla's NSS'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä