Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

Nicola Tuveri; Sohaib ul Hassan; Cesar Pereida Garcia; Billy Brumley

doi:10.1145/3274694.3274725

Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

Nicola Tuveri
, Sohaib ul Hassan
, Cesar Pereida Garcia
, Billy Brumley

Tutkimustuotos: Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

18 Sitaatiot (Scopus)

137 Lataukset (Pure)

Abstrakti

SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. We perform a security review of this implementation, uncovering various deficiencies ranging from traditional software quality issues to side-channel risks. To assess the latter, we carry out a side-channel security evaluation and discover that the implementation hits every pitfall seen for OpenSSL's ECDSA code in the past decade. We carry out remote timings, cache timings, and EM analysis, with accompanying empirical data to demonstrate secret information leakage during execution of both digital signature generation and public key decryption. Finally, we propose, implement, and empirically evaluate countermeasures.

Alkuperäiskieli	Englanti
Otsikko	ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference
Julkaisupaikka	New York
Kustantaja	ACM
Sivut	147-160
Sivumäärä	14
ISBN (elektroninen)	978-1-4503-6569-7
DOI - pysyväislinkit	https://doi.org/10.1145/3274694.3274725
Tila	Julkaistu - 3 jouluk. 2018
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	Annual Computer Security Applications Conference - Kesto: 3 jouluk. 2018 → 7 jouluk. 2018

Conference

Conference	Annual Computer Security Applications Conference
Ajanjakso	3/12/18 → 7/12/18

Julkaisufoorumi-taso

Jufo-taso 1

Pääsy asiakirjaan

10.1145/3274694.3274725Lisenssi: CC BY

Self-archived versionFinal published version, 5,01 MBLisenssi: CC BY

Electromagnetic (EM) side-channel traces of elliptic curve point multiplication during SM2 decryption in OpenSSL
Tuveri, N. (Creator), Sohaib ul Hassan, N. (Creator), Pereida Garcia, C. (Creator) & Brumley, B. (Creator), Zenodo, 3 jouluk. 2018
DOI - pysyväislinkki: 10.5281/zenodo.1436828
Tietoaineisto: Dataset

COST Action (Ulkoinen yksikkö)
Brumley, B. (Member)
12 jouluk. 2014 → 11 jouluk. 2018
Aktiviteetti: Jäsenyys seurassa tai verkostossa

Siteeraa tätä

@inproceedings{c5daf7f9d7684daf9e7b0ea78f0b6475,

title = "Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study",

abstract = "SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. We perform a security review of this implementation, uncovering various deficiencies ranging from traditional software quality issues to side-channel risks. To assess the latter, we carry out a side-channel security evaluation and discover that the implementation hits every pitfall seen for OpenSSL's ECDSA code in the past decade. We carry out remote timings, cache timings, and EM analysis, with accompanying empirical data to demonstrate secret information leakage during execution of both digital signature generation and public key decryption. Finally, we propose, implement, and empirically evaluate countermeasures.",

author = "Nicola Tuveri and \{ul Hassan\}, Sohaib and \{Pereida Garcia\}, Cesar and Billy Brumley",

year = "2018",

month = dec,

day = "3",

doi = "10.1145/3274694.3274725",

language = "English",

pages = "147--160",

booktitle = "ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference",

publisher = "ACM",

address = "United States",

note = "Annual Computer Security Applications Conference ; Conference date: 03-12-2018 Through 07-12-2018",

}

TY - GEN

T1 - Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

AU - Tuveri, Nicola

AU - ul Hassan, Sohaib

AU - Pereida Garcia, Cesar

AU - Brumley, Billy

PY - 2018/12/3

Y1 - 2018/12/3

N2 - SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. We perform a security review of this implementation, uncovering various deficiencies ranging from traditional software quality issues to side-channel risks. To assess the latter, we carry out a side-channel security evaluation and discover that the implementation hits every pitfall seen for OpenSSL's ECDSA code in the past decade. We carry out remote timings, cache timings, and EM analysis, with accompanying empirical data to demonstrate secret information leakage during execution of both digital signature generation and public key decryption. Finally, we propose, implement, and empirically evaluate countermeasures.

AB - SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. We perform a security review of this implementation, uncovering various deficiencies ranging from traditional software quality issues to side-channel risks. To assess the latter, we carry out a side-channel security evaluation and discover that the implementation hits every pitfall seen for OpenSSL's ECDSA code in the past decade. We carry out remote timings, cache timings, and EM analysis, with accompanying empirical data to demonstrate secret information leakage during execution of both digital signature generation and public key decryption. Finally, we propose, implement, and empirically evaluate countermeasures.

U2 - 10.1145/3274694.3274725

DO - 10.1145/3274694.3274725

M3 - Conference contribution

SP - 147

EP - 160

BT - ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference

PB - ACM

CY - New York

T2 - Annual Computer Security Applications Conference

Y2 - 3 December 2018 through 7 December 2018

ER -

Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

Abstrakti

Conference

Julkaisufoorumi-taso

Pääsy asiakirjaan

Sormenjälki

Tietoaineistot

Electromagnetic (EM) side-channel traces of elliptic curve point multiplication during SM2 decryption in OpenSSL

Aktiviteetit

COST Action (Ulkoinen yksikkö)

Siteeraa tätä