Workload Characterization of a Lightweight SSL Implementation Resistant to Side-Channel Attacks

Authors:
Manuel Koschuch;Johann Großschädl;Udo Payer;Matthias Hudler;Michael Krüger
Affiliations:
FH Campus Wien --- University of Applied Sciences, Vienna, Austria A---1100;Department of Computer Science, University of Bristol, Bristol, United Kingdom BS8 1UB;Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Graz, Austria A---8010;FH Campus Wien --- University of Applied Sciences, Vienna, Austria A---1100;FH Campus Wien --- University of Applied Sciences, Vienna, Austria A---1100
Venue:
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Year:
2008

Citing 24
Cited 2

Montgomery Multiplication in GF(2^k

Designs, Codes and Cryptography
Elliptic curves in cryptography

Elliptic curves in cryptography
Performance analysis of elliptic curve cryptography for SSL

WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
Generic implementations of elliptic curve cryptography using partial reduction

Proceedings of the 9th ACM conference on Computer and communications security
Distinguishing Exponent Digits by Observing Modular Subtractions

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
High-Speed Software Multiplication in F2m

INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
Securing Elliptic Curve Point Multiplication against Side-Channel Attacks

ISC '01 Proceedings of the 4th International Conference on Information Security
A Second-Order DPA Attack Breaks a Window-Method Based Countermeasure against Side Channel Attacks

ISC '02 Proceedings of the 5th International Conference on Information Security
A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Guide to Elliptic Curve Cryptography

Guide to Elliptic Curve Cryptography
Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity

IEEE Transactions on Computers
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)

Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
Improving Brumley and Boneh timing attack on unprotected SSL implementations

Proceedings of the 12th ACM conference on Computer and communications security
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)

Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Remote timing attacks are practical

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Anatomy and Performance of SSL Processing

ISPASS '05 Proceedings of the IEEE International Symposium on Performance Analysis of Systems and Software, 2005
Network security: private communication in a public world, second edition

Network security: private communication in a public world, second edition
Highly Regular Right-to-Left Algorithms for Scalar Multiplication

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Unified point addition formulæ and side-channel attacks

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Cache attacks and countermeasures: the case of AES

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology

Programmable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Hardware/Software co-design of public-key cryptography for SSL protocol execution in embedded systems

ICICS'09 Proceedings of the 11th international conference on Information and Communications Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Ever-growing mobility and ubiquitous wireless Internet access raise the need for secure communication with devices that may be severely constrained in terms of processing power, memory capacity and network speed. In this paper we describe a lightweight implementation of the Secure Sockets Layer (SSL) protocol with a focus on small code size and low memory usage. We integrated a generic public-key crypto library into this SSL stack to support elliptic curve cryptography over arbitrary prime and binary fields. Furthermore, we aimed to secure the SSL handshake against side-channel attacks (in particular simple power analysis) by eliminating all data-dependent or key-dependent branches and memory accesses from the arithmetic operations and compare the resulting performance with an unprotected implementation. Our lightweight SSL stack has only 6% of the code size and RAM requirements of OpenSSL, but outperforms it in point multiplication over prime fields when no appropriate countermeasures against side-channel attacks are implemented. With such countermeasures, however, the execution time of a typical SSL handshake increases by roughly 50%, but still completes in less than 160 msec on a 200 MHz iPAQ PDA when using an elliptic curve over a 192-bit prime field.