Practical realisation and elimination of an ECC-Related software bug attack

Authors:
Billy B. Brumley;Manuel Barbosa;Dan Page;Frederik Vercauteren
Affiliations:
Department of Information and Computer Science, Aalto University School of Science, Aalto, Finland;HASLab/INESC TEC, Universidade do Minho, Braga, Portugal;Department of Computer Science, University of Bristol, Bristol, UK;Department of Electrical Engineering, Katholieke Universiteit Leuven, Leuven-Heverlee, Belgium
Venue:
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Year:
2012

Citing 10
Cited 1

An axiomatic basis for computer programming

Communications of the ACM
Validation of Elliptic Curve Public Keys

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults

Designs, Codes and Cryptography
Simplify: a theorem prover for program checking

Journal of the ACM (JACM)
Bug Attacks

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Constructive and Destructive Use of Compilers in Elliptic Curve Cryptography

Journal of Cryptology
So long, and no thanks for the externalities: the rational rejection of security advice by users

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
The Why/Krakatoa/Caduceus platform for deductive program verification

CAV'07 Proceedings of the 19th international conference on Computer aided verification
Cryptography in theory and practice: the case of encryption in IPsec

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques

Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality. The attack, although more general, can recover the entire (static) private key from an associated SSL server via 633 adaptive queries when the NIST curve P-256 is used. One can view it as a software-oriented analogue of the bug attack concept due to Biham et al. and, consequently, as the first bug attack to be successfully applied against a real-world system. In addition to the attack and a posteriori countermeasures, we show that formal verification, while rarely used at present, is a viable means of detecting the features which the attack hinges on. Based on the security implications of the attack and the extra justification posed by the possibility of intentionally incorrect implementations in collaborative software development, we conclude that applying and extending the coverage of formal verification to augment existing test strategies for OpenSSL-like software should be deemed a worthwhile, long-term challenge.