Single Trace Attack Against RSA Key Generation in Intel SGX SSL

Samuel Weiser, Raphael Spreitzer, Lukas Bodner

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem Konferenzband


Microarchitectural side-channel attacks have received significant attention recently. However, while side-channel analyses on secret key operations such as decryption and signature generation are well established, the process of key generation did not receive particular attention so far. Especially due to the fact that microarchitectural attacks usually require multiple observations (more than one measurement trace) to break an implementation, one-time operations such as key generation routines are often considered as uncritical and out of scope. However, this assumption is no longer valid for shielded execution architectures, where sensitive code is executed---in the realm of a potential attacker---inside hardware enclaves. In such a setting, an untrusted operating system can conduct noiseless controlled-channel attacks by exploiting page access patterns.

In this work, we identify a critical vulnerability in the RSA key generation procedure of Intel SGX SSL (and the underlying OpenSSL library) that allows to recover secret keys from observations of a single execution. In particular, we mount a controlled-channel attack on the binary Euclidean algorithm (BEA), which is used for checking the validity of the RSA key parameters generated within an SGX enclave. Thereby, we recover all but 16 bits of one of the two prime factors of the public modulus. For an 8192-bit RSA modulus, we recover the remaining 16 bits and thus the full key in less than 12 seconds on a commodity PC. In light of these results, we urge for careful re-evaluation of cryptographic libraries with respect to single trace attacks, especially if they are intended for shielded execution environments such as Intel SGX.
TitelASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security
Herausgeber (Verlag)Association of Computing Machinery
ISBN (elektronisch)978-1-4503-5576-6
PublikationsstatusVeröffentlicht - 2018
Veranstaltung13th ACM ASIA Conference on Information, Computer and Communications Security - Incheon, Südkorea
Dauer: 4 Jun 20188 Jun 2018


Konferenz13th ACM ASIA Conference on Information, Computer and Communications Security
KurztitelACM ASIACCS 2018


Untersuchen Sie die Forschungsthemen von „Single Trace Attack Against RSA Key Generation in Intel SGX SSL“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren