A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit <a rel="external noopener" href="https://arxiv.org/pdf/1709.01552v1.pdf">the original URL</a>. The file type is <code>application/pdf</code>.
<span class="release-stage" >pre-print</span>
This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage. The methodology works by identifying secret dependent memory and introducing forced evictions inside potentially vulnerable code to obtain cache traces that are analyzed using Mutual Information. If dependence is observed, the cryptographic implementation is<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1709.01552v1">arXiv:1709.01552v1</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/taa6yk3vffdqpibhgzavx2iseq">fatcat:taa6yk3vffdqpibhgzavx2iseq</a> </span>
more »... lassified as to leak information. We demonstrate the viability of our technique in the design of the three main cryptographic primitives, i.e., AES, RSA and ECC, in eight popular up to date cryptographic libraries, including OpenSSL, Libgcrypt, Intel IPP and NSS. Our results show that cryptographic code designers are far away from incorporating the appropriate countermeasures to avoid cache leakages, as we found that 50% of the default implementations analyzed leaked information that lead to key extraction. We responsibly notified the designers of all the leakages found and suggested patches to solve these vulnerabilities.
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200905091444/https://arxiv.org/pdf/1709.01552v1.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/5c/f9/5cf9dc3c6b58191756d2c270077faa40813ff8ca.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1709.01552v1" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>