This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage. The methodology works by identifying secret dependent memory and introducing forced evictions inside potentially vulnerable code to obtain cache traces that are analyzed using Mutual Information. If dependence is observed, the cryptographic implementation is classified as to leak information. We demonstrate the viability of our technique in the design of the three main cryptographic primitives, i.e., AES, RSA and ECC, in eight popular up to date cryptographic libraries, including OpenSSL, Libgcrypt, Intel IPP and NSS. Our results show that cryptographic code designers are far away from incorporating the appropriate countermeasures to avoid cache leakages, as we found that 50% of the default implementations analyzed leaked information that lead to key extraction. We responsibly notified the designers of all the leakages found and suggested patches to solve these vulnerabilities.
|Number of pages||15|
|Publication status||Published - 09.2017|