Side-channel attacks aim at retrieving cryptographic secrets from a device by exploiting involuntary information channels, such as power consumption or electromagnetic emissions, measured in traces. Among them, Horizontal attacks are particularly powerful as they require only a single measurement of an algorithm execution from the target device. In our work, we propose a horizontal attack technique that autonomously detects intermediate value reuses, and extracts cryptographic secret information without needing to analyze or know the implementation of the cryptographic algorithm being run. Our technique, which only assumes the basic a-priori knowledge that the algorithm computes iteratively using a portion of the cryptographic secret in each iteration, both allows successful attacks, and provides the secure software developers with feedback on the vulnerable spots. We validate our attack through a case study on a square-and-multiply-always RSA implementation using the production grade mbedtls cryptographic library. Experimental results demonstrate that our approach can retrieve the entire secret RSA exponent from a single execution trace.
An Unprofiled Single Trace Side-channel Attack for Asymmetric Cryptosystems
I. Piacentini;A. Barenghi;G. Pelosi;
2025-01-01
Abstract
Side-channel attacks aim at retrieving cryptographic secrets from a device by exploiting involuntary information channels, such as power consumption or electromagnetic emissions, measured in traces. Among them, Horizontal attacks are particularly powerful as they require only a single measurement of an algorithm execution from the target device. In our work, we propose a horizontal attack technique that autonomously detects intermediate value reuses, and extracts cryptographic secret information without needing to analyze or know the implementation of the cryptographic algorithm being run. Our technique, which only assumes the basic a-priori knowledge that the algorithm computes iteratively using a portion of the cryptographic secret in each iteration, both allows successful attacks, and provides the secure software developers with feedback on the vulnerable spots. We validate our attack through a case study on a square-and-multiply-always RSA implementation using the production grade mbedtls cryptographic library. Experimental results demonstrate that our approach can retrieve the entire secret RSA exponent from a single execution trace.| File | Dimensione | Formato | |
|---|---|---|---|
|
main.pdf
accesso aperto
:
Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione
1.65 MB
Formato
Adobe PDF
|
1.65 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
