DATA - Differential address trace analysis: Finding address-based side-channels in binaries

Samuel Weiser, Andreas Zankl, Raphael Spreitzer, Katja Miller, Stefan Mangard, Georg Sigl

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

46 Scopus citations

Abstract

Cryptographic implementations are a valuable target for address-based side-channel attacks and should, thus, be protected against them. Countermeasures, however, are often incorrectly deployed or completely omitted in practice. Moreover, existing tools that identify information leaks in programs either suffer from imprecise abstraction or only cover a subset of possible leaks. We systematically address these limitations and propose a new methodology to test software for information leaks. In this work, we present DATA, a differential address trace analysis framework that detects address-based side-channel leaks in program binaries. This accounts for attacks exploiting caches, DRAM, branch prediction, controlled channels, and likewise. DATA works in three phases. First, the program under test is executed to record several address traces. These traces are analyzed using a novel algorithm that dynamically re-aligns traces to increase detection accuracy. Second, a generic leakage test filters differences caused by statistically independent program behavior, e.g., randomization, and reveals true information leaks. The third phase classifies these leaks according to the information that can be obtained from them. This provides further insight to security analysts about the risk they pose in practice. We use DATA to analyze OpenSSL and PyCrypto in a fully automated way. Among several expected leaks in symmetric ciphers, DATA also reveals known and previously unknown leaks in asymmetric primitives (RSA, DSA, ECDSA), and DATA identifies erroneous bug fixes of supposedly fixed constant-time vulnerabilities.

Original languageEnglish
Title of host publicationProceedings of the 27th USENIX Security Symposium
PublisherUSENIX Association
Pages603-620
Number of pages18
ISBN (Electronic)9781939133045
StatePublished - 2018
Event27th USENIX Security Symposium - Baltimore, United States
Duration: 15 Aug 201817 Aug 2018

Publication series

NameProceedings of the 27th USENIX Security Symposium

Conference

Conference27th USENIX Security Symposium
Country/TerritoryUnited States
CityBaltimore
Period15/08/1817/08/18

Fingerprint

Dive into the research topics of 'DATA - Differential address trace analysis: Finding address-based side-channels in binaries'. Together they form a unique fingerprint.

Cite this