TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

Tutkimustuotosvertaisarvioitu

Yksityiskohdat

AlkuperäiskieliEnglanti
OtsikkoACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference
JulkaisupaikkaNew York
KustantajaACM
Sivut147-160
Sivumäärä14
ISBN (elektroninen)978-1-4503-6569-7
DOI - pysyväislinkit
TilaJulkaistu - 3 joulukuuta 2018
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaAnnual Computer Security Applications Conference -
Kesto: 3 joulukuuta 20187 joulukuuta 2018

Conference

ConferenceAnnual Computer Security Applications Conference
Ajanjakso3/12/187/12/18

Tiivistelmä

SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. We perform a security review of this implementation, uncovering various deficiencies ranging from traditional software quality issues to side-channel risks. To assess the latter, we carry out a side-channel security evaluation and discover that the implementation hits every pitfall seen for OpenSSL's ECDSA code in the past decade. We carry out remote timings, cache timings, and EM analysis, with accompanying empirical data to demonstrate secret information leakage during execution of both digital signature generation and public key decryption. Finally, we propose, implement, and empirically evaluate countermeasures.

Julkaisufoorumi-taso

Latausten tilastot

Ei tietoja saatavilla