RegKey: A Register-based Implementation of ECC Signature Algorithms Against One-shot Memory Disclosure
Authors: 
Yu Fu, Jingqiang Lin, Dengguo Feng, Wei Wang, Mingyu Wang, Wenjie WangAuthors Info & Claims
Yu Fu, Jingqiang Lin, Dengguo Feng, Wei Wang, Mingyu Wang, Wenjie WangAuthors Info & ClaimsArticle No.: 97, Pages 1 - 22
Abstract
To ensure the security of cryptographic algorithm implementations, several cryptographic key protection schemes have been proposed to prevent various memory disclosure attacks. Among them, the register-based solutions do not rely on special hardware features and offer better applicability. However, due to the size limitation of register resources, the performance of register-based solutions is much worse than conventional cryptosystem implementations without security enhancements. This paper presents RegKey, an efficient register-based implementation of ECC (elliptic curve cryptography) signature algorithms. Different from other schemes that protect the whole cryptographic operations, RegKey only uses CPU registers to execute simple but critical operations, significantly reducing the usage of register resources and performance overheads. To achieve this goal, RegKey splits the ECC signing into two parts, (1) complex elliptic curve group operations on non-sensitive data in main memory as normal implementations, and (2) simple prime field operations on sensitive data inside CPU registers. RegKey guarantees the plaintext private key and random number used for signing only appear in registers to effectively resist one-shot memory disclosure attacks such as cold-boot attacks and warm-boot attacks, which are usually launched by physically accessing the victim machine to acquire partial or even entire memory data but only once. Compared with existing cryptographic key protection schemes, the performance of RegKey is greatly improved. Regkey is applicable to different platforms because it does not rely on special CPU hardware features. Since RegKey focuses on one-shot memory disclosure instead of persistent software-based attacks, it works as a choice suitable for embedded devices or offline machines where physical attacks are the main threat.
References
[1]
2014. OpenSSL Heartbleed. (2014). Retrieved October 28, 2022 from https://nvd.nist.gov/vuln/detail/CVE-2014-0160.
[2]
2016. Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves Part 2: Digital Signature Algorithm. (2016). Retrieved October 28, 2022 from http://www.gmbz.org.cn/main/bzlb.html.
[3]
Johannes Bauer, Michael Gruhn, and Felix C. Freiling. 2016. Lest we forget: Cold-boot attacks on scrambled DDR3 memory. Digital Investigation 16 (2016), S65–S74.
[4]
Naomi Benger, Joop Van de Pol, Nigel P. Smart, and Yuval Yarom. 2014. “Ooh aah... just a little bit”: A small amount of side channel can go a long way. In Cryptographic Hardware and Embedded Systems–CHES 2014: 16th International Workshop. Springer, 75–92.
[5]
Erik-Oliver Blass and William Robertson. 2012. TRESOR-HUNT: Attacking CPU-bound encryption. In Proceedings of the 28th Annual Computer Security Applications Conference. 71–78.
[6]
Scott A. Carr and Mathias Payer. 2017. DataShield: Configurable data confidentiality and integrity. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 193–204.
[7]
Ellick M. Chan, Jeffrey C. Carlyle, Francis M. David, Reza Farivar, and Roy H. Campbell. 2008. BootJacker: Compromising computers using forced restarts. In Proceedings of the 15th ACM Conference on Computer and Communications Security. 555–564.
[8]
Hao Cheng, Johann Großschädl, Jiaqi Tian, Peter B. Rønne, and Peter Y. A. Ryan. 2020. High-throughput elliptic curve cryptography using AVX2 vector instructions. In International Conference on Selected Areas in Cryptography. Springer, 698–719.
[9]
Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum. 2004. Understanding data lifetime via whole system simulation. In USENIX Security Symposium. 321–336.
[10]
Patrick Colp, Jiawen Zhang, James Gleeson, Sahil Suneja, Eyal De Lara, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2015. Protecting data on smartphones and tablets from memory attacks. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems. 177–189.
[11]
Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. Cryptology ePrint Archive (2016), 1–118.
[12]
Alan M. Dunn, Michael Z. Lee, Suman Jana, Sangman Kim, Mark Silberstein, Yuanzhong Xu, Vitaly Shmatikov, and Emmett Witchel. 2012. Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. In Operating Systems Design and Implementation. 61–75.
[13]
J. Elbahrawy, J. Lovejoy, A. Ouyang, and J. Perez. 2020. Analysis of Bitcoin improvement proposal 340-Schnorr signatures. (2020).
[14]
Shuqin Fan, Wenbo Wang, and Qingfeng Cheng. 2016. Attacking OpenSSL implementation of ECDSA with a few signatures. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 1505–1515.
[15]
Armando Faz-Hernández, Julio López, and Ricardo Dahab. 2019. High-performance implementation of elliptic curve cryptography using vector instructions. ACM Transactions on Mathematical Software (TOMS) 45, 3 (2019), 1–35.
[16]
Yu Fu, Wei Wang, Lingjia Meng, Qiongxiao Wang, Yuan Zhao, and Jingqiang Lin. 2021. VIRSA: Vectorized in-register RSA computation with memory disclosure resistance. In International Conference on Information and Communications Security, Vol. 12918. Springer, 293–309. DOI:
[17]
Steven D. Galbraith and Pierrick Gaudry. 2016. Recent progress on the elliptic curve discrete logarithm problem. Designs, Codes and Cryptography 78, 1 (2016), 51–72.
[18]
Behrad Garmany and Tilo Müller. 2013. PRIME: Private RSA infrastructure for memory-less encryption. In Proceedings of the 29th Annual Computer Security Applications Conference. 149–158.
[19]
Daniel Gruss, Julian Lettner, Felix Schuster, Olga Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In USENIX Security Symposium. 217–233.
[20]
Le Guan, Jingqiang Lin, Bo Luo, and Jiwu Jing. 2014. Copker: Computing with private keys without RAM. In NDSS. 23–26. DOI:
[21]
Le Guan, Jingqiang Lin, Bo Luo, Jiwu Jing, and Jing Wang. 2015. Protecting private keys against memory disclosure attacks using hardware transactional memory. In 2015 IEEE Symposium on Security and Privacy. IEEE, 3–19. DOI:
[22]
Le Guan, Jingqiang Lin, Ziqiang Ma, Bo Luo, Luning Xia, and Jiwu Jing. 2016. Copker: A cryptographic engine against cold-boot attacks. IEEE Transactions on Dependable and Secure Computing 15, 5 (2016), 742–754. DOI:
[23]
Shay Gueron. 2010. Intel advanced encryption standard (AES) new instructions set. (2010).
[24]
J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. 2009. Lest we remember: Cold-boot attacks on encryption keys. Commun. ACM 52, 5 (2009), 91–98.
[25]
Keith Harrison and Shouhuai Xu. 2007. Protecting cryptographic keys from memory disclosure attacks. In 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’07). IEEE, 137–143. DOI:
[26]
Owen S. Hofmann, Alan M. Dunn, Sangman Kim, Indrajit Roy, and Emmett Witchel. 2011. Ensuring operating system kernel integrity with OSck. ACM SIGARCH Computer Architecture News 39, 1 (2011), 279–290.
[27]
Junhao Huang, Zhe Liu, Zhi Hu, and Johann Großschädl. 2020. Parallel implementation of SM2 elliptic curve cryptography on Intel processors with AVX2. In Australasian Conference on Information Security and Privacy. Springer, 204–224.
[28]
Intel. 2022. Intel 64 and ia-32 architectures software developer’s manual volume 2 (2a, 2b, 2c & 2d): Instruction set reference, a-z. (2022).
[29]
Intel. 2017. SGX SSL. (2017). Retrieved October 28, 2022 from https://github.com/intel/intel-sgx-ssl.
[30]
Fangjie Jiang, Quanwei Cai, Jingqiang Lin, Bo Luo, Le Guan, and Ziqiang Ma. 2019. TF-BIV: Transparent and fine-grained binary integrity verification in the cloud. In Proceedings of the 35th Annual Computer Security Applications Conference. 57–69.
[31]
Xuancheng Jin, Xuangan Xiao, Songlin Jia, Wang Gao, Dawu Gu, Hang Zhang, Siqi Ma, Zhiyun Qian, and Juanru Li. 2022. Annotating, tracking, and protecting cryptographic secrets with CryptoMPK. In IEEE Symposium on Security and Privacy.
[32]
Don Johnson, Alfred Menezes, and Scott Vanstone. 2001. The elliptic curve digital signature algorithm (ECDSA). International Journal of Information Security 1, 1 (2001), 36–63.
[33]
Vasileios P. Kemerlis, Georgios Portokalidis, and Angelos D. Keromytis. 2012. kGuard: Lightweight kernel protection against return-to-user attacks. In USENIX Security Symposium, Vol. 16.
[34]
Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In USENIX Security Symposium. 189–204.
[35]
Neal Koblitz. 1987. Elliptic curve cryptosystems. Math. Comp. 48, 177 (1987), 203–209.
[36]
Congwu Li, Le Guan, Jingqiang Lin, Bo Luo, Quanwei Cai, Jiwu Jing, and Jing Wang. 2019. Mimosa: Protecting private keys against memory disclosure attacks using hardware transactional memory. IEEE Transactions on Dependable and Secure Computing 18, 3 (2019), 1196–1213. DOI:
[37]
Simon Lindenlauf, Hans Höfken, and Marko Schuba. 2015. Cold boot attacks on DDR2 and DDR3 SDRAM. In 2015 10th International Conference on Availability, Reliability and Security. IEEE, 287–292. DOI:
[38]
Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B. Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In 2016 IEEE International Symposium on High Performance Computer Architecture. IEEE, 406–418. DOI:
[39]
Chris Lomont. 2011. Introduction to Intel advanced vector extensions. Intel White Paper 23 (2011), 1–21.
[40]
Victor S. Miller. 1985. Use of elliptic curves in cryptography. In Conference on the Theory and Application of Cryptographic Techniques, Vol. 218. Springer, 417–426.
[41]
Tilo Müller, Andreas Dewald, and Felix C. Freiling. 2010. AESSE: A cold-boot resistant implementation of AES. In Proceedings of the Third European Workshop on System Security. 42–47.
[42]
Tilo Müller, Felix C. Freiling, and Andreas Dewald. 2011. Tresor runs encryption securely outside RAM. In 20th USENIX Security Symposium (USENIX Security 11). USENIX Association, 1–16. https://www.usenix.org/conference/usenix-security-11/tresor-runs-encryption-securely-outside-ram.
[43]
T. Paul Parker and Shouhuai Xu. 2009. A method for safekeeping cryptographic keys from memory disclosure attacks. In International Conference on Trusted Systems. Springer, 39–59.
[44]
Torbjörn Pettersson. 2007. Cryptographic key recovery from Linux memory dumps. Chaos Communication Camp (2007), 1–14.
[45]
OpenSSL Project. 2021. OpenSSL-1.1.1k. (2021). Retrieved October 28, 2022 from https://www.openssl.org.
[46]
Moinuddin K. Qureshi. 2018. CEASER: Mitigating conflict-based cache attacks via encrypted-address and remapping. In 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 775–787. DOI:
[47]
Patrick Simmons. 2011. Security through amnesia: A software-based solution to the cold boot attack on disk encryption. In Proceedings of the 27th Annual Computer Security Applications Conference. 73–82.
[48]
Patrick Stewin. 2013. A primitive for revealing stealthy peripheral-based attacks on the computing platform’s main memory. In Research in Attacks, Intrusions, and Defenses: 16th International Symposium (RAID 2013). Springer, 1–20.
[49]
Patrick Stewin and Iurii Bystrov. 2013. Understanding DMA malware. In Detection of Intrusions and Malware, and Vulnerability Assessment: 9th International Conference. Springer, 21–41.
[50]
Qinhan Tan, Zhihua Zeng, Kai Bu, and Kui Ren. 2020. PhantomCache: Obfuscating cache conflicts with localized randomization. In NDSS.
[51]
Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, efficient in-process isolation with protection keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, 1221–1238. https://www.usenix.org/conference/usenixsecurity19/presentation/vahldiek-oberwagner.
[52]
Wenbo Wang and Shuqin Fan. 2018. Attacking OpenSSL ECDSA with a small amount of side-channel information. Science China Information Sciences 61 (2018), 1–14.
[53]
Wenjie Wang, Wei Wang, Jingqiang Lin, Yu Fu, Lingjia Meng, and Qiongxiao Wang. 2021. SMCOS: Fast and parallel modular multiplication on ARM NEON architecture for ECC. In International Conference on Information Security and Cryptology. Springer, 531–550.
[54]
Yang Yang, Zhi Guan, Zhe Liu, and Zhong Chen. 2014. Protecting elliptic curve cryptography against memory disclosure attacks. In International Conference on Information and Communications Security, Vol. 8958. Springer, 49–60.
[55]
Yuval Yarom and Naomi Benger. 2014. Recovering OpenSSL ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. Cryptology ePrint Archive, Paper 2014/140. (2014). https://eprint.iacr.org/2014/140.
[56]
Yuan Zhao, Jingqiang Lin, Wuqiong Pan, Cong Xue, Fangyu Zheng, and Ziqiang Ma. 2016. RegRSA: Using registers as buffers to resist memory disclosure attacks. In IFIP International Conference on ICT Systems Security and Privacy Protection, Vol. 471. Springer, 293–307.
Index Terms
- RegKey: A Register-based Implementation of ECC Signature Algorithms Against One-shot Memory Disclosure
Recommendations
One Secure Attribute-Based Proxy Signature
Attribute-based cryptography has drawn much attention due to its unique advantages and has gained many achievements over the years. Proxy signature allows that people need to delegate some of their signing rights to a reliable agent (that is, a proxy ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part IDesign a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
VIRSA: Vectorized In-Register RSA Computation with Memory Disclosure Resistance
Information and Communications SecurityAbstractMemory disclosure attacks give adversaries access to sensitive data in memory, posing a serious threat to the security of cryptographic systems. For example, the plain private key in RAM is exposed to the attacker during RSA operation. In this ...
Comments
Information & Contributors
Information
Published In
November 2023
428 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 09 November 2023
Online AM: 15 June 2023
Accepted: 28 May 2023
Revised: 09 April 2023
Received: 23 December 2022
Published in TECS Volume 22, Issue 6
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Key RD Plan of China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 223Total Downloads
- Downloads (Last 12 months)121
- Downloads (Last 6 weeks)9
Reflects downloads up to 23 Dec 2024
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in