Fast hashing on pentium SIMD architecture

The SIMD (single-instruction, multiple-data) architecture is implemented in many popular general-purpose processor families, including Intel Pentium. In this paper, we examine if any performance gains can be obtained in the implementation of the Secure Hash Algorithms (SHA-1, SHA-256, SHA-384, and SHA-512) and present the details of our optimization methods and implementation details. It turns out that while the hashing of a single message is slower, the hashing of 2 or 4 independent message streams can be made signicantly faster

Advances in side-channel cryptanalysis : microarchitectural attacks

Cryptographic devices leak timing and power consumption information that is easily measurable, radiation of various levels, and more. Such devices also have additional inputs, other than plaintext and keys, like voltage, which can be modified to force the device to produce certain faulty outputs that can be used to reveal the secret key. Side-channel cryptanalysis uses the information that leaks through one or more side channels of a cryptographic system to obtain secret information. The initial focus of side-channel research was on smart card security. There are two main reasons why smart cards were the first type of devices that was analyzed extensively from the side-channel point of view. Smart cards store secret values inside the card and they are especially designed to protect and process these secret values. Therefore, there is a serious financial gain involved in cracking smart cards, as well as, analyzing them and developing more secure smart card technologies. The recent promises from Trusted Computing community indicate the security assurance of storing such secret values in PC platforms, c.f. [99]. These promises have made the side-channel analysis of PC platforms as desirable as that of smart cards. The second reason of the high attention to side-channel analysis of smart cards is due to the ease of applying such attacks to them. The measurements of side-channel information on smart cards are almost “noiseless”, which makes such attacks very practical. On the other hand, there are many factors that affect such measurements on real commodity computer systems. These factors create noise, and therefore it is much more difficult to develop and perform successful attacks on such “real” computers within our daily life. Thus, until very recently the vulnerability of systems even running on servers was not “really” considered to be harmful by such side-channel attacks. This was changed with the work of Brumley and Boneh, c.f. [21], who demonstrated a remote timing attack over a local network. Because of the above reasons, we have seen an increased research effort on the security analysis of the daily life PC platforms from the side-channel point of view. Here, it has been especially shown that the functionality of the common components of processor architectures creates an indisputable security risk, c.f. [1, 2, 5, 14, 73, 80], which comes in different forms. In this thesis, we focus on side-channel cryptanalysis of cryptosystems on commodity computer platforms. Especially, we analyze two main CPU components, cache and branch prediction unit, from side-channel point of view. We show that the functionalities of these two components create very serious security risks in software systems, especially in software based cryptosystems

Deconstructing New Cache Designs For Thwarting Software Cachebased Side Channel Attacks

Software cache-based side channel attacks present a serious threat to computer systems. Previously proposed counter-measures were either too costly for practical use or only effective against particular attacks. Thus, a recent work identified cache interferences in general as the root cause and proposed two new cache designs, namely partition-locked cache (PLcache) and random permutation cache (RP-cache), to defeat cache-based side channel attacks by eliminating/obfuscating cache interferences. In this paper, we analyze these new cache designs and identify significant vul-nerabilities and shortcomings of those new cache designs. We also propose possible solutions and improvements over the original new cache designs to overcome the identified shortcomings. Copyright 2008 ACM

Hardware-software integrated approaches to defend against software cache-based side channel attacks

Software cache-based side channel attacks present serious threats to modern computer systems. Using caches as a side channel, these attacks are able to derive secret keys used in cryptographic operations through legitimate activities. Among existing countermeasures, software solutions are typically application specific and incur substantial performance overhead. Recent hardware proposals including the Partition-Locked cache (PLcache) and Random-Permutation cache (RPcache) [23], although very effective in reducing performance overhead while enhancing the security level, may still be vulnerable to advanced cache attacks. In this paper, we propose three hardware-software approaches to defend against software cache-based attacks - they present different tradeoffs between hardware complexity and performance overhead. First, we propose to use preloading to secure the PLcache. Second, we leverage informing loads, which is a lightweight architectural support originally proposed to improve memory performance, to protect the RPcache. Third, we propose novel software permutation to replace the random permutation hardware in the RPcache. This way, regular caches can be protected with hardware support for informing loads. In our experiments, we analyze various processor models for their vulnerability to cache attacks and demonstrate that even to the processor model that is most vulnerable to cache attacks, our proposed software-hardware integrated schemes provide strong security protection. © 2008 IEEE