Skip to main content
SpringerLink
Log in

Evaluation and Mitigation of Timing Side-Channel Leakages on Multiple-Target Dynamic Binary Translators

  • Conference paper
  • First Online:
Book cover High Performance Computing Systems (WSCAD 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1171))

Included in the following conference series:

  • 387 Accesses

Abstract

Timing side-channel attacks are an important issue for cryptographic algorithms. If the execution time of an implementation depends on secret information, an adversary may recover the latter through measuring the former. Different approaches have emerged to exploit information leakage on cryptographic implementations and to protect them against these attacks, and recent works extend the concerns to dynamic execution systems [3, 15, 24]. However, little has been said about Cross-ISA emulation and its impact on timing leakages. In this paper, we investigate the impact of dynamic binary translators in the constant-time property of known cryptographic implementations, using different Region Formation Techniques (RFTs). We show that the emulation may have a significant impact by inserting non constant-time constructions during the translation, leading to significant timing leakages in QEMU and HQEMU emulators. These leakages are then verified using a statistical approach. In order to guarantee the constant-time property, we have implemented a solution in the QEMU dynamic binary translator, mitigating the inserted timing side-channels.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Read timestamp counter (rdtsc).

  2. 2.

    In fact, one of the usual phases of vectorization is the if-conversion pass, the process of converting control-flow dependencies, a conditional branch, to data-flow dependencies, a select.

References

  1. Becker, G., Cooper, J., DeMulder, E., Goodwill, G., et al.: Test vector leakage assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference, p. 13 (2013)

    Google Scholar 

  2. Bellard, F.: QEMU, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track, p. 46 (2005)

    Google Scholar 

  3. Brennan, T., Rosner, N., Bultan, T.: JIT Leaks: inducing timing side channels through just-in-time compilation. Technical report, UC Santa Barbara, Computer Science (2018)

    Google Scholar 

  4. Cauligi, S., et al.: FaCT: a flexible, constant-time programming language. In: 2017 SecDev, pp. 69–76. IEEE (2017)

    Google Scholar 

  5. Chen, J., Venkataramani, G.: An algorithm for detecting contention-based covert timing channels on shared hardware. In: HASP, p. 1. ACM (2014)

    Google Scholar 

  6. Cleemput, J.V., Coppens, B., De Sutter, B.: Compiler mitigations for time attacks on modern x86 processors. TACO 8(4) (2012). Article no: 23

    Article  Google Scholar 

  7. Coppens, B., Verbauwhede, I., De Bosschere, K., De Sutter, B.: Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 45–60. IEEE (2009)

    Google Scholar 

  8. Davis, D., Hazelwood, K.: Improving region selection through loop completion. In: ASPLOS, vol. 4, p. 7-3 (2011)

    Google Scholar 

  9. Duesterwald, E., Bala, V.: Software profiling for hot path prediction: less is more. ACM SIGOPS 34(5), 202–211 (2000)

    Article  Google Scholar 

  10. Gianvecchio, S., Wang, H.: An entropy-based approach to detecting covert timing channels. TDSC 8(6), 785–797 (2011)

    Google Scholar 

  11. Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P., et al.: A testing methodology for side-channel resistance validation. In: NIST Non-Invasive Attack Testing Workshop, vol. 7, pp. 115–136 (2011)

    Google Scholar 

  12. ARM Holdings: ARM mbedTLS

    Google Scholar 

  13. Hong, D.Y., et al.: HQEMU: a multi-threaded and retargetable dynamic binary translator on multicores. In: CGO, pp. 104–113. ACM (2012)

    Google Scholar 

  14. Ireland, D.: BigDigits multiple-precision arithmetic source code (2016)

    Google Scholar 

  15. Renner, J., Cauligi, S., Stefan, D.: Constant-time webassembly (2018)

    Google Scholar 

  16. Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_1

    Chapter  Google Scholar 

  17. Kaufmann, T., Pelletier, H., Vaudenay, S., Villegas, K.: When constant-time source yields variable-time binary: exploiting curve25519-donna built with MSVC 2015. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 573–582. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48965-0_36

    Chapter  Google Scholar 

  18. Napoli, O.O., do Rosario, V.M., Aranha, D.F., Borin, E.: Evaluation of timing side-channel leakage on a multiple-target dynamic binary translator (2018)

    Google Scholar 

  19. Payer, M., Gross, T.R.: Generating low-overhead dynamic binary translators. In: Proceedings of the 3rd Annual Haifa Experimental Systems Conference, p. 22. ACM (2010)

    Google Scholar 

  20. Reparaz, O., Balasch, J., Verbauwhede, I.: Dude, is my code constant time? In: DATE, pp. 1697–1702. IEEE (2017)

    Google Scholar 

  21. Rijmen, V., Bosselaers, A., Barreto, P.: Optimised ANSI C code for the Rijndael cipher (now AES). Public domain software (2000)

    Google Scholar 

  22. Smith, J.E., Nair, R.: Virtual Machines: Versatile Platforms for Systems and Processes. The Morgan Kaufmann Series. Morgan Kaufmann Publishers Inc., San Francisco (2005)

    MATH  Google Scholar 

  23. Standaert, F.X.: How (not) to use Welch’s T-test in side-channel security evaluations. In: IACR, vol. 2017, p. 138 (2017)

    Google Scholar 

  24. Van Cleemput, J., De Sutter, B., De Bosschere, K.: Adaptive compiler strategies for mitigating timing side channel attacks. TDSC 17(1), 35–49 (2017)

    Google Scholar 

  25. Wu, M., Guo, S., Schaumont, P., Wang, C.: Eliminating timing side-channel leaks using program repair. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 15–26. ACM (2018)

    Google Scholar 

Download references

Acknowledgments

We would like to thank CNPq (Grant #: 313012/2017-2), Intel Corporation, and the Sao Paulo Research Foundation, FAPESP (Grants #:2014/50704-7 and 2013/08293-7), for supporting this research.

Author information

Authors and Affiliations

  1. Institute of Computing, University of Campinas (Unicamp), Campinas, Brazil

    Otávio Oliveira Napoli, Vanderson Martins do Rosario, Diego Freitas Aranha & Edson Borin

  2. Department of Engineering, Aarhus University, Aarhus, Denmark

    Diego Freitas Aranha

Authors
  1. Otávio Oliveira Napoli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vanderson Martins do Rosario
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Diego Freitas Aranha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Edson Borin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Otávio Oliveira Napoli .

Editor information

Editors and Affiliations

  1. Mackenzie Presbyterian University, SĂŁo Paulo, Brazil

    Calebe Bianchini

  2. National Laboratory for Scientific Computing, Rio de Janeiro, Brazil

    Carla Osthoff

  3. University of SĂŁo Paulo, SĂŁo Paulo, Brazil

    Paulo Souza

  4. Federal University of Minas Gerais, Belo Horizonte, Brazil

    Renato Ferreira

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Napoli, O.O., do Rosario, V.M., Aranha, D.F., Borin, E. (2020). Evaluation and Mitigation of Timing Side-Channel Leakages on Multiple-Target Dynamic Binary Translators. In: Bianchini, C., Osthoff, C., Souza, P., Ferreira, R. (eds) High Performance Computing Systems. WSCAD 2018. Communications in Computer and Information Science, vol 1171. Springer, Cham. https://doi.org/10.1007/978-3-030-41050-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41050-6_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41049-0

  • Online ISBN: 978-3-030-41050-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation